-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 25 Feb 2024 15:10:01 +0100
Source: openvswitch
Binary: openvswitch-common openvswitch-dbg openvswitch-dev openvswitch-ipsec openvswitch-switch openvswitch-testcontroller openvswitch-vtep
Architecture: mipsel
Version: 2.15.0+ds1-2+deb11u5
Distribution: bullseye-security
Urgency: medium
Maintainer: mipsel Build Daemon (mipsel-osuosl-04) <buildd_mips64el-mipsel-osuosl-04@buildd.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
 openvswitch-common - Open vSwitch common components
 openvswitch-dbg - Debug symbols for Open vSwitch packages
 openvswitch-dev - Open vSwitch development package
 openvswitch-ipsec - Open vSwitch IPsec tunneling support
 openvswitch-switch - Open vSwitch switch implementations
 openvswitch-testcontroller - Simple controller for testing OpenFlow setups
 openvswitch-vtep - Open vSwitch VTEP utilities
Closes: 1063492
Changes:
 openvswitch (2.15.0+ds1-2+deb11u5) bullseye-security; urgency=medium
 .
   * CVE-2023-5366: A flaw was found in Open vSwitch that allows ICMPv6 Neighbor
     Advertisement packets between virtual machines to bypass OpenFlow rules.
     This issue may allow a local attacker to create specially crafted packets
     with a modified or spoofed target IP address field that can redirect ICMPv6
     traffic to arbitrary IP addresses. Added upstream patch: "Fix missing masks
     on a final stage with ports trie".
     Added additional patches that the LTS team added to fix this:
     - Cherry-pick additional patch adjust-segment-boundary.patch
       to fix test suite for the patch for this CVE.
     - Cherry-pick fix-testcase-ipv6-ND-dependency.patch to fix
       new test ipv6-ND-dependency (added by the previous patch)
   * CVE-2023-3966: Invalid memory access in Geneve with HW offload. Add
     upstream patches (Closes: #1063492):
     - Fix the mask for tunnel metadata length
     - Check geneve metadata length
   * CVE-2024-22563: openvswitch 2.17.8 was discovered to contain a memory leak
     via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. Add upstream
     patch "Fix memory leak in ovs_pcap_open".
   * Blacklist unittest 21 - bpf decay, which isn't deterministic.
Checksums-Sha1:
 1ae4f9a55116cd8b9e3b9d6f08a309153fb831e0 1622628 openvswitch-common_2.15.0+ds1-2+deb11u5_mipsel.deb
 edc1f38eaf78895cf9a36ba6b2696e3512b8e96d 5295084 openvswitch-dbg_2.15.0+ds1-2+deb11u5_mipsel.deb
 76a457e5ea3ee6065f33f25da9c9e61f4e0363f2 1620704 openvswitch-dev_2.15.0+ds1-2+deb11u5_mipsel.deb
 2bd39d9d3ee21cc9413f1fb0e5c3e10e93a4da7a 40792 openvswitch-ipsec_2.15.0+ds1-2+deb11u5_mipsel.deb
 298971c7790667313820a0dc24e23e86166455a1 55412 openvswitch-switch_2.15.0+ds1-2+deb11u5_mipsel.deb
 26ef10d1109079f7d8dfd436598908f5747c7dbf 42620 openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_mipsel.deb
