-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 02 Apr 2025 17:45:15 +0200
Source: openvpn
Architecture: source
Version: 2.6.3-1+deb12u3
Distribution: bookworm
Urgency: medium
Maintainer: Bernhard Schmidt <berni@debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Closes: 1074488 1086653 1101935
Changes:
 openvpn (2.6.3-1+deb12u3) bookworm; urgency=medium
 .
   [ Bernhard Schmidt ]
   * Cherry-Pick upstream fixes for various CVEs (Closes: #1074488)
     - CVE-2025-2704: possible ASSERT() on OpenVPN servers using --tls-crypt-v2
       (Closes: #1101935)
     - CVE-2024-5594: malicious peer can DoS or send garbage to logs
     - CVE-2024-28882: client can circumvent management client-kill
       both (Closes: #1074488)
   * Run salsa pipeline in Bookworm environment
     - add d/source/options to make it build in Bookworm Salsa
 .
   [ Aquila Macedo ]
   * d/p/sample-keys-renew-10-years: import upstream patch to update expired
     certificates used in the build-time tests (Closes: #1086653)
Checksums-Sha1:
 234181fed3ca02a9786cd71c15ccadfe6f9df560 2239 openvpn_2.6.3-1+deb12u3.dsc
 5677f202760ad0f1590ad1ded7b9c5092b9d613d 110692 openvpn_2.6.3-1+deb12u3.debian.tar.xz
 9316b6363aa8d3c77c3cec8a0ef5393e163c3445 7965 openvpn_2.6.3-1+deb12u3_amd64.buildinfo
Checksums-Sha256:
 d7f87fa51914fe4dc925fb96aba6083ba0c5b769c2fd0c7b5b87bad245b238b6 2239 openvpn_2.6.3-1+deb12u3.dsc
 f928ab8010bab9af4bdb88e431048b887615805df09051c4489ade23e3c76b7a 110692 openvpn_2.6.3-1+deb12u3.debian.tar.xz
 9b214eca8010d9d01f50269d3d33f6de422c11d7f016d4233106d10f31b4ec08 7965 openvpn_2.6.3-1+deb12u3_amd64.buildinfo
Files:
 1ee22f3780cff7fae951ee551c4d5aa2 2239 net optional openvpn_2.6.3-1+deb12u3.dsc
 76ef3d8eeab64cd7619425fb83586581 110692 net optional openvpn_2.6.3-1+deb12u3.debian.tar.xz
 a1b31c6088d34113b50679a0791ac371 7965 net optional openvpn_2.6.3-1+deb12u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAmgeGNoRHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJORSg/+IlczN0yTRkCepGru1mv78+5Pdd4rWm9L
oRGlyYebI2XOw+sNg4bP/BPgt6AgT3nXEjDMUb3drLoEnekG27VmrjNufY7+3Dkc
m1sOBlTGZEt17sF8kbMPhlyeqkEPjp3gknRNSfbI07kPV2FluHBJt+mgcfMrePxA
SeUcWgdowumXaehTwVrkG+uFNQr0x9MQ4Av+ID8x1HOdZJ7iERSNLAQ0ryKasW5N
UDPbzXOhNyCqsIXDYc1YpGzl5JUTZu82h/eCwALM68cter5B1WtyeMXNX9xPU+XG
i1lrQM1CyA0wIt9LM75aDugwd0Yhu+lwZKf38EtZ3J2hFrW40bYpj493yb6reWwF
CA6U8r3/JXUJAnbPVgNbqajhjPRfR99+5gCsE8n3TcRwQuF9FO1mRfjBlkosPoDH
UoqliTFmizEM+SjTQLk4WSk/VRKnODXGZpTR8KbT+BEOtHEQ1R6RYUIzShU7bH77
hfYnV79mr39/S1pEHSQ4xkXdC963aKeU20NcPGlPUR6iCvkEbE8xS1yIXZq+Spfe
9sq9pUKiX98w0ZrvPpDLS2fCq6KcjxnJZ6tFrNLAtVf0xrXizHxS3Zuo/LG6mO3K
D3pmL3Zrz9BI0t+Q803i794lMwLknQou07lXfMh938vr3AXYFnw7gM0BD2Pns5vb
JMDj+vF91xs=
=LcKC
-----END PGP SIGNATURE-----