-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 25 Feb 2024 15:10:01 +0100
Source: openvswitch
Binary: openvswitch-common openvswitch-dbg openvswitch-dev openvswitch-ipsec openvswitch-switch openvswitch-testcontroller openvswitch-vtep
Architecture: armhf
Version: 2.15.0+ds1-2+deb11u5
Distribution: bullseye-security
Urgency: medium
Maintainer: arm Build Daemon (arm-conova-01) <buildd_arm64-arm-conova-01@buildd.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
 openvswitch-common - Open vSwitch common components
 openvswitch-dbg - Debug symbols for Open vSwitch packages
 openvswitch-dev - Open vSwitch development package
 openvswitch-ipsec - Open vSwitch IPsec tunneling support
 openvswitch-switch - Open vSwitch switch implementations
 openvswitch-testcontroller - Simple controller for testing OpenFlow setups
 openvswitch-vtep - Open vSwitch VTEP utilities
Closes: 1063492
Changes:
 openvswitch (2.15.0+ds1-2+deb11u5) bullseye-security; urgency=medium
 .
   * CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor
     Advertisement packets between virtual machines to bypass OpenFlow rules.
     This issue may allow a local attacker to create specially crafted packets
     with a modified or spoofed target IP address field that can redirect ICMPv6
     traffic to arbitrary IP addresses. Added upstream patch: "Fix missing masks
     on a final stage with ports trie".
     Added additional patches that the LTS team added to fix this:
     - Cherry-pick additional patch adjust-segment-boundary.patch
       to fix test suite for the patch for this CVE.
     - Cherry-pick fix-testcase-ipv6-ND-dependency.patch to fix
       new test ipv6-ND-dependency (added by the previous patch)
   * CVE-2023-3966: Invalid memory access in Geneve with HW offload. Add
     upstream patches (Closes: #1063492):
     - Fix the mask for tunnel metadata length
     - Check geneve metadata length
   * CVE-2024-22563: openvswitch 2.17.8 was discovered to contain a memory leak
     via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. Add upstream
     patch "Fix memory leak in ovs_pcap_open".
   * Blacklist unittest 21 - bpf decay, which isn't deterministic.
Checksums-Sha1:
 5ee5f5d744753c24c4081418e89b83666544bc9e 1597300 openvswitch-common_2.15.0+ds1-2+deb11u5_armhf.deb
 8031019ba27a545824fec897c32c403aee858dca 5150992 openvswitch-dbg_2.15.0+ds1-2+deb11u5_armhf.deb
 a582a4d756351be73bd63f8ac2987c66acd65492 1351372 openvswitch-dev_2.15.0+ds1-2+deb11u5_armhf.deb
 9e8e335bebd89a0b85102af98d32b0958e63312f 40792 openvswitch-ipsec_2.15.0+ds1-2+deb11u5_armhf.deb
 79844b33c7394d998b051e47bc073588d033eea9 55408 openvswitch-switch_2.15.0+ds1-2+deb11u5_armhf.deb
 9c1bdebdbe9e7ed8753f47586255ab4094e93b83 42620 openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_armhf.deb
