group.of.nepali.translators team mailing list archive

[Christian Ehrhardt  <1822204@xxxxxxxxxxxxxxxxxx>]

Reviewing the changelog after talking to Bernd (thanks) I realized that
there are security critical issues in there.

There is a security fix in it "Among others Fix possible security issue with the permissions of the intermediate staging directory and path"
[1]

But there are some further really bad things fixed like:
5f3f6ccd Fix NULL pointer dereference and remove three lines of dead code.

Since we are in Freeze but for critical cases can still reconsider it I'd want to do the following:
1. subscribe the release team and ping them if this could be synced into Disco still
   Actually i'll trigger the sync right away so it shows up as -unapproved as well.
2. subscribe -security to evaluate the severity of the issue to decide if we can wait for 
   older releases for the next regular backport (planned towards the end of 19.10) or if we 
   need/want to immediately work on those
   - subscribe security team

[1]: https://github.com/vmware/open-vm-
tools/commit/e88f91b00a715b79255de6576506d80ecfdb064c

** Also affects: open-vm-tools (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: open-vm-tools (Ubuntu Cosmic)
   Importance: Undecided
       Status: New

** Also affects: open-vm-tools (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Changed in: open-vm-tools (Ubuntu Xenial)
     Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)

** Changed in: open-vm-tools (Ubuntu Bionic)
     Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)

** Changed in: open-vm-tools (Ubuntu Cosmic)
     Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)

** Changed in: open-vm-tools (Ubuntu)
   Importance: Undecided => Critical

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1822204

Title:
  open-vm-tools 10.3.10 released

Status in open-vm-tools package in Ubuntu:
  Triaged
Status in open-vm-tools source package in Xenial:
  New
Status in open-vm-tools source package in Bionic:
  New
Status in open-vm-tools source package in Cosmic:
  New
Status in open-vm-tools package in Debian:
  Unknown

Bug description:
  We have released open-vm-tools 10.3.10.

  open-vm-tools 10.3.10 is available for download from GitHub:

  https://github.com/vmware/open-vm-tools/tree/stable-10.3.10

  For more details and changes, please refer to the release notes at

  https://github.com/vmware/open-vm-
  tools/blob/stable-10.3.10/ReleaseNotes.md

  or the ChangeLog at:

  https://github.com/vmware/open-vm-tools/blob/stable-10.3.10/open-vm-
  tools/ChangeLog

  
  Also filed at Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925940

  Oliver

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/open-vm-tools/+bug/1822204/+subscriptions