Hi security team, I'm preparing security uploads for bookworm-security and buster-security for
CVE-2023-20900[0]: | VMware Tools contains a SAML token signature bypass vulnerability. A | malicious actor with man-in-the-middle (MITM) network positioning | between vCenter server and the virtual machine may be able to bypass | SAML token signature verification, to perform VMware Tools Guest | Operations.
any objections against fixing CVE-2023-20867 at the same time? Its a minor issue so we did not fix it, but I think it doesn't hurt to include it in stable/oldstable uploads while we are at it. Current (untested) diff would be: https://salsa.debian.org/vmware-packaging-team/pkg-open-vm-tools/-/commit/3812674370c07c708744c0d1d497583dffa3d665 Thanks, Bernd -- Bernd Zeimetz Debian GNU/Linux Developer http://bzed.de http://www.debian.org GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F