 9b7a369a54e72aced5d63a4c92ba69b65e25b438 41088 openvswitch-vtep_2.15.0+ds1-2+deb11u5_armhf.deb
 7fb5fc33c6c0889a530a86bb21202e3c6a89d7b8 11739 openvswitch_2.15.0+ds1-2+deb11u5_armhf-buildd.buildinfo
Checksums-Sha256:
 d5a9bfadc00806b4c4835e116e40adcc86357884b0a8630db7aa80b320d2566c 1597300 openvswitch-common_2.15.0+ds1-2+deb11u5_armhf.deb
 c860a5521bb8803d48ac118f885467085d6621236f5780515551104d972a2d2e 5150992 openvswitch-dbg_2.15.0+ds1-2+deb11u5_armhf.deb
 7ac2b03f466e3a812f4fd0d5033d8914ecc37f1110383cdd771b2af5bd7fa0fd 1351372 openvswitch-dev_2.15.0+ds1-2+deb11u5_armhf.deb
 fcc5e8f85f058c6f6aeb563c037e2425617f2cb3f497d37e20b6c2aaa3a1a937 40792 openvswitch-ipsec_2.15.0+ds1-2+deb11u5_armhf.deb
 ef58c7c024287736bd28a35ce82d1a443c079ad8eccc39871eee0e3b84fe79be 55408 openvswitch-switch_2.15.0+ds1-2+deb11u5_armhf.deb
 ab4c77fa48a0546508b7cbdde9bdfa92c507812058e89cbde96cdb04fbb83998 42620 openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_armhf.deb
 17360cb32d1af39520ef18cc1bb893f3163387278f0cfb69dc0a7f351835d364 41088 openvswitch-vtep_2.15.0+ds1-2+deb11u5_armhf.deb
 0179596b7ec201833b2b30a8d25bb61f0859588f636678ccc3c16a751b9930c3 11739 openvswitch_2.15.0+ds1-2+deb11u5_armhf-buildd.buildinfo
Files:
 61e092fba78338a81a4408e40304d065 1597300 net optional openvswitch-common_2.15.0+ds1-2+deb11u5_armhf.deb
 1037464ee9b232ae4ef2e7512f4e2788 5150992 debug optional openvswitch-dbg_2.15.0+ds1-2+deb11u5_armhf.deb
 f6f48265b6a0965726a155858e28744b 1351372 net optional openvswitch-dev_2.15.0+ds1-2+deb11u5_armhf.deb
 15f525a761209606360002db6dbb94c8 40792 net optional openvswitch-ipsec_2.15.0+ds1-2+deb11u5_armhf.deb
 3cad68daa1012bb027308f6c437555d7 55408 net optional openvswitch-switch_2.15.0+ds1-2+deb11u5_armhf.deb
 e73f9136946193f78d39506fd0715da8 42620 net optional openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_armhf.deb
 25f6d37c60da2a4bc6d8c5a10e001096 41088 net optional openvswitch-vtep_2.15.0+ds1-2+deb11u5_armhf.deb
 d07f2af651a29e59f58d5bca6d56bbd4 11739 net optional openvswitch_2.15.0+ds1-2+deb11u5_armhf-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEw2TRpv7HYIvK+TsIbEMdCP/rlD8FAmXxyFMACgkQbEMdCP/r
lD9XnQ//TkQXCAE5n2ghK4x70v3O1TxnQC9FNHsy1nqCbIIt61a88eYLZP4zSdvZ
4Zm7X+GkEl4CL78HngzSkCjScQMU/CtdNZECTnUVErOMHcd/O0vW5TDfRJXz/Ws8
Sb+qxIEHtlhvhM1+VLuv+Fa9ItHaSvRj4JWGKU11N/VrwA6aiSqRUzDUuXYtIZcj
xqkkK4UrSAIct6PRMZNKq87vHcbGTmwic6Pdv2y+/IDPxaW+hwGC6NEecoddJrQg
kGu1Bb5CCe/hUWjmeJs18KwihijMNeV9+nPTMI9vEb1TuvLwZ2phhdS0nacDomsW
z4f+csiHnMfVI02tUKHKV6AtiC2s4ZF/SL0b9ZiWRtan39f2+Np747ztUkm6eR4k
vr42Fbv/hFGp77znfhiJdc3xRfQtb0nBo64Hv3b+M9S0G+LgVXWA1+xI/AHgOGIf
gMj3sJhoJUgSVlDwLEvLHQ2Ve4EEJpq8nLvHG0aN/hp4ZDuFVIbyQmHGEcL91B5Z
Dj6DPGJgVUV1hGzwZsgWCJqfeNiPJdXpO6HTBWOiJQzbazzhD/ePuqCLaP4ydxUg
y8UPQZxUNhGBi/ic50l7Ab/XY1I0KUMlHpdVk3dwtdmMnRZhiCyuVKHZinacQ7wd
eLJbkRmgsKxUc5d4fEa7Ou/xjVsY21++OuGhN7GURd1k6YtpS3Y=
=ZufL
-----END PGP SIGNATURE-----