-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 02 Apr 2025 17:45:15 +0200 Source: openvpn Binary: openvpn openvpn-dbgsym Architecture: armhf Version: 2.6.3-1+deb12u3 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-ubc-05) Changed-By: Bernhard Schmidt Description: openvpn - virtual private network daemon Closes: 1074488 1086653 1101935 Changes: openvpn (2.6.3-1+deb12u3) bookworm; urgency=medium . [ Bernhard Schmidt ] * Cherry-Pick upstream fixes for various CVEs (Closes: #1074488) - CVE-2025-2704: possible ASSERT() on OpenVPN servers using --tls-crypt-v2 (Closes: #1101935) - CVE-2024-5594: malicious peer can DoS or send garbage to logs - CVE-2024-28882: client can circumvent management client-kill both (Closes: #1074488) * Run salsa pipeline in Bookworm environment - add d/source/options to make it build in Bookworm Salsa . [ Aquila Macedo ] * d/p/sample-keys-renew-10-years: import upstream patch to update expired certificates used in the build-time tests (Closes: #1086653) Checksums-Sha1: 022cd270fb5ad948b44ee0b46babfdc5f179ec9e 1231196 openvpn-dbgsym_2.6.3-1+deb12u3_armhf.deb 915ef9a1617fcaa87aba35be51b9082b3c9aa4b8 7546 openvpn_2.6.3-1+deb12u3_armhf-buildd.buildinfo a93d0c66178a2984551416b47b5b77d698ddd7cf 601520 openvpn_2.6.3-1+deb12u3_armhf.deb Checksums-Sha256: a9f7309bfb359e32fe85f5fe60fe80efa8c5949750e09fbbf460c85c401cb95b 1231196 openvpn-dbgsym_2.6.3-1+deb12u3_armhf.deb 96d778addaa129a46866e727c0c95e2e18c211a63aa35d631a22d64a0ef8b221 7546 openvpn_2.6.3-1+deb12u3_armhf-buildd.buildinfo 51144eda011b512a85109d57ff7d78492bc448b4a4f1e04fdd62f45baf8ae7eb 601520 openvpn_2.6.3-1+deb12u3_armhf.deb Files: 0049c4e1fdb42c6b0a67e4ebfa8ad6fc 1231196 debug optional openvpn-dbgsym_2.6.3-1+deb12u3_armhf.deb c1fd64eedd504b781430e755d2fde412 7546 net optional openvpn_2.6.3-1+deb12u3_armhf-buildd.buildinfo f73a12cfef8be7255db1725b4c6560ff 601520 net optional openvpn_2.6.3-1+deb12u3_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEmbvtGd+QaAE2Bi5fsFgOvjtRcdMFAmgeMf8ACgkQsFgOvjtR cdN23BAAj1dmgNrSaeAUZbvNyFUpB3/J99ECrKqUbv2vxEK6JPAwdOdEOzxYGZb6 mNird8JL4O3uabKPNiy1rqQZ97mJQiKQP1+dAiBzPld2AEmY2vJ1VPGpEsHlm9W+ DoCRQDvTAO1nRqL1ElpILLztWzwwAflKx7YwupVArEILJAEnwewq7ZEQTDtq43rP Iu7D0oTm0cnTHL7FDswQwmtDsTlAHuBqYv2wGqrSb/a1AFj4MKSyHHzvFzvsImMV AJHeUrGhXMmyGUz1NAPNec9I0ruIsiybQhGl13W8w5cfGxoQsVO0PIhKFiO7ozSY u6tgfdH72Y5j44WN51VlLsiH97dPaD1bQt0NMfvGpnKP5727THFxQaBcNs5KLs3T 7yCjHj5POolcA4+w4EAvQvsq65R+VqGtjSaWyD+miDdinPycxOOhDk2tZ8EDvphA fP+/dn+kY9XfWRTShcHxwkQHQeTHwqVgZ4GQibb5kl3FN7rSpXETSjKBsjsnWQs2 3kYCQe0qL54XCxvEIaPhpO3HJqSSuJkQGU3KJ1QFxds0qM2QTr54ebfkzkw0sGUV mRM0XZ3OuC6MTANGnieDug0z7j9L6d8UEODZtwlZzW9Y0pc/RTev/D7wabcFzXBf CFttrNT5D0AlJsFHkEHfVOc2d0tz79GGLz8mfL/pFG75V5jQw60= =99OH -----END PGP SIGNATURE-----