-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 05 Apr 2019 23:10:04 +0200 Source: open-vm-tools Binary: open-vm-tools open-vm-tools-desktop open-vm-tools-dev open-vm-tools-dkms Architecture: i386 Version: 2:10.1.5-5055683-4+deb9u2 Distribution: stretch Urgency: medium Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Bernd Zeimetz Description: open-vm-tools - Open VMware Tools for virtual machines hosted on VMware (CLI) open-vm-tools-desktop - Open VMware Tools for virtual machines hosted on VMware (GUI) open-vm-tools-dev - Open VMware Tools for virtual machines hosted on VMware (developm open-vm-tools-dkms - Open VMware Tools vmxnet kernel module (deprecated) Closes: 925959 Changes: open-vm-tools (2:10.1.5-5055683-4+deb9u2) stable; urgency=medium . * [34db05f] /tmp/VMwareDnD permissions security fix. Fix possible security issue with the permissions of the intermediate staging directory and path /tmp/VMwareDnD is a staging directory used for DnD and CnP. It should be a regular directory, but malicious code or user may create the /tmp/VMwareDnD as a symbolic link which points elsewhere on the system. This may provide user access to user B's files. Do not set the permission of the root directory if the root directory already exists and has the wrong permission. The permission of the directory must be 1777 if it is created by the VMToolsi. If not, then the directory has been created or modified by malicious code or user, so just cancel the host to guest DnD or CnP operation. (Closes: #925959) Checksums-Sha1: ad0cf48c69eb6c9b5d11d3235f535d6b440e89cb 1780540 open-vm-tools-dbgsym_10.1.5-5055683-4+deb9u2_i386.deb 74e097cf469b765016e717a77e57a0d5bdbf40ee 184530 open-vm-tools-desktop-dbgsym_10.1.5-5055683-4+deb9u2_i386.deb 789c45432bd770b08923c6e4906cc7abe62d2098 182478 open-vm-tools-desktop_10.1.5-5055683-4+deb9u2_i386.deb ead3bbde849940c28d9c49a48372831b3fe34b46 537978 open-vm-tools-dev_10.1.5-5055683-4+deb9u2_i386.deb c0f445924c99d6183c4908e3f48c2e17112c6655 13600 open-vm-tools_10.1.5-5055683-4+deb9u2_i386.buildinfo 70b96c0a19c9ae92055d9eec275a756fdab11f42 608972 open-vm-tools_10.1.5-5055683-4+deb9u2_i386.deb Checksums-Sha256: b84aeea767fd7d8225d1a24f54c25587e903a0ab6f159296e3da8ded305c01b2 1780540 open-vm-tools-dbgsym_10.1.5-5055683-4+deb9u2_i386.deb 1e55b8fa03b58882a182c7d0bc25ddac012ac517676458bdf946cbbaa4ea55be 184530 open-vm-tools-desktop-dbgsym_10.1.5-5055683-4+deb9u2_i386.deb 6aa9fffae8cb9da6cf27da911057d40c621bd850f92b95ccd35155c1f05466b6 182478 open-vm-tools-desktop_10.1.5-5055683-4+deb9u2_i386.deb dedbd170da4d7728b4dbf3a6aa3955173eeb932dbe8aa68866efbb9228d9480f 537978 open-vm-tools-dev_10.1.5-5055683-4+deb9u2_i386.deb cc6b9cfbf059f6dd56dc791cd7723393385e729ef82129dbf40c843f09b22d8d 13600 open-vm-tools_10.1.5-5055683-4+deb9u2_i386.buildinfo dc557f91b7c8ffb1318d26dc9c4caad4fc48728282dc4eca8d0b87f5db1bfd3f 608972 open-vm-tools_10.1.5-5055683-4+deb9u2_i386.deb Files: 41e4ff3712712c250a90d9d41c99d31a 1780540 debug extra open-vm-tools-dbgsym_10.1.5-5055683-4+deb9u2_i386.deb 1a173fe1e11eee259ad9246108210620 184530 debug extra open-vm-tools-desktop-dbgsym_10.1.5-5055683-4+deb9u2_i386.deb 0602cbd1c651996492197d42bb638bed 182478 admin extra open-vm-tools-desktop_10.1.5-5055683-4+deb9u2_i386.deb a10a761286ea013ae2cb9200fc11b336 537978 devel extra open-vm-tools-dev_10.1.5-5055683-4+deb9u2_i386.deb 742aba3a115097629060378948b500ec 13600 admin extra open-vm-tools_10.1.5-5055683-4+deb9u2_i386.buildinfo e0e940192b66fadd176bf1b358a8f029 608972 admin extra open-vm-tools_10.1.5-5055683-4+deb9u2_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE56RkdImmGnu/qTMEtnmMmMOJfQ0FAlz1Nq4ACgkQtnmMmMOJ fQ2EXg//elo86sbzp433GtFy21SE3RtQb/oIjNu+4PiIT2FPHljp81UqFBaVjitr uDd4WvN913wKhGJ6i1DG83nN1pdd6SUKYgu0Be1LBqdKjhomp3lo4zs7HsDzeDRu E3ZGTJ4wT+j6hKOMXl96+MPqsMLyyjbpwgjwtEM7+Mni3wH9MxlxyspiXD5N5SPp Sw+dY0/2SL/vIOs1SRv0Dkfu/02bPibZZXDVo2N3FeQEc5+TAd0oRWyTlD4rNMr1 V7WDUkedGO9eVE2Q635ed06u+qA+ro96F866OI+mgLE0/PRKBdgvxUMGoXt0jzRy O23AckTD0kiY4v+sCRtqw7IVBmhKntxjeJ/MBQsboCX6MuAbiKtFCCJUMKyRBE9w T/bFCT2/VlsFVsqx86j9cNLgM5kuYy/ntpaXH9/KNfNoT/lg6NU1GfDgH7+bCr2/ 30/CgRP9dv7U80xRyagVKhd1YR3QHCkFhqXYZ0cGrw4lI90XiDLGmhJN0xvvCnzP gmgzKQDIGb+8Oisll6A68fglvD9vdd69uyPJMOvbcrGqonPzjhvL0hftuRIT7Ss+ ZvaDD5Ke8OmCyDjYvQfMlK5/DD+C12iZhp3TQjZSf3P5rjpyMHe36Ko/29sm3Gpb QVV/BGgzYYEN8GOy0NFMZjD8PLDM3JLSLwsXDH15HeL1bscNNrI= =qF9T -----END PGP SIGNATURE-----