-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 25 Feb 2024 15:10:01 +0100
Source: openvswitch
Binary: openvswitch-common openvswitch-dbg openvswitch-dev openvswitch-ipsec openvswitch-switch openvswitch-testcontroller openvswitch-vtep
Architecture: s390x
Version: 2.15.0+ds1-2+deb11u5
Distribution: bullseye-security
Urgency: medium
Maintainer: s390x Build Daemon (zandonai) <buildd_s390x-zandonai@buildd.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
 openvswitch-common - Open vSwitch common components
 openvswitch-dbg - Debug symbols for Open vSwitch packages
 openvswitch-dev - Open vSwitch development package
 openvswitch-ipsec - Open vSwitch IPsec tunneling support
 openvswitch-switch - Open vSwitch switch implementations
 openvswitch-testcontroller - Simple controller for testing OpenFlow setups
 openvswitch-vtep - Open vSwitch VTEP utilities
Closes: 1063492
Changes:
 openvswitch (2.15.0+ds1-2+deb11u5) bullseye-security; urgency=medium
 .
   * CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor
     Advertisement packets between virtual machines to bypass OpenFlow rules.
     This issue may allow a local attacker to create specially crafted packets
     with a modified or spoofed target IP address field that can redirect ICMPv6
     traffic to arbitrary IP addresses. Added upstream patch: "Fix missing masks
     on a final stage with ports trie".
     Added additional patches that the LTS team added to fix this:
     - Cherry-pick additional patch adjust-segment-boundary.patch
       to fix test suite for the patch for this CVE.
     - Cherry-pick fix-testcase-ipv6-ND-dependency.patch to fix
       new test ipv6-ND-dependency (added by the previous patch)
   * CVE-2023-3966: Invalid memory access in Geneve with HW offload. Add
     upstream patches (Closes: #1063492):
     - Fix the mask for tunnel metadata length
     - Check geneve metadata length
   * CVE-2024-22563: openvswitch 2.17.8 was discovered to contain a memory leak
     via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. Add upstream
     patch "Fix memory leak in ovs_pcap_open".
   * Blacklist unittest 21 - bpf decay, which isn't deterministic.
Checksums-Sha1:
 ebd6da49a5e4456c9c87e20da42a50b41b5aecd9 1652776 openvswitch-common_2.15.0+ds1-2+deb11u5_s390x.deb
 2505a9d75607bc2be699f417f101aa6be8249e16 5290464 openvswitch-dbg_2.15.0+ds1-2+deb11u5_s390x.deb
 2df2913022414a221515d25c583456fe3d13b06d 1364556 openvswitch-dev_2.15.0+ds1-2+deb11u5_s390x.deb
 f32fef07a32aa5f26f25cf2458eb91602e246ac4 40792 openvswitch-ipsec_2.15.0+ds1-2+deb11u5_s390x.deb
 cce83f57a4de0aeaa5ef3afeb18e4076035a2c38 55408 openvswitch-switch_2.15.0+ds1-2+deb11u5_s390x.deb
 3af123cd75a9f99e7f7995486e5e2a214d45d22e 42620 openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_s390x.deb
 7d124d87bbc8e294df3b1e2aaf5a45d88e9d4023 41088 openvswitch-vtep_2.15.0+ds1-2+deb11u5_s390x.deb