 9f9239a94c50924af0cf20dcecc67ad4ea014938 41084 openvswitch-vtep_2.15.0+ds1-2+deb11u5_mipsel.deb
 22d7a5a3f5a92fe9378c2580b39303e2f805f922 11736 openvswitch_2.15.0+ds1-2+deb11u5_mipsel-buildd.buildinfo
Checksums-Sha256:
 f93ea564066310f1d2271fefca6aafc973d8976982a55e18ce4f1bbebe034ba4 1622628 openvswitch-common_2.15.0+ds1-2+deb11u5_mipsel.deb
 e1bae8684a0e23a28c60fb790e6c2301a9d8eabeb1007ab35e9d5d74690c4315 5295084 openvswitch-dbg_2.15.0+ds1-2+deb11u5_mipsel.deb
 a2a918cfa60171068cbbf9dabfdd9467e590a45d0f55bcd906fa4f08ddef750a 1620704 openvswitch-dev_2.15.0+ds1-2+deb11u5_mipsel.deb
 4030631a3c9c6cde1eb91aaf0b3807bc3116c8f47a6006e54c195d4b1843d62e 40792 openvswitch-ipsec_2.15.0+ds1-2+deb11u5_mipsel.deb
 f8477be78026b2e73213785fa7f52248392bdfe6c45a901c483162fb455766c7 55412 openvswitch-switch_2.15.0+ds1-2+deb11u5_mipsel.deb
 aa3304311e923fe2a4a7fbd652d0049c7d741967c9c80e842f5e9828e79ea12e 42620 openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_mipsel.deb
 c95bcda0ad73ef1368348f0a73feac4e7062800d7c6813bc6587ea1e1999aaf3 41084 openvswitch-vtep_2.15.0+ds1-2+deb11u5_mipsel.deb
 b3e00974eade5703070c07209830268e1fa4411581efd28a7c7e84bacc08c161 11736 openvswitch_2.15.0+ds1-2+deb11u5_mipsel-buildd.buildinfo
Files:
 2b68f332bbb0eb558b9bb963add9ce5e 1622628 net optional openvswitch-common_2.15.0+ds1-2+deb11u5_mipsel.deb
 7bd5937cf289acd557a8ee252585b01a 5295084 debug optional openvswitch-dbg_2.15.0+ds1-2+deb11u5_mipsel.deb
 325c5827de60138f117c6a03e4cb589e 1620704 net optional openvswitch-dev_2.15.0+ds1-2+deb11u5_mipsel.deb
 8532f8ff1fa981809bf5a1b95ae553a4 40792 net optional openvswitch-ipsec_2.15.0+ds1-2+deb11u5_mipsel.deb
 2b80fb612f341ecdd173c8a72318734a 55412 net optional openvswitch-switch_2.15.0+ds1-2+deb11u5_mipsel.deb
 2b317011fca133461a0ade2dcb047686 42620 net optional openvswitch-testcontroller_2.15.0+ds1-2+deb11u5_mipsel.deb
 42f1fc1a874ca1306d674a499ceb9df7 41084 net optional openvswitch-vtep_2.15.0+ds1-2+deb11u5_mipsel.deb
 6cc6c6323120fce2d23d92b6e958a27e 11736 net optional openvswitch_2.15.0+ds1-2+deb11u5_mipsel-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEEmZlxOBLdXDBxnwAL00bee7O74EFAmXxzSIACgkQL00bee7O
74Fiag//ZTj6t3CAS344UJodKo6eorWGs86Q7gAuY5myVWRhHVKwEfMz7A1/CU0H
GLEkaQRoBgtgKGbS4M9FAOpHQIW6750WJ83TE+Y/zMAr2WSemHSPOM9mga3K1GJT
Q1GCaBYfy1uJxr6Ks+tYPgIakPY2xxhGUTywifIJ/4fV6cHFVL89cQreveoclHwW
h8YO8gpT7kdGUwiWqRYUN/jffOVEnXK7R++Y9kbw3zKY48zPiXo24SOnHqKpvdHR
yfOYOxukRJrXPUjeTPf5bR/3Ej8Cp/rLBnIRvid6yzdP/qcWCY2Fo0BqkrjHU3am
zVVihZ6SlhC2L5RYLIKebCawehDEZQHwvpEcX/VR6k9BrHBRE0TKqIukk+2bs6Kk
1HyTQ/Dbh5yCHwoUSZkI4X+0IjBVXhGqyOn/5DEShpewm3JNGNXaKabkc2kj/NsE
xbSV5bYHwJJpdwDxlRfHY7bZ7FJ+iqg566Oh2IT/RVJIT84TaPTfqzSEGq6to48L
+qDbJ8V9s4jT++QNTjUms1Ypfke3glXsSmgvwzmQClxFQRoJm05QyKBcop1kQbgW
D9dbPNnkbBx1rBxnCY1pPEEdJo2PJ4D6KjCnRt/YCN0yYw3kTCLVqid6PtQjz+BM
LBXK2z/1g8z7qTVvocTXvHN31qCHR6II7out0HEyYyKgj7xBYo8=
=PUcY
-----END PGP SIGNATURE-----