-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 05 Apr 2019 23:10:04 +0200 Source: open-vm-tools Binary: open-vm-tools open-vm-tools-desktop open-vm-tools-dev open-vm-tools-dkms Architecture: source amd64 all Version: 2:10.1.5-5055683-4+deb9u2 Distribution: stable Urgency: medium Maintainer: Bernd Zeimetz Changed-By: Bernd Zeimetz Description: open-vm-tools - Open VMware Tools for virtual machines hosted on VMware (CLI) open-vm-tools-desktop - Open VMware Tools for virtual machines hosted on VMware (GUI) open-vm-tools-dev - Open VMware Tools for virtual machines hosted on VMware (developm open-vm-tools-dkms - Open VMware Tools vmxnet kernel module (deprecated) Closes: 925959 Changes: open-vm-tools (2:10.1.5-5055683-4+deb9u2) stable; urgency=medium . * [34db05f] /tmp/VMwareDnD permissions security fix. Fix possible security issue with the permissions of the intermediate staging directory and path /tmp/VMwareDnD is a staging directory used for DnD and CnP. It should be a regular directory, but malicious code or user may create the /tmp/VMwareDnD as a symbolic link which points elsewhere on the system. This may provide user access to user B's files. Do not set the permission of the root directory if the root directory already exists and has the wrong permission. The permission of the directory must be 1777 if it is created by the VMToolsi. If not, then the directory has been created or modified by malicious code or user, so just cancel the host to guest DnD or CnP operation. (Closes: #925959) Checksums-Sha1: f039ecbd4325602ce65b0b14adbf5c00ed77d077 2530 open-vm-tools_10.1.5-5055683-4+deb9u2.dsc 97429807b7b4aa13c26d6441d3492e5d50f5297a 29784 open-vm-tools_10.1.5-5055683-4+deb9u2.debian.tar.xz cabeb506a8b900634dd3e9ff625268ada1643bdc 2000498 open-vm-tools-dbgsym_10.1.5-5055683-4+deb9u2_amd64.deb 15338555e7c231ca9a0317d393b951080b3ae9fc 197214 open-vm-tools-desktop-dbgsym_10.1.5-5055683-4+deb9u2_amd64.deb e18ddd2d3c5cc25bc01ba042466355ecede525b3 166934 open-vm-tools-desktop_10.1.5-5055683-4+deb9u2_amd64.deb 0fa37ceeab640881d8ea4828c51f43aaf7b8bb46 499792 open-vm-tools-dev_10.1.5-5055683-4+deb9u2_amd64.deb fa5ad7d0f9ab80070b9cd75135de6ebb433a385d 418742 open-vm-tools-dkms_10.1.5-5055683-4+deb9u2_all.deb 9573f6100a655b27efd9a2a1a7f906a09bc79681 14260 open-vm-tools_10.1.5-5055683-4+deb9u2_amd64.buildinfo fb32480a940a0fa36eed0ffbd62424640b06700a 562108 open-vm-tools_10.1.5-5055683-4+deb9u2_amd64.deb Checksums-Sha256: 9523c71ba42d3b093123d53c41015ecc1bbd6a43b610cbfee581a5e9e3fb0dbd 2530 open-vm-tools_10.1.5-5055683-4+deb9u2.dsc 0cd97c8ea497544929d7c33aaa0feb5b47953647865a89256f4657f71c54d83a 29784 open-vm-tools_10.1.5-5055683-4+deb9u2.debian.tar.xz 