-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 21 Nov 2025 00:45:17 +0100 Source: openvpn Binary: openvpn openvpn-dbgsym Architecture: s390x Version: 2.6.14-1+deb13u1 Distribution: trixie-security Urgency: medium Maintainer: s390x Build Daemon (zani) Changed-By: Bernhard Schmidt Description: openvpn - virtual private network daemon Closes: 1114249 1121086 Changes: openvpn (2.6.14-1+deb13u1) trixie-security; urgency=medium . * Cherry-pick patches for CVE-2025-13086 - check-message-id.patch: Check message id/acked ids too when doing sessionid cookie checks - bugfix for floating client problem, code prequesite for the CVE patch to apply - CVE-2025-13086.patch: Fix memcmp check for the hmac verification in the 3way handshake being inverted (Closes: #1121086) * fix-ftbfs-kernel-6.16.patch: Fix compilation against 6.16+ kernel headers (Closes: #1114249) * d/gbp.conf: set debian-branch for trixie Checksums-Sha1: 07f029fc6a9e8dd2eab7a9b28ab175f23376acea 1266144 openvpn-dbgsym_2.6.14-1+deb13u1_s390x.deb 868baef426a73a8f9a9a8739df06f88f1753c39b 6967 openvpn_2.6.14-1+deb13u1_s390x-buildd.buildinfo 12abac0dbd0db1e1352ab491a6a3145716fa1a44 631260 openvpn_2.6.14-1+deb13u1_s390x.deb Checksums-Sha256: fc30304081c40795449a5738b22b3d596592d9d8d1f6614f5988c5131408c375 1266144 openvpn-dbgsym_2.6.14-1+deb13u1_s390x.deb 61133df8e15ff5130e8874990cf983e72f5c118e8437ec453baae8278be480b9 6967 openvpn_2.6.14-1+deb13u1_s390x-buildd.buildinfo b7e2b552516b874394d32d83e3a50dc1821c080fda3c1131ed95ee88d29133e8 631260 openvpn_2.6.14-1+deb13u1_s390x.deb Files: 7e537c076c726cc01e343feb80693837 1266144 debug optional openvpn-dbgsym_2.6.14-1+deb13u1_s390x.deb d1121479d4f87da66b73b52cbae1ba9a 6967 net optional openvpn_2.6.14-1+deb13u1_s390x-buildd.buildinfo d334962597590240dc1414a6ee1ecc44 631260 net optional openvpn_2.6.14-1+deb13u1_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgh4msZ+e2PZfd5KckaCrxAR3BY0FAmksyRMACgkQkaCrxAR3 BY15sQ//ZTsi+UKprCOnNC2F9VNMzAOrZZybr+vs274tAaK2HiS5LNBVwDGBRfvC dK2YzFT12RIL/7xTyLSSzWEUcevPgDAXdLIYUrCMhnG1yoSEaJlVqFLqPaZ1orGk dWlOm2CjYaBA4N+dsGIHfhGP/a55t1ByqKTYI5WOCvS+8JsydBCdGYC3iurD/iAe 7DuuGwNeQKF723gKCiW8+66XO+MDmOvqasHqQ99fD8yZYTgbyaUFC8pNQSfShlon Q8U2mFHcn8fkNi5I+jyNQQK4vvxtJUv9Ghfcdtr0oL1EbPxhH+46BA34ohcr+mx5 6K8rEYh0J7DWNS9Ye5zjAhs+QiFUwF/H+6rK/FZXc8f/s5mZsrkmWyq1BwBuMRYL O/6rcyfbNSFf6FOWLk0cflCsT7JSEkapsMQWXVmOw4DNzxzEYXrwCYZpfNkK6gMF fFTXnaGq1XcdlFs2wTM1igG5zMCDz/j5RUAbork/dFizld2xXX6ILdEsOr1KzGnJ g9CX9/jJ4Mx2lCNSbWYLU2x9CNkmHnLTKdaGAwfictoMxXrMRidcAzb0RKy9n+if qFVlMWVNQ5CpLJfaeusCWtpuzfWRJzPQpZ8V2NK4SfkEYw776kJWvTKPFEHuT78I IG5f6HRc80tU8K/XL+Ehci9IvbjvsHrCutDel0TIlx46RkPG8Hc= =QoWA -----END PGP SIGNATURE-----