-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 21 Nov 2025 00:45:17 +0100 Source: openvpn Binary: openvpn openvpn-dbgsym Architecture: i386 Version: 2.6.14-1+deb13u1 Distribution: trixie-security Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) Changed-By: Bernhard Schmidt Description: openvpn - virtual private network daemon Closes: 1114249 1121086 Changes: openvpn (2.6.14-1+deb13u1) trixie-security; urgency=medium . * Cherry-pick patches for CVE-2025-13086 - check-message-id.patch: Check message id/acked ids too when doing sessionid cookie checks - bugfix for floating client problem, code prequesite for the CVE patch to apply - CVE-2025-13086.patch: Fix memcmp check for the hmac verification in the 3way handshake being inverted (Closes: #1121086) * fix-ftbfs-kernel-6.16.patch: Fix compilation against 6.16+ kernel headers (Closes: #1114249) * d/gbp.conf: set debian-branch for trixie Checksums-Sha1: d1c09f7857baa8536aba03e0ec9988ee00f20c67 1138348 openvpn-dbgsym_2.6.14-1+deb13u1_i386.deb 123c0a19d0777befdc8f78ae557223234f2cb954 7006 openvpn_2.6.14-1+deb13u1_i386-buildd.buildinfo 6672c5282e8609cbe316ead118cd2139162d7680 701332 openvpn_2.6.14-1+deb13u1_i386.deb Checksums-Sha256: 5502572169c065d2e6684a50ae989b0ef387fc1adf5e16a622ad57489eec7437 1138348 openvpn-dbgsym_2.6.14-1+deb13u1_i386.deb 486958c9d6a26e7fd10a6c9acc87d5554423a7fc8834b61a3f9a7e63b682170f 7006 openvpn_2.6.14-1+deb13u1_i386-buildd.buildinfo bbc0658ae3d9b8b8cb45fb2661bdec845575ede888ecfd8dde64234b36028314 701332 openvpn_2.6.14-1+deb13u1_i386.deb Files: 27f9b4bc1fd725d6e14161afccddb4b2 1138348 debug optional openvpn-dbgsym_2.6.14-1+deb13u1_i386.deb 155ad1ce212e47aeedb0332ccb66f4df 7006 net optional openvpn_2.6.14-1+deb13u1_i386-buildd.buildinfo a8be8e9f96db3cb9264d665136a5c5a5 701332 net optional openvpn_2.6.14-1+deb13u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErwLLVsiCiGZggzpHJuP6X4A0XeIFAmksyDgACgkQJuP6X4A0 XeKoyQ//Z6QAgpwcX671RHw6+YVfhvVzkoCMDrIkAF3Oyrs+cQlDH+fotxY8kAzI /vVZyBX1fRVd4YFOPvazhRnORSZOW0qNo/mj4+0CoVxhFMP5p5n62P38IItyqobO QJb2W67IU1UGB7gchv8OOrQq9ERX7TtqVtBH7UKT8JDsvFC6Tz3oolO7JreC9S5x 1WSwJUpucjGInfeD5jjxru5AA55aH7hEwG2gUJOJkaoT4tltgVCWMjlvshLb4ckM hmBnfgI8VwQxp2VIjKPXrK6edBR+k56Tl73H5xK3l9217c1KDadHeLoYM/FWR0Cj ua7q1UnBxPjpiDyihcD68LUHmW1Qh/zkad/3DjNRU+GjCA9zHlxWNUgr9GQsWNJB L8rhWu5TSibiJInmSBHfUhjOHmJl0ONtobBIFtX1wvwumBTaduaqH0vasRXMTKPr DtfNlin5NRyLiKSFiG8JX5mA2JqiltZC07dg89ka4irUg9cnkcLNZyMjSSHl0Vhv CbYrvfDVyPrblJvcnLQwopCDJ1Dfcx4QVEi/HS3znkAkaEyYVuGiTCfIoOXz1w4H 1Fr3J3R6keGWaIMAQx48NZTv6xoHH2ZaOnBd/42ZF+Outg79AN9pfp2/hJ3vYSGc tbgL/2HSD5w63lIzcolPcttsrUN1JPCqGywGDhb89J8l/hrHCoU= =mh3V -----END PGP SIGNATURE-----