-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 25 Feb 2024 15:10:01 +0100
Source: openvswitch
Binary: openvswitch-pki python3-openvswitch
Architecture: all
Version: 2.15.0+ds1-2+deb11u5
Distribution: bullseye-security
Urgency: medium
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
 openvswitch-pki - Open vSwitch public key infrastructure dependency package
 python3-openvswitch - Python 3 bindings for Open vSwitch
Closes: 1063492
Changes:
 openvswitch (2.15.0+ds1-2+deb11u5) bullseye-security; urgency=medium
 .
   * CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor
     Advertisement packets between virtual machines to bypass OpenFlow rules.
     This issue may allow a local attacker to create specially crafted packets
     with a modified or spoofed target IP address field that can redirect ICMPv6
     traffic to arbitrary IP addresses. Added upstream patch: "Fix missing masks
     on a final stage with ports trie".
     Added additional patches that the LTS team added to fix this:
     - Cherry-pick additional patch adjust-segment-boundary.patch
       to fix test suite for the patch for this CVE.
     - Cherry-pick fix-testcase-ipv6-ND-dependency.patch to fix
       new test ipv6-ND-dependency (added by the previous patch)
   * CVE-2023-3966: Invalid memory access in Geneve with HW offload. Add
     upstream patches (Closes: #1063492):
     - Fix the mask for tunnel metadata length
     - Check geneve metadata length
   * CVE-2024-22563: openvswitch 2.17.8 was discovered to contain a memory leak
     via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. Add upstream
     patch "Fix memory leak in ovs_pcap_open".
   * Blacklist unittest 21 - bpf decay, which isn't deterministic.
Checksums-Sha1:
 dd6e6fc0ce76a7763d979b32013ffbce8c3762f3 39316 openvswitch-pki_2.15.0+ds1-2+deb11u5_all.deb
 8dfa08c9848789dcb9d5ec038337c8560b1450e7 19191 openvswitch_2.15.0+ds1-2+deb11u5_all-buildd.buildinfo
 421891e106cbe162c5003a12987ff75a4b0d69d8 128508 python3-openvswitch_2.15.0+ds1-2+deb11u5_all.deb
Checksums-Sha256:
 2e3fd53bc1ecd5afee9fc42655bda7aee15ad784dd123bedc8c460ac9cadbd77 39316 openvswitch-pki_2.15.0+ds1-2+deb11u5_all.deb
 7d9040b81ce6a08cb306866ea25ba62679a1b9c2d8687a82e39f55cb7cc74b27 19191 openvswitch_2.15.0+ds1-2+deb11u5_all-buildd.buildinfo
 f87d837339d95be777d6055c82850af8a52f1f23152210d1c6dd5ed24c6bad8b 128508 python3-openvswitch_2.15.0+ds1-2+deb11u5_all.deb
Files:
 b52918c363811c86d2e55d00d2ca4eea 39316 net optional openvswitch-pki_2.15.0+ds1-2+deb11u5_all.deb
 949cef2d1e29d7e33928e029aaa97857 19191 net optional openvswitch_2.15.0+ds1-2+deb11u5_all-buildd.buildinfo
 38c8e619c379a81c359b6d07254208a3 128508 python optional python3-openvswitch_2.15.0+ds1-2+deb11u5_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEzW1K1578DQd6MDTQEbLkkg2OS0oFAmXxyF8ACgkQEbLkkg2O
S0rfkQ//aoNVlWgYCjQs2gRGDkygwcFtL4U4HwYBO8da3A/gwcl/oIiOd2pTFmiT
OP1qYScEt8HUf2Wh+JlFXXHx8+gTpzpWXxQcK/ZEq1WVwqk0Fsqk0cs6TJWX2B9b
9bzkIxmDOBdrPUkFPUA6AkGjNX/ViecoaJb+8SvUsnE2ZOOdOmGkmJDEgR5xIiB+
3NV/+mM27WI9hnrnU1TPoGh/v1nwgjgnnXrgtpfDPOntXvvl8LJ+Dmz2KlNX/KWq
kbqUknNqd4LT7klpyq14jUX6oOgpKIP0Oe+VwmkxR+VY64K7e5a4MtgutqP9qL1t
NFft5/4rDR5gYpSu1R6uARVhyw6U23EV25wUqOxipGrUBhxc/8IB7V8Rrqafs5B4
NrdeO+IA4C2OQbtJn3LROzHiIEeAKSroxdo/2cfiMOYcWpeQZbzxTzu5uaJyHxMa
ykFfOgl+r0moN7FyIrz+aomCijqblurwwYuALmru9AS0JqtsoD7mQSvR8ADbZgBq
5KJv7rhLwQDg+QNw1nPJhBTT78uMUfwolImU9ADqVrFXZn1fvD7Jh15ssws7QXwl
5hwIr0m/IBN9Zedc/k4Q5qYnypsYY2Aemf0i4F9/Ai86qPadk7ttgN7soelDlUSx
BqOaEHLtaLJuZXWIlFThF4yd/OToMMvufG1ChsO3z5SNZe1fPLg=
=octv
-----END PGP SIGNATURE-----