-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 02 Apr 2025 17:45:15 +0200 Source: openvpn Binary: openvpn openvpn-dbgsym Architecture: arm64 Version: 2.6.3-1+deb12u3 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-ubc-04) Changed-By: Bernhard Schmidt Description: openvpn - virtual private network daemon Closes: 1074488 1086653 1101935 Changes: openvpn (2.6.3-1+deb12u3) bookworm; urgency=medium . [ Bernhard Schmidt ] * Cherry-Pick upstream fixes for various CVEs (Closes: #1074488) - CVE-2025-2704: possible ASSERT() on OpenVPN servers using --tls-crypt-v2 (Closes: #1101935) - CVE-2024-5594: malicious peer can DoS or send garbage to logs - CVE-2024-28882: client can circumvent management client-kill both (Closes: #1074488) * Run salsa pipeline in Bookworm environment - add d/source/options to make it build in Bookworm Salsa . [ Aquila Macedo ] * d/p/sample-keys-renew-10-years: import upstream patch to update expired certificates used in the build-time tests (Closes: #1086653) Checksums-Sha1: bde303326c60aea26d97b978948715f68529bbe5 1243012 openvpn-dbgsym_2.6.3-1+deb12u3_arm64.deb d9191d6bfbed2095e59b74cc6cfa05f61cf334ae 7670 openvpn_2.6.3-1+deb12u3_arm64-buildd.buildinfo 5d4b2122402a44d12e41269499e23df1c9700add 618456 openvpn_2.6.3-1+deb12u3_arm64.deb Checksums-Sha256: 15b9a69a37c9ae47d287f25d7c3091d92112dad4304162b34497f1f4cdbf6f1b 1243012 openvpn-dbgsym_2.6.3-1+deb12u3_arm64.deb fdf717ee57e19fce4abae144b334eb9008cc586da631b5153889cd90eacad714 7670 openvpn_2.6.3-1+deb12u3_arm64-buildd.buildinfo 502c74811073c33fed3f11e857711923740bff9bc29f950265b620e8c7e65833 618456 openvpn_2.6.3-1+deb12u3_arm64.deb Files: 97bd90d20577b84c3a9ba5a78ad92b32 1243012 debug optional openvpn-dbgsym_2.6.3-1+deb12u3_arm64.deb 4fa50c7d89d7ca0796de0c0984ec51b2 7670 net optional openvpn_2.6.3-1+deb12u3_arm64-buildd.buildinfo d61347ed80b2d658ef17ab2a8c21a90d 618456 net optional openvpn_2.6.3-1+deb12u3_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE6s8UzO+WAx8RRAOV80lOEvgzuSsFAmgeMgQACgkQ80lOEvgz uStiNQ//RNnVbiViMwVS79/9dHp7I20mdsUleWhtZKej+zHsUl55G0P00Rc3xAqf aHtMPmleAUBcbRVdlVi7sdiUaFaSb/9HFc+QEWr7fiSKYVwhYdwapXqSKbR8hj/K 5zgO1BM1yrFIahs6j8G+NnKNZKZACFOd6d9Zyne45ioc2UhVnNckllvstp87Zo5e cP3y17+1sm3+CEiWmt/3FLEah7XfhMawKcUBG8fZh+zkz27kd9fzlC13j7CRUkoq OxKxbYlYAXOKiBqE74TOQPTKFIFe4e5ws338cqGKFfwUq4iqKsrcm7O34lnLoLOn zsDciCmWdEI4NDl4d1FFKKriVJou+cPuxAl78HdGVotIQgBqlpbnvnaPh49/KTsR 8oqhagnTUtfc5SAEWcWjJItsh1O90fHAJS0o5Ep7uOS65JvXeERM1ldSwvQqxZod ffwSAkp0tKygC3JYsBhuCh93li/R4N3NY8o8rNCyyh3hr8ue37U7LSq1JXS1/iCl 6I2mkGkGXWDCg2Vpm9RAxZvTBifFsBNnZK0c7ZEO2kMEMTY4y7ArXWoCG8LJJr+b uJqzP0qleHuiVyPCI5sErUEqMG2xmYjtffhZHGdl3ZMlv7mEQB6YxPJnFbRDu45e ZsHTnhbbjIrgi5Fkrv8+i/Xg+qfxvCKWJWiCEEKAmx8jUff+UfQ= =LxNm -----END PGP SIGNATURE-----