-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 26 Nov 2025 22:54:51 +0100
Source: openvpn
Binary: openvpn openvpn-dbgsym
Architecture: armhf
Version: 2.6.3-1+deb12u4
Distribution: bookworm-security
Urgency: medium
Maintainer: arm Build Daemon (arm-ubc-01) <buildd_arm64-arm-ubc-01@buildd.debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Description:
 openvpn    - virtual private network daemon
Closes: 1112516 1121086
Changes:
 openvpn (2.6.3-1+deb12u4) bookworm-security; urgency=medium
 .
   [ Bernhard Schmidt ]
   * Cherry-pick patches for CVE-2025-13086
     - check-message-id.patch: Check message id/acked ids too when doing
       sessionid cookie checks - bugfix for floating client problem, code
       prequesite for the CVE patch to apply
     - CVE-2025-13086.patch: Fix memcmp check for the hmac verification in the
       3way handshake being inverted (Closes: #1121086)
 .
   [ Aquila Macedo ]
   * Add new autopkgtest for unit tests.
 .
   [ Carlos Henrique Lima Melara ]
   * debian/patches/CVE-2024-5594-regression-fix.patch: cherry-pick from
     upstream to fix a regression introduced with CVE-2024-5594's fix. Namely,
     "Allow trailing \r and \n in control channel message". (Closes: #1112516)
   * debian/salsa-ci:
       - Allow lintian job to fail. Sid's version dislikes things from bookworm.
       - Disable gbp setup-gitattributes.
       - Disable reprotest on bookworm. It can't run on bookworm, so the build
         fails because of build dependencies problems.
   * debian/tests/unit-tests: enable unit-tests in configure and be verbose.
Checksums-Sha1:
 fb69b07766d775972f86f9b4f1c49d4c12c69a1c 1231216 openvpn-dbgsym_2.6.3-1+deb12u4_armhf.deb
 d8b684a1a1a3f23055b899f4e7a015d2e61dbd12 7678 openvpn_2.6.3-1+deb12u4_armhf-buildd.buildinfo
 a892fa50d26b46690bd76b8797abc623d5a0ad44 601820 openvpn_2.6.3-1+deb12u4_armhf.deb
Checksums-Sha256:
 4534c0eb711385c08ca82cd2e210d93e258ec2e0765354266ab5c17b9293ac4d 1231216 openvpn-dbgsym_2.6.3-1+deb12u4_armhf.deb
 948bc8324b7d99998aee301dbfdf46eeb65a02aaeeb2cb4a6c3cff20d0637d34 7678 openvpn_2.6.3-1+deb12u4_armhf-buildd.buildinfo
 a825ca3f0dc3d1233fa78fa428cf39c16ec8c116e15f140ce938b7a0373be001 601820 openvpn_2.6.3-1+deb12u4_armhf.deb
Files:
 e148c40fed3e93e567a612d030c3c122 1231216 debug optional openvpn-dbgsym_2.6.3-1+deb12u4_armhf.deb
 be808b5c8db713eb12135ffd492deb11 7678 net optional openvpn_2.6.3-1+deb12u4_armhf-buildd.buildinfo
 47cfcde56c9c584a3c8f2ec349ad0a94 601820 net optional openvpn_2.6.3-1+deb12u4_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEq41qkgEcGaML+/CnCr/D/stJkDwFAmksyD0ACgkQCr/D/stJ
kDx5bQ//WoH0189IHDcE3/7ETvOcI5Q3yN6PIoN4YtLCyqgAiJL0UYazkAQHd201
pJmUF9aKOj7z/XquIepJT2lRM5YALI3Kt3U3tOwGKAksWnvAS+pEQajCMe3Ec5DR
tZpDjcHIFYBglXy3tQifugImtnFxoNqluZpzoOUnxjqSsvy9fihMGC5HGckcWHxU
EdfOJbG20m4UkLIZGJS7afYuFU9F8yw11f+4slMBCVsEfda5RFqDXamh3ltM0QRN
YFoU3wWTc3TI0Sx2uMc5Hc8SqMIu/nLqrDWYgUXuKa+aBuV9HE72CQQv35FcRd85
R1eBbtLdOjRRSmZAwxA0ryIilRhckNBZDxVx6hvNGSxOqSTENFSHCw44HykonR/B
iOGsNswcBn9b0PytxmfwIOP37P5B+c7Y241JyIE2Awt6ZCX9WYd+kqVin+nYoo91
x3/bvhQ+KCmM6DYOP/cHmms8qjW+Hbwozt29UY0XaDXxX0mroas61iT0S/bs15gS
gxBUAsbhZh4fEfsP6/uK/RTYa6VvzagckMmTSfLomZSyZyzxAMmFrLb18Cex3tNC
NSKUL1v7mKE8rIPBR/o9Mt1rTOnv621WpPDeh9hN/5MSaaO+aEOBYFhIlAk5IrH/
Myz7z9pK25GdRR2/gpgXCHHWAVKgkg4l3xD9KpTxf30T3Ng073s=
=32ho
-----END PGP SIGNATURE-----