-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 21 Nov 2025 00:45:17 +0100
Source: openvpn
Architecture: source
Version: 2.6.14-1+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: Bernhard Schmidt <berni@debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Closes: 1114249 1121086
Changes:
 openvpn (2.6.14-1+deb13u1) trixie-security; urgency=medium
 .
   * Cherry-pick patches for CVE-2025-13086
     - check-message-id.patch: Check message id/acked ids too when doing
       sessionid cookie checks - bugfix for floating client problem, code
       prequesite for the CVE patch to apply
     - CVE-2025-13086.patch: Fix memcmp check for the hmac verification in the
       3way handshake being inverted (Closes: #1121086)
   * fix-ftbfs-kernel-6.16.patch: Fix compilation against 6.16+ kernel
     headers (Closes: #1114249)
   * d/gbp.conf: set debian-branch for trixie
Checksums-Sha1:
 e1e6a099664753eb6fbf5b6eea06e9b5ba62d57d 2275 openvpn_2.6.14-1+deb13u1.dsc
 cfca54fd0f3e3a06565cf4fec982d724b5e5c188 1926343 openvpn_2.6.14.orig.tar.gz
 db3fd993fd001167d31df92288b4d0f635fbf59f 65032 openvpn_2.6.14-1+deb13u1.debian.tar.xz
 05033d2c176c1c6e3232dd37f196985f587cf181 7382 openvpn_2.6.14-1+deb13u1_amd64.buildinfo
Checksums-Sha256:
 39fcc7547391e82f5199ce118f9cf64efaae2414cf99818abc1823ed7a0ac4b8 2275 openvpn_2.6.14-1+deb13u1.dsc
 9eb6a6618352f9e7b771a9d38ae1631b5edfeed6d40233e243e602ddf2195e7a 1926343 openvpn_2.6.14.orig.tar.gz
 8adbfdc417ec9646326cace5ba39db50cbf95e110d7b6f699b58888e4a77a198 65032 openvpn_2.6.14-1+deb13u1.debian.tar.xz
 39accde6a6af37c78b4f0cecfