-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 26 Nov 2025 22:54:51 +0100
Source: openvpn
Binary: openvpn openvpn-dbgsym
Architecture: arm64
Version: 2.6.3-1+deb12u4
Distribution: bookworm-security
Urgency: medium
Maintainer: arm Build Daemon (arm-ubc-02) <buildd_arm64-arm-ubc-02@buildd.debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Description:
 openvpn    - virtual private network daemon
Closes: 1112516 1121086
Changes:
 openvpn (2.6.3-1+deb12u4) bookworm-security; urgency=medium
 .
   [ Bernhard Schmidt ]
   * Cherry-pick patches for CVE-2025-13086
     - check-message-id.patch: Check message id/acked ids too when doing
       sessionid cookie checks - bugfix for floating client problem, code
       prequesite for the CVE patch to apply
     - CVE-2025-13086.patch: Fix memcmp check for the hmac verification in the
       3way handshake being inverted (Closes: #1121086)
 .
   [ Aquila Macedo ]
   * Add new autopkgtest for unit tests.
 .
   [ Carlos Henrique Lima Melara ]
   * debian/patches/CVE-2024-5594-regression-fix.patch: cherry-pick from
     upstream to fix a regression introduced with CVE-2024-5594's fix. Namely,
     "Allow trailing \r and \n in control channel message". (Closes: #1112516)
   * debian/salsa-ci:
       - Allow lintian job to fail. Sid's version dislikes things from bookworm.
       - Disable gbp setup-gitattributes.
       - Disable reprotest on bookworm. It can't run on bookworm, so the build
         fails because of build dependencies problems.
   * debian/tests/unit-tests: enable unit-tests in configure and be verbose.
Checksums-Sha1:
 6b6c4cd449339f981fa16f7e238286b5a24d864d 1241700 openvpn-dbgsym_2.6.3-1+deb12u4_arm64.deb
 6620a6b2a128eb7a8a25bcf5a82b318457a90513 7834 openvpn_2.6.3-1+deb12u4_arm64-buildd.buildinfo
 5753c8b96cb366788e6c4d930079f50344c77265 619292 openvpn_2.6.3-1+deb12u4_arm64.deb
Checksums-Sha256:
 2709c7c2dadf182a7eebecca274b32ee8d1b2a877a7aa88f3e8dced9ec926626 1241700 openvpn-dbgsym_2.6.3-1+deb12u4_arm64.deb
 1cb95be50716a0189445cbecffdb43df87167382fb4869552f0b7bcb20900be7 7834 openvpn_2.6.3-1+deb12u4_arm64-buildd.buildinfo
 1a1650631a126873f8387799a3aae1f016e49ea8dc0137fbac7ca05923396375 619292 openvpn_2.6.3-1+deb12u4_arm64.deb
Files:
 76da5c6351e0750bb798f5fc1f953f33 1241700 debug optional openvpn-dbgsym_2.6.3-1+deb12u4_arm64.deb
 312fee6180a4043528ebb3d592b8112e 7834 net optional openvpn_2.6.3-1+deb12u4_arm64-buildd.buildinfo
 8b94e18768b54a14805827685bfa72f1 619292 net optional openvpn_2.6.3-1+deb12u4_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEbIns2iWsAAdAqh2MS/ZIXkV8oLAFAmksx/oACgkQS/ZIXkV8
oLB6txAAtdI6Wl4NlBuOV8+6b1gN3rB7W4bar6dD1EHDvBYuJvwzX1Pd6tBNS5Aj
gbK+adbyDCH5ulnSmKW9B3hO2yglT5kvYwa2wJGNCj5qerRH47yXm/gz6UNT01kX
VZyLn6hoYHA3EYxfXzFCzbc2B2BgbJ4SIbjIi9UCGq5/qxiIwcjFrQsR/qLjH793
VfRkPLXzh6ZH+3pRMh1fCfnnoRZqp9FjO9/e8cE7jtw/Jj2C388a+yXaMneQdf1v
uAPvmddBCJAASsjK9xOiiZQL3/kSza963si69qzH3FbwuaaJ6aiS/883QTrEF+Jt
wm30hasgoq6Eeb7ob/qN8ZgzqNWfwfsbG0cUCQW8eno2P8jFT4QUgoPgmx5DcbMY
V4Jh0RcjIXw+csA9lfcy/1u62Ctj+pNbQFI2WjJG7V/wu/dwInxyo7yc/xy7knEZ
slH7XxPpUYliK23orfZtwQLP3rqNqC6cPOkPYybqybs+xuLPLJy7/F28saHAtR2C
j0rbv1KGhdlA+tyK1H2DlwB1OYhb4J/fuVtQM+MBBBPwbl5p4UcLT8PPGU5Tabun
DORR6B31T00X47dHgHA1vBQMqJu8+Qj9ph6k9T4wE8UCVPwDIXJA+XeYFvvkbJWW
X4dbEWzq2eL+WE6GHRfk64CAX76oTNZpdXLjXwvmpmil5xYd81w=
=4w61
-----END PGP SIGNATURE-----