-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 26 Nov 2025 22:54:51 +0100
Source: openvpn
Binary: openvpn openvpn-dbgsym
Architecture: mipsel
Version: 2.6.3-1+deb12u4
Distribution: bookworm-security
Urgency: medium
Maintainer: mipsel Build Daemon (mipsel-osuosl-05) <buildd_mips64el-mipsel-osuosl-05@buildd.debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Description:
 openvpn    - virtual private network daemon
Closes: 1112516 1121086
Changes:
 openvpn (2.6.3-1+deb12u4) bookworm-security; urgency=medium
 .
   [ Bernhard Schmidt ]
   * Cherry-pick patches for CVE-2025-13086
     - check-message-id.patch: Check message id/acked ids too when doing
       sessionid cookie checks - bugfix for floating client problem, code
       prequesite for the CVE patch to apply
     - CVE-2025-13086.patch: Fix memcmp check for the hmac verification in the
       3way handshake being inverted (Closes: #1121086)
 .
   [ Aquila Macedo ]
   * Add new autopkgtest for unit tests.
 .
   [ Carlos Henrique Lima Melara ]
   * debian/patches/CVE-2024-5594-regression-fix.patch: cherry-pick from
     upstream to fix a regression introduced with CVE-2024-5594's fix. Namely,
     "Allow trailing \r and \n in control channel message". (Closes: #1112516)
   * debian/salsa-ci:
       - Allow lintian job to fail. Sid's version dislikes things from bookworm.
       - Disable gbp setup-gitattributes.
       - Disable reprotest on bookworm. It can't run on bookworm, so the build
         fails because of build dependencies problems.
   * debian/tests/unit-tests: enable unit-tests in configure and be verbose.
Checksums-Sha1:
 0adebb69cb11745bdaff9986f57728143092a171 1289112 openvpn-dbgsym_2.6.3-1+deb12u4_mipsel.deb
 1b61231110a314b51d18dd48151d4d16be210b93 7616 openvpn_2.6.3-1+deb12u4_mipsel-buildd.buildinfo
 21cf5ce5668aee2537e3de854b1808e28d1d052f 620676 openvpn_2.6.3-1+deb12u4_mipsel.deb
Checksums-Sha256:
 5f58ad5b081a61113d763ff10e4d80ecdc4b317308c52b328184ef23ab0e8f56 1289112 openvpn-dbgsym_2.6.3-1+deb12u4_mipsel.deb
 b5d6802996aa6a7220fecff593c04c2f50d1b3a2661d51d98cc820b84f698142 7616 openvpn_2.6.3-1+deb12u4_mipsel-buildd.buildinfo
 ba47f9cb0c9372d5627487366f69a9a40c3218e0577231cf6f3fd40fed47f845 620676 openvpn_2.6.3-1+deb12u4_mipsel.deb
Files:
 e504fea824b654b0145e13a07cc1d165 1289112 debug optional openvpn-dbgsym_2.6.3-1+deb12u4_mipsel.deb
 a7d0e6c09b864acb61df62e229e2b416 7616 net optional openvpn_2.6.3-1+deb12u4_mipsel-buildd.buildinfo
 dfa129b6a5a064259d45e088436db0a2 620676 net optional openvpn_2.6.3-1+deb12u4_mipsel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYLhEzFkGpb3yYRVHmlVdU6AM9BUFAmksyGwACgkQmlVdU6AM
9BUQVRAAtWTPsZpdZpfXOoL6gwfZrjGd5CaiL0MR3g0pBauAAxPf0qTDD4NfzPvb
iMwUMhgZvcP4oE8JWJuCasSUv9LaeKUjbErO7GNC5ZPyvfSuL7qNUBbt6sOXUyii
um/2jzGSCN/pPCgXEG+hgcOyMDr4C7vh5PYAZ7oNk/4dDkzC3yqfwopoZqySCDlR
xcolHDKc1RHcFwfSNX9V+e2+SavTI+01/WgBXejM3vCoIOGeOOsCSttEGLbtbN2D
6toc0d64sYxeLff25URyBq329jDeGz/BSEnzAy4M7zrvCDn9Gxa06jQyw+fa9i2L
z6bN9BRTVjTlIzhCcdSlwuRQcNl2rOrY8/uLT1E7tarffzasO/guV913qv6BWal/
8zLBhDVMIxwFE0gHcnJ6tcQfc9E3MAnCnBdI4asfQGWwv5AkoodL7ibCFuAQF4Vy
W41M/BUzdgcG7wX21Vz30VNJ/vg3qCW2E3wFtu1kvifXDG4TUYTYa0TgV+h2P5SS
ML0r9N9b4WvwN8HHEY1FadnHeKthiiwsjAb0noS88EJjCv3UJJH/c/aGjfnEKAUU
5kTIi3NEgsg0hdQqUGpnSWn+i/v6OgLI6e+jFNr9ps1M9ApZRenIR1SkBRXL13jd
4DxY2ECCOoSigVrBYqyR7gxykDyW1+6OdKtBPpWek4oZ4Wma3Lw=
=m4XL
-----END PGP SIGNATURE-----