 eb75703641c739b3055cb3e96383cb802bb4a26b 11784 openvswitch_2.15.0+ds1-2+deb11u5_s390x-buildd.buildinfo
Checksums-Sha256:
 8c315e12021ead177481f1ebbbc7f49c381e52726e3be6a12c07ecd519e5e5df 1652776 openvswitch-common_2.15.0+ds1-2+deb11u5_s390x.deb
 75a378e87bdcef56f029f8c74030465266647250c014562f06efab726fcbd4a3 5290464 openvswitch-dbg_2.15.0+ds1-2+deb11u5_s390x.deb
 d4a794e711c14bc923e279f84fa29b0065fdee4a85f7b7bfe4dba5f58d96c6f4 1364556 openvswitch-dev_2.15.0+ds1-2+deb11u5_s390x.deb
 5c6efad2faa3c931380486bb9e92740d875edff245bcf78d3a4d0846440a72ee 40792 openvswitch-ipsec_2.15.0+ds1-2+deb11u5_s390x.deb
 601c45a66ced10a69e83655dcdb63071795a7a5ac3e51ef98b4bfd7e970c201e 55408 openvswitch-switch_2.15.0+ds1-2+deb11u5_s390x.deb
 cf6079e113d0d9d41cea396d3ddbe74c3604b8851f7ee8ee4a24c27603ce027f 42620 openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_s390x.deb
 743fb081346272c3bca551cc9f4ddafb6deda9b1fc18d997296216b784b441f7 41088 openvswitch-vtep_2.15.0+ds1-2+deb11u5_s390x.deb
 60b34559812a07d332a438c10cbb4060d690975c7c8ae60033bfe28084f02b08 11784 openvswitch_2.15.0+ds1-2+deb11u5_s390x-buildd.buildinfo
Files:
 b217d2efe21f6fe11999f498cc26cbdd 1652776 net optional openvswitch-common_2.15.0+ds1-2+deb11u5_s390x.deb
 80c4038523fd3fe9f5c90e43df812e15 5290464 debug optional openvswitch-dbg_2.15.0+ds1-2+deb11u5_s390x.deb
 341491f26eeb0292c10e58d9bb2217e0 1364556 net optional openvswitch-dev_2.15.0+ds1-2+deb11u5_s390x.deb
 f9e4ab40737b3e9396871e5f38bdb468 40792 net optional openvswitch-ipsec_2.15.0+ds1-2+deb11u5_s390x.deb
 c9fbfaf3569f3897bd01448ce65eb07b 55408 net optional openvswitch-switch_2.15.0+ds1-2+deb11u5_s390x.deb
 eaea41da06aed04978a1fdea3572cc76 42620 net optional openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_s390x.deb
 7ea58cd5d86990853669c7d1090b2c46 41088 net optional openvswitch-vtep_2.15.0+ds1-2+deb11u5_s390x.deb
 3777f7e576f4570b3a5bb1bf713d1271 11784 net optional openvswitch_2.15.0+ds1-2+deb11u5_s390x-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEctqRAwcjFMIrbct74euoNlQ3ywQFAmXxxd4ACgkQ4euoNlQ3
ywSIzw//YM2a7HGgj2yNAsVfnjvD80CoD3uieJ1C8QCV3BISlvF6qo0DIu/BJE1k
+Ny8x/FMK8nNXIdG6RaT5DAXpNxVACKh3yR/G6ZfH0k2N007w8D4+eq0IworZ7vL
zW2GQAv+3XQNlIkyptp8hsK/FB4if6pNjEsCE5p5XRtfmTzVRqRhaBS2kd1EitQu
/Bqt+1h8LcSYKOZ2WiGiNc11woB0fA9u258p2fGvI5TZ1gRA+6VOrmXwRqwicXXX
+QwNAPw7sox8asfhySjODp6VGXCRsWZYX+dcG+le+DcfIPcbHJcN03AoOTl21zlx
rBhS/XANZpQ9+I05XqIqzIY/CBUFMFnhoZWXwKN9lsjcTxHkLrHxVpB7rew+GZ3V
DZ7p/eAAHfhD2tHaZ8VuE6aENETysXbna38Npxl/y5dZoP0fz4RdDWFq0A8Hh5T8
4PsBl2a2J+kwP/UtAjhOYSJAiF/fyR/yWur95J0wuhHmMo8r6mJ91ZPP8B8acgAY
tI24TNFMQrMp6qjcG17RweI/ScFHPg4GRKS0EmqgMuMDg0eGSRZEoPHYzgpe3mHL
6S8ku8zfJXf4JrHrvNcDgBIob/liZeZYfKIsfZ105Tmxz+2wrW8sgCOdG2TNolxD
USbVw8lqK2o0RCiZl5B2JcwNxfNOd2z1NyGQTl85PM74Tjgys2Y=
=HNji
-----END PGP SIGNATURE-----