open-vm-tools/services/vmtoolsd/Makefile.am | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---

open-vm-tools/udev/99-vmware-scsi-udev.rules | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

---

open-vm-tools/vgauth/serviceImpl/proto.c | 6 5 + 1 - 0 !
1 file changed, 5 insertions(+), 1 deletion(-)

 [patch] properly check authorization on incoming guestops requests

Fix public pipe request checks.  Only a SessionRequest type should
be accepted on the public pipe.

open-vm-tools/services/plugins/vix/vixTools.c | 102 0 + 102 - 0 !
1 file changed, 102 deletions(-)

 [patch] remove some dead code.

Address CVE-2023-20867.
Remove some authentication types which were deprecated long
ago and are no longer in use. These are dead code.

open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c | 9 8 + 1 - 0 !
1 file changed, 8 insertions(+), 1 deletion(-)

 [patch] address cve-2023-20900

VGAuth: Allow only X509 certs to verify the SAML token signature.

open-vm-tools/services/vmtoolsd/mainPosix.c | 76 76 + 0 - 0 !
open-vm-tools/vmware-user-suid-wrapper/main.c | 26 3 + 23 - 0 !
2 files changed, 79 insertions(+), 23 deletions(-)

 [patch] address cve-2023-34059

Fix file descriptor vulnerability in the open-vm-tools
   vmware-user-suid-wrapper on Linux.
 - Moving the privilege drop logic (dropping privilege to the real uid
   and gid of the process for the vmusr service) from suidWrapper to
   vmtoolsd code.

open-vm-tools/vgauth/common/certverify.c | 145 145 + 0 - 0 !
open-vm-tools/vgauth/common/certverify.h | 4 4 + 0 - 0 !
open-vm-tools/vgauth/common/prefs.h | 2 2 + 0 - 0 !
open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c | 14 14 + 0 - 0 !
4 files changed, 165 insertions(+)

 [patch] address cve-2023-34058

VGAuth: don't accept tokens with unrelated certs.