[Git][security-tracker-team/security-tracker][master] new open-vm-tools issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5b859360 by Moritz Muehlenhoff at 2022-08-24T08:44:18+02:00
new open-vm-tools issue

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -18361,6 +18361,9 @@ CVE-2022-31677
 	RESERVED
 CVE-2022-31676
 	RESERVED
+	- open-vm-tools <unfixed>
+	NOTE: https://github.com/vmware/open-vm-tools/blob/CVE-2022-31676.patch/1205-Properly-check-authorization-on-incoming-guestOps-re.patch
+	NOTE: https://www.vmware.com/security/advisories/VMSA-2022-0024.html
 CVE-2022-31675 (VMware vRealize Operations contains an authentication bypass vulnerabi ...)
 	NOT-FOR-US: VMware
 CVE-2022-31674 (VMware vRealize Operations contains an information disclosure vulnerab ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -35,6 +35,8 @@ netatalk
 --
 nodejs
 --
+open-vm-tools
+--
 php-horde-mime-viewer
 --
 php-horde-turba



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b8593603a7f6e97acbe60a3e9d3f54277358a7e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b8593603a7f6e97acbe60a3e9d3f54277358a7e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220824/98f68f90/attachment-0001.htm>