Debian Patches

Status for open-vm-tools/2:12.2.0-1+deb12u3

Patch Description Author Forwarded Bugs Origin Last update
use-debian-pam =================================================================== no
debian/scsi-udev-rule =================================================================== no
debian/grpc_1.51 =================================================================== no
2023-20867-Remove-some-dead-code.patch [PATCH] Remove some dead code.
Address CVE-2023-20867.
Remove some authentication types which were deprecated long
ago and are no longer in use. These are dead code.		 John Wolfe <jwolfe@vmware.com> no 2023-05-08
CVE-2023-20900.patch [PATCH] Address CVE-2023-20900 John Wolfe <jwolfe@vmware.com> no 2023-08-18
CVE-2023-34059.patch [PATCH] Address CVE-2023-34059
Fix file descriptor vulnerability in the open-vm-tools
vmware-user-suid-wrapper on Linux.
- Moving the privilege drop logic (dropping privilege to the real uid
and gid of the process for the vmusr service) from suidWrapper to
vmtoolsd code.		 John Wolfe <jwolfe@vmware.com> no 2023-10-18
CVE-2023-34058.patch [PATCH] Address CVE-2023-34058 John Wolfe <jwolfe@vmware.com> no 2023-10-18
CVE-2025-22247-1100-1225-VGAuth-updates.patch [PATCH] Validate user names and file paths
Prevent usage of illegal characters in user names and file paths.
Also, disallow unexpected symlinks in file paths.

This patch contains changes to common source files not applicable
to open-vm-tools.

All files being updated should be consider to have the copyright to
be updated to:

* Copyright (c) XXXX-2025 Broadcom. All Rights Reserved.
* The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.

The 2025 Broadcom copyright information update is not part of this
patch set to allow the patch to be easily applied to previous
open-vm-tools source releases.		 John Wolfe <john.wolfe@broadcom.com> no 2025-05-05

All known versions for source package 'open-vm-tools'

Links