Reviewing the changelog after talking to Bernd (thanks) I realized that there are security critical issues in there.
There is a security fix in it "Among others Fix possible security issue with the permissions of the intermediate staging directory and path" [1] But there are some further really bad things fixed like: 5f3f6ccd Fix NULL pointer dereference and remove three lines of dead code. Since we are in Freeze but for critical cases can still reconsider it I'd want to do the following: 1. subscribe the release team and ping them if this could be synced into Disco still Actually i'll trigger the sync right away so it shows up as -unapproved as well. 2. subscribe -security to evaluate the severity of the issue to decide if we can wait for older releases for the next regular backport (planned towards the end of 19.10) or if we need/want to immediately work on those - subscribe security team [1]: https://github.com/vmware/open-vm- tools/commit/e88f91b00a715b79255de6576506d80ecfdb064c ** Also affects: open-vm-tools (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: open-vm-tools (Ubuntu Cosmic) Importance: Undecided Status: New ** Also affects: open-vm-tools (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: open-vm-tools (Ubuntu Xenial) Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security) ** Changed in: open-vm-tools (Ubuntu Bionic) Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security) ** Changed in: open-vm-tools (Ubuntu Cosmic) Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security) ** Changed in: open-vm-tools (Ubuntu) Importance: Undecided => Critical -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1822204 Title: open-vm-tools 10.3.10 released To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/open-vm-tools/+bug/1822204/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
