-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 26 Nov 2025 22:54:51 +0100 Source: openvpn Binary: openvpn openvpn-dbgsym Architecture: armel Version: 2.6.3-1+deb12u4 Distribution: bookworm-security Urgency: medium Maintainer: arm Build Daemon (arm-ubc-04) Changed-By: Bernhard Schmidt Description: openvpn - virtual private network daemon Closes: 1112516 1121086 Changes: openvpn (2.6.3-1+deb12u4) bookworm-security; urgency=medium . [ Bernhard Schmidt ] * Cherry-pick patches for CVE-2025-13086 - check-message-id.patch: Check message id/acked ids too when doing sessionid cookie checks - bugfix for floating client problem, code prequesite for the CVE patch to apply - CVE-2025-13086.patch: Fix memcmp check for the hmac verification in the 3way handshake being inverted (Closes: #1121086) . [ Aquila Macedo ] * Add new autopkgtest for unit tests. . [ Carlos Henrique Lima Melara ] * debian/patches/CVE-2024-5594-regression-fix.patch: cherry-pick from upstream to fix a regression introduced with CVE-2024-5594's fix. Namely, "Allow trailing \r and \n in control channel message". (Closes: #1112516) * debian/salsa-ci: - Allow lintian job to fail. Sid's version dislikes things from bookworm. - Disable gbp setup-gitattributes. - Disable reprotest on bookworm. It can't run on bookworm, so the build fails because of build dependencies problems. * debian/tests/unit-tests: enable unit-tests in configure and be verbose. Checksums-Sha1: 0d46fb8f6ec3df18ab926cb20214671eabb585f9 1226340 openvpn-dbgsym_2.6.3-1+deb12u4_armel.deb 4c2ed1ebf49823f97196a040fde877efd7ac23b3 7676 openvpn_2.6.3-1+deb12u4_armel-buildd.buildinfo 836d547ad6b3556b539025922ca7fda3ac6faf6c 595976 openvpn_2.6.3-1+deb12u4_armel.deb Checksums-Sha256: ee4726951180db51879fc622cf55fb9fcd91ab04ce28dcf7c81948d115eb2129 1226340 openvpn-dbgsym_2.6.3-1+deb12u4_armel.deb 28cc975c4829f9c9d5c54024d857e58a33ce113ef39d1a86f9848fbb646721eb 7676 openvpn_2.6.3-1+deb12u4_armel-buildd.buildinfo 23c2faa095f0af11bd87f39dea485128b43c3b1534a844cd47867f3b0b634ef6 595976 openvpn_2.6.3-1+deb12u4_armel.deb Files: 0b291e9574286e66659f1cc29043c9c8 1226340 debug optional openvpn-dbgsym_2.6.3-1+deb12u4_armel.deb bcb8a9b4acd45ec1a0c5b91b0e9bf8f2 7676 net optional openvpn_2.6.3-1+deb12u4_armel-buildd.buildinfo a01ee3f124c4bc3a7b94d76070c663e2 595976 net optional openvpn_2.6.3-1+deb12u4_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEUPFH3FhY8nQZGtLwVLd4YzMSDKEFAmksyCQACgkQVLd4YzMS DKF3vhAAv1xH4vlNJrYLt/Jl/MIwFO57U87IX9Fv71PpHFEsViwZrBEaqGjoK/aI ydfBWQSOL+2kmvs2HBaF3iz3hgDjBDzd2P/JE/Mow90Hs35rjSZ97/7G3D1i66Zt A+ch93guCYLaht0GXKyg8YbyJuou+LMPijrhLMCj1sEBollmkbCB1qj0FpoAjDJJ AIOYCHtHqHW3LCZPcefMsaqJ41WVb+OE9kF6SQ/FRDWMDCjXmAz1QILe9yRmge/D dg+vN8xOAWhdNKfV/HCS+uSHMDJhNB6iaMT4d0g0B9MBHmBOhhJ+KLoSKk/FK23k TrFe5HXel0AMFBVmLfwtK42LJiI4csOsiMnksWm5/g+22McmOQm/l1fOY0zphILA DTb5YUYyH57lxiS/OK92/idJd46ybX+i62NEtk+XdGPR69eMUrjoN/T0BDE6s64+ pHt/UAGHZFZ0B9NAPT5gzjAPg/JdnBoZpSI2WqNo28/GjmCzIrGLecm5dKmigrYF UJeP/45sEizHj/4DMhHO7AG6RAIpkHEgHIho/X+7Tdis47RfwQVwP7Okgs59kV46 qCcFaFWNWcI8Kk2eEVw6rDaKZDORKUorGgFA/4BTzhKhfqlT3bOHv60uJe7ai3+3 5TcKgSiwXVlJeCmmAyJpU5o0vZuYG9rP2SdguDDpVSfZt0YzknQ= =40qH -----END PGP SIGNATURE-----