-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 25 Feb 2024 15:10:01 +0100
Source: openvswitch
Architecture: source
Version: 2.15.0+ds1-2+deb11u5
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 1063492
Changes:
 openvswitch (2.15.0+ds1-2+deb11u5) bullseye-security; urgency=medium
 .
   * CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor
     Advertisement packets between virtual machines to bypass OpenFlow rules.
     This issue may allow a local attacker to create specially crafted packets
     with a modified or spoofed target IP address field that can redirect ICMPv6
     traffic to arbitrary IP addresses. Added upstream patch: "Fix missing masks
     on a final stage with ports trie".
     Added additional patches that the LTS team added to fix this:
     - Cherry-pick additional patch adjust-segment-boundary.patch
       to fix test suite for the patch for this CVE.
     - Cherry-pick fix-testcase-ipv6-ND-dependency.patch to fix
       new test ipv6-ND-dependency (added by the previous patch)
   * CVE-2023-3966: Invalid memory access in Geneve with HW offload. Add
     upstream patches (Closes: #1063492):
     - Fix the mask for tunnel metadata length
     - Check geneve metadata length
   * CVE-2024-22563: openvswitch 2.17.8 was discovered to contain a memory leak
     via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. Add upstream
     patch "Fix memory leak in ovs_pcap_open".
   * Blacklist unittest 21 - bpf decay, which isn't deterministic.
Checksums-Sha1:
 34a5b7218e922964b920af975a337efb793ee21d 3180 openvswitch_2.15.0+ds1-2+deb11u5.dsc
 cd73853ac6af987b904ca311890f35ce7b139c0e 67576 openvswitch_2.15.0+ds1-2+deb11u5.debian.tar.xz
 576f90d4b59173ae9e80e4dee18d8fcd3ebade48 22311 openvswitch_2.15.0+ds1-2+deb11u5_amd64.buildinfo
Checksums-Sha256:
 a7a45a50decb56523b01dd2bf16aea6ccd31ae2ad83a69811e348a5882627a0d 3180 openvswitch_2.15.0+ds1-2+deb11u5.dsc
 050d4030ad4f8de076e0810e7f177cb23beda7723d5d03bbb268c4fa58e220d2 67576 openvswitch_2.15.0+ds1-2+deb11u5.debian.tar.xz
 0c871396dafa96799ad4a1dc5272b9c1fc56bdba95203514603d959d047f8c15 22311 openvswitch_2.15.0+ds1-2+deb11u5_amd64.buildinfo
Files:
 50af790b543a56acdc0c632255f0b0d3 3180 net optional openvswitch_2.15.0+ds1-2+deb11u5.dsc
 cc3184ba4f964515bc71bd2ec593dfe2 67576 net optional openvswitch_2.15.0+ds1-2+deb11u5.debian.tar.xz
 d8d9f497d90510f16b527c0bd5d38f84 22311 net optional openvswitch_2.15.0+ds1-2+deb11u5_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmXxvHEACgkQ1BatFaxr
Q/4Yhg//Uo8Bmaa+39C/8zgTfxEBd1/pkEMMwQRKSrEgPk+hF2uMm4p0hkKu2UPs
iJT6T1nuOG1IUEaR104bUI5QIMcm4xAcrB9IEMmW0tc2cFXZHu33TI61M8djAGjL
NDRTLdsLWg231sZK1A0yN2NH/QfVFFJ5Daobyv4f7iVIQxasCPO0EdjSAAZNAkoR
xURlehbuR/vG+hs3NxqsobOfLXKp7E363WEVP/SfegP4aQuSbkAUJp6Iw30/380P
okmvVHHVRDblMsZzzQtbo9mn+tfSszKed1lxyMc0LpONmKjPHLz0hnOhnWC5SJGK
PenAnRasuNkpLVGr7mvtS5DH5BKMaA4z8Ta/V56mKOQ93HyxY6AozAvgIDyn2xcS
1IIRZfbGoyF6emv4DxWcYI8i+g+0eDHgUfHuB5TFjKDCx/4/adGw2HDoOZBqj+PV
ZjQvfJ89ygO5wHJK65jBKZDYtnrcHhkdIRsAS8VCm5IpqswnCX7AFN67NrVxvaIu
8bFpK42CFIjgrI6TYzbn55868hqco94ApvwKHEqYY366JenQ+wK4S3ukEnqYN0My
64ISOqCrwptUCyt/RFmkTwUYvqUzJt6sBeztm8lXsTI2F58I0ibOS+A2CvnIBZzE
DmtqNjxir0Ttbg9GDnXSl/ROE2lXe6YNsY1dHPAjlBbwn4rRlak=
=e4+J
-----END PGP SIGNATURE-----