-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 21 Nov 2025 00:45:17 +0100
Source: openvpn
Binary: openvpn openvpn-dbgsym
Architecture: amd64
Version: 2.6.14-1+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) <buildd_amd64-x86-ubc-02@buildd.debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Description:
 openvpn    - virtual private network daemon
Closes: 1114249 1121086
Changes:
 openvpn (2.6.14-1+deb13u1) trixie-security; urgency=medium
 .
   * Cherry-pick patches for CVE-2025-13086
     - check-message-id.patch: Check message id/acked ids too when doing
       sessionid cookie checks - bugfix for floating client problem, code
       prequesite for the CVE patch to apply
     - CVE-2025-13086.patch: Fix memcmp check for the hmac verification in the
       3way handshake being inverted (Closes: #1121086)
   * fix-ftbfs-kernel-6.16.patch: Fix compilation against 6.16+ kernel
     headers (Closes: #1114249)
   * d/gbp.conf: set debian-branch for trixie
Checksums-Sha1:
 82c409d15521d608bb542806d3333439eb50876d 1275520 openvpn-dbgsym_2.6.14-1+deb13u1_amd64.deb
 dc94fa845716bebd5993db24e6c4cea8acefd4c3 7105 openvpn_2.6.14-1+deb13u1_amd64-buildd.buildinfo
 8256b7f7d9b46d3d367b0ac3e88bd92883e402b5 662520 openvpn_2.6.14-1+deb13u1_amd64.deb
Checksums-Sha256:
 d79c0807271e30d29c04b681f7188910819e3e7b007f8a44ad4218019529b2c6 1275520 openvpn-dbgsym_2.6.14-1+deb13u1_amd64.deb
 cf6c832326ceab444a977405c1b89f4dbc5162a34f3df31fdfd3f176a6687ac7 7105 openvpn_2.6.14-1+deb13u1_amd64-buildd.buildinfo
 de7f803dd358752e79855c7fa77a147fd15cf5837bee4b1fdd867a28d1ffd975 662520 openvpn_2.6.14-1+deb13u1_amd64.deb
Files:
 ad5d0d95d9bd298a06fd67580fa94960 1275520 debug optional openvpn-dbgsym_2.6.14-1+deb13u1_amd64.deb
 242d50cc42fbb6ee84e8e140cd2720bc 7105 net optional openvpn_2.6.14-1+deb13u1_amd64-buildd.buildinfo
 a5033471c2bfc01ac97ac3db758bd3e0 662520 net optional openvpn_2.6.14-1+deb13u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEc5vuvf2HND40bnI+8IREj/cRiTMFAmksyDgACgkQ8IREj/cR
iTNTVw/+MKIqPW48TX4jrcFCgnhjmqApzWlZIvdIUSDmv6ZJ89M6SIMw2RCu3cbZ
76qyEgenb8UyQZIVosxPa55YiP/F4CHsEv5bOWQ3rx3HbELvOfDfu2yvDSn8R2iv
hqz32LuXWqI5jrNphUnxDxQTTJBU1BKUjwj222cOfO8mqhRzHkI8TTi7M4WRIkpB
LlDXqLBdegTEiQSMXudbIWZ8Ugmbl/uGDbGHqOJJhHY3bijVl0uTm4JegpzXe3Xl
k3pReiqbP9djT5T/w6hNCPWF2X69ycpTlnDE5oO+vvlO8uJEz+nXhUJXE1zwTm2O
MITCV6vpvSrrkzHxl4x1dV2Ro6ybfKwXSSzwE11nlIA37JJWSp9v4uAAmfY2z8Jw
gO+uj6W0Zz709VHm3Oyp04LqNbj8F6F05+zEh60sOPabpmgTCsCj2IZU1MXYFNTs
yr7T0NqkO/SHq9N9R+XpR9cWIMUuMMIXsKaJBIplpvGiiq79Fx48Uy4u+iDs/urF
fD6z86u00XD7VvzKV9GY+HVTgBky4uDFULFQPNi8Z9sMfB96xPa+r2tELyuvLu0J
izOME6ikbdI90v5U1j+YJdakfqzGs9f+lf3qaW5DQoIL/gkXWEOMv+F8MhCO4UMR
QTUheqBHvjgmZ7OyMxN1zd3cMZGkNmldnZ9OEMYRC0w07Z0BM8I=
=AYit
-----END PGP SIGNATURE-----