[Git][security-tracker-team/security-tracker][master] Reserve DLA-4316-1 for open-vm-tools

[Thorsten Alteholz (@alteholz)]

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7abe5611 by Thorsten Alteholz at 2025-09-30T19:28:12+02:00
Reserve DLA-4316-1 for open-vm-tools

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -313,7 +313,6 @@ CVE-2025-41244 (VMware Aria Operations and VMware Tools contain a local privileg
 	- open-vm-tools <unfixed>
 	[trixie] - open-vm-tools <no-dsa> (Will be fixed via point release)
 	[bookworm] - open-vm-tools <no-dsa> (Will be fixed via point release)
-	[bullseye] - open-vm-tools <postponed> (local user exploit; need access to hypervisor)
 	NOTE: https://github.com/vmware/open-vm-tools/tree/CVE-2025-41244.patch
 	NOTE: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149
 CVE-2025-9904 (Unallocated memory access vulnerability in print processing of Generic ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Sep 2025] DLA-4316-1 open-vm-tools - security update
+	{CVE-2025-41244}
+	[bullseye] - open-vm-tools 2:11.2.5-2+deb11u5
 [30 Sep 2025] DLA-4315-1 tiff - security update
 	{CVE-2024-13978 CVE-2025-9900}
 	[bullseye] - tiff 4.2.0-1+deb11u7



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7abe561175d0ef21a4cd2a9b9afb7bb6b48676f5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7abe561175d0ef21a4cd2a9b9afb7bb6b48676f5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250930/64730363/attachment.htm>