-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 21 Nov 2025 00:45:17 +0100 Source: openvpn Binary: openvpn openvpn-dbgsym Architecture: armhf Version: 2.6.14-1+deb13u1 Distribution: trixie-security Urgency: medium Maintainer: arm Build Daemon (arm-conova-04) Changed-By: Bernhard Schmidt Description: openvpn - virtual private network daemon Closes: 1114249 1121086 Changes: openvpn (2.6.14-1+deb13u1) trixie-security; urgency=medium . * Cherry-pick patches for CVE-2025-13086 - check-message-id.patch: Check message id/acked ids too when doing sessionid cookie checks - bugfix for floating client problem, code prequesite for the CVE patch to apply - CVE-2025-13086.patch: Fix memcmp check for the hmac verification in the 3way handshake being inverted (Closes: #1121086) * fix-ftbfs-kernel-6.16.patch: Fix compilation against 6.16+ kernel headers (Closes: #1114249) * d/gbp.conf: set debian-branch for trixie Checksums-Sha1: 8c9946f3f6fbe642a70e5c75c202463b7b399327 1256396 openvpn-dbgsym_2.6.14-1+deb13u1_armhf.deb 76ff721d22b9bc4f382c0a8f5b4595ec20af36ed 6971 openvpn_2.6.14-1+deb13u1_armhf-buildd.buildinfo 3c1d8118822a1483dd1a4d37604fce6ad790f749 616876 openvpn_2.6.14-1+deb13u1_armhf.deb Checksums-Sha256: 6edfd0897b2477f5eb09bfcb010d98df308304f7a3c5c1e30aef246dfbdfde2b 1256396 openvpn-dbgsym_2.6.14-1+deb13u1_armhf.deb 159b947288264be313a6183949a3b689cef9fd112acca7ad718e7985626e3573 6971 openvpn_2.6.14-1+deb13u1_armhf-buildd.buildinfo f8fe73517c764320d87c3846ceb0ec3f9be3b3357f0e0a01c52bf8c3cdd170a7 616876 openvpn_2.6.14-1+deb13u1_armhf.deb Files: 6bc495484cc2d85cc54b821e37f4c1fd 1256396 debug optional openvpn-dbgsym_2.6.14-1+deb13u1_armhf.deb 2c1a17ab6e08d20eb1aa13c2174d3209 6971 net optional openvpn_2.6.14-1+deb13u1_armhf-buildd.buildinfo 9f17157b0bab13ceec31152b4055c9e7 616876 net optional openvpn_2.6.14-1+deb13u1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYxmcRLDHP0tCCM0oScpU3dYulLgFAmksyFMACgkQScpU3dYu lLircBAAhYUbqpEcIZ4WjecSvsyKwUJJ70NVxpIzCFL4yhF5aMQlvY+xUWGBLaze aWVLgQc2XQ2NP51aS+nNSeN6T/R8V+tpYsw7PVkoLHhqu28GkvDLG+Dpx/XqWxBO u7iMAPAxbI+a+ecVgT5EuDy3hjHocILHy3wzCcxfxhDYDYFe1ckRYtmSN3aOWTIG m3bSV5boMslI6h+kOlh+ler2rBfRsBuZmcyPFiiTyw3ToUT05qgaBko/Rabq51Y7 4uN1UIAehzV97LsMZU28Lt3ZPNea4f2tVaPt1DNq8JLlP66kBpLJW0ptCDi/ic3w JshDI7v+LYxfgNNNz3vxXUqzHSdcc40AsLSoikjBkPGi/bSuzKY2m+aECek/rmn1 4gqPfV82Xf/WpppLMEQ8oQ25EQI66kVMBy0fzX5nEAjUrtKl6/NJQ3H/004HAdf8 rKVNcticDpy+isDp2sBjeZypV4ESb0ZfXHaXrloLGxAadHpNEpZMOg0VAN2jSbgt 2WKpLK+f0KXFjF5SweKKxxq2102GbKuHnpIS5+EU4EnRK4m3YcmgImPHNmldtomY XDYatJVPjCPZEFYVhNL42CkCWHBhXDA7VdkB3s/+kVQrKkBK4mKUhZhoqtoLyIg+ jmcE8xkgsvn6QD16mZZiIv/vXL+cdp6GW1Fk7+1lUXtrGe+hMl8= =mnHY -----END PGP SIGNATURE-----