8d538684a7b8e5345fe31e83c8c1a9fd33c864b4311059ec51da96cfe2e951f6 2000498 open-vm-tools-dbgsym_10.1.5-5055683-4+deb9u2_amd64.deb 6e83eb60c4cd151086798cdc657f035c34bc4851e1bd6a8321057b5df01fabac 197214 open-vm-tools-desktop-dbgsym_10.1.5-5055683-4+deb9u2_amd64.deb 218f3e5c41e1de44d00925a255f2e962a2fed651523fa100abc774f2a2b91e15 166934 open-vm-tools-desktop_10.1.5-5055683-4+deb9u2_amd64.deb 1f2bc928c31cd54059b40ddfb0dd038c5758b0685455ba5561d1154985b19e51 499792 open-vm-tools-dev_10.1.5-5055683-4+deb9u2_amd64.deb 1e7a45c5de0bcd541b25a66aab3b8ca457e55c5c81427666eb0118274c6b5f55 418742 open-vm-tools-dkms_10.1.5-5055683-4+deb9u2_all.deb 719c24b16a286229215e356bcd88a5eae066f19f1335aec0ffb2386742604239 14260 open-vm-tools_10.1.5-5055683-4+deb9u2_amd64.buildinfo c3281dab460ead3f6d8509e08a461e58fd554c96ab7690c7fac5bf025d01c69a 562108 open-vm-tools_10.1.5-5055683-4+deb9u2_amd64.deb Files: f9406f802453afb43b912bf87a5581dc 2530 admin extra open-vm-tools_10.1.5-5055683-4+deb9u2.dsc 4c98bb0db81c5288648caf73e0f4f5e4 29784 admin extra open-vm-tools_10.1.5-5055683-4+deb9u2.debian.tar.xz a0a3f5f0ad1dbe98d2bc2b9094f997ca 2000498 debug extra open-vm-tools-dbgsym_10.1.5-5055683-4+deb9u2_amd64.deb 5b30fdb0974a119a942f97570e39763b 197214 debug extra open-vm-tools-desktop-dbgsym_10.1.5-5055683-4+deb9u2_amd64.deb 4b03003550b25a867453d9d54b72e97e 166934 admin extra open-vm-tools-desktop_10.1.5-5055683-4+deb9u2_amd64.deb 561cc7b651dbf704c325018b6a88431c 499792 devel extra open-vm-tools-dev_10.1.5-5055683-4+deb9u2_amd64.deb 8411308d99be8bf439ccab31b62bcc3f 418742 kernel extra open-vm-tools-dkms_10.1.5-5055683-4+deb9u2_all.deb 597901fdff51edb2adf2cff24486fa01 14260 admin extra open-vm-tools_10.1.5-5055683-4+deb9u2_amd64.buildinfo e6ff57b90908aa8fed0dbf88c0df380e 562108 admin extra open-vm-tools_10.1.5-5055683-4+deb9u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE7KHj8o4RJDLUhd2V6zYXGm/5Q18FAlzpGJQACgkQ6zYXGm/5 Q18eyhAAgTjHXdCAaqJ4e6OKyMJJVs/oiGxexvEv4l54nC4+oLKPO1kgArE/rGzH 1P/kiCeUcuo3FzS3MJ2G0YWiWawNGAkJDLNiaPa8ZuSjiWj0Yx23QiIO3wUunFnD vxOsPcQz6tRHnsJWmMnJ4aGYGJQ7d24+EvPgUJflYL+Hhm4TFlpzs6R3vTtCTR++ feIhcdFMImMqv4feWBP2pLjWoyFqaNplxN6OqmvKGoDvjpwJ0RLc6kR0UV+uZziH g1RUFFhEgLB7coAkJn2UmdyLqZLVMnniFia+wzCrNwuM1sQihMXLV81rzLO7rBlq 93qtXj6PRleFnrxZg4/iCdHRf40/zsU+vAz9AZfV/7ljtVTk+FUsKtSPtcTrCBdB +md1Zd6y4gy7XtSQ6xvBTpt8rtWgbpVEkp286H8BeV2/QOAkjCLsd2XTFlWA0kjp IMYflLWI88rm++h/rdVlK6x8938k45j/8JYk87Fzr3J6r94iOpGpfOGD8nvRb35H MCjBuKc/evTBM4CogrgEwNOQmnbfk8vw/OvHBO2FmmOzEg6R+iqR7QZuYtExL8oy Z7pkaq2OKcrJUGSdr2/Sag5Ft/40JfV9eq1kcxt94R5TMKaf1SiDnl4WpaeCl56h M/iJtqUIFDkJ+DoqI/2x6ikze8FYkEMNwc8lXtOITVSSYtSGbq8= =d6LX -----END PGP SIGNATURE-----