-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 02 Apr 2025 17:45:15 +0200
Source: openvpn
Binary: openvpn openvpn-dbgsym
Architecture: i386
Version: 2.6.3-1+deb12u3
Distribution: bookworm
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Description:
 openvpn    - virtual private network daemon
Closes: 1074488 1086653 1101935
Changes:
 openvpn (2.6.3-1+deb12u3) bookworm; urgency=medium
 .
   [ Bernhard Schmidt ]
   * Cherry-Pick upstream fixes for various CVEs (Closes: #1074488)
     - CVE-2025-2704: possible ASSERT() on OpenVPN servers using --tls-crypt-v2
       (Closes: #1101935)
     - CVE-2024-5594: malicious peer can DoS or send garbage to logs
     - CVE-2024-28882: client can circumvent management client-kill
       both (Closes: #1074488)
   * Run salsa pipeline in Bookworm environment
     - add d/source/options to make it build in Bookworm Salsa
 .
   [ Aquila Macedo ]
   * d/p/sample-keys-renew-10-years: import upstream patch to update expired
     certificates used in the build-time tests (Closes: #1086653)
Checksums-Sha1:
 288285aa55b7c56620371718db489c4ff67c9170 1120808 openvpn-dbgsym_2.6.3-1+deb12u3_i386.deb
 f318e581c56fe0e46ea6f5cd66f338d89cb417d6 7611 openvpn_2.6.3-1+deb12u3_i386-buildd.buildinfo
 4c6c035fd57ef9f0f0c67bf8f56976c8b2d60eb5 689700 openvpn_2.6.3-1+deb12u3_i386.deb
Checksums-Sha256:
 f095c8310eb7daecc2d18d8d10668a3345d632655be49a4e321340a24e5b619b 1120808 openvpn-dbgsym_2.6.3-1+deb12u3_i386.deb
 94b551d698b30250b7eeec9d9f8c055ef0972bf26cf365339df791c92a850731 7611 openvpn_2.6.3-1+deb12u3_i386-buildd.buildinfo
 4cde07be592030f161209e3877680e8593b3a6b9458ccdf100a2a6bbf17c269c 689700 openvpn_2.6.3-1+deb12u3_i386.deb
Files:
 a0c46ea075b7e33670dd935305cd4c79 1120808 debug optional openvpn-dbgsym_2.6.3-1+deb12u3_i386.deb
 b75f92a6955eeaec9f2358f1bd6248b2 7611 net optional openvpn_2.6.3-1+deb12u3_i386-buildd.buildinfo
 37fa48af178eef3978c5defd00bd1c7e 689700 net optional openvpn_2.6.3-1+deb12u3_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEaPzFtKPtF0JrKPV5iZlfn74WV6kFAmgeMWMACgkQiZlfn74W
V6munRAAiwIB6Lh+Pxj/ITJdUpPKkPkq6x+d9qrOcwynAgXeQESqzRX5RZKotRUh
NhUrpxPwUQ7bR+YfN5XoJtm3AuT/wD9RgW4YKqG1r2rSo9UwAMV5t6Dw7Auskk7P
8s6gyGb9pHJ2hm0Bz1pBZ2uC5swMxUHn9VcMTfB76vg0J5gr2F1QZPkh8lcxVimq
ZdQFenc0Di+l8TvO3z43zBDnhpLSVqCKx5fWNGG9qJJWXBOfJbrUSCogfAu25wYo
vvg8G3AgQHOuObsx04hU0ic/sXyRkJFo2jGOSjzpkueevx2/hLXMyJ/PbrMVzQjf
D1U0UCSstAiEWuTZArzDNfBQlYUqDoAIlyoJSP/wndVA/R10HYtXDatOm2X7hEGy
kflLkv3ZeG12+5vMMYhqnD/av/5l1mDexFNO8h9k2w7qJC4Sjyrib9IlPDgboGxs
0/yCENHwEclrNVBLQJCEmBaxdSmEjXVsaM49dsGcMR42HwEBT/mqbmB8uZLynMn7
rJaS+xBPbCE75oBzAdKxxINmmMVW/hNZ6c2y+PN87C+HpXDFzHKbziKZ9DrqJi01
nOTKyDeGUDaa0Y/aN06rUFbzbnUz2/aRKXtL5+vIbjHiiVy7uy+lyvF2JiGUVLgv
XgwQMk1jop4Qxfks00UJA1ehycpHRz4Mj8OhsOnGaPdQspX1hRk=
=kMMt
-----END PGP SIGNATURE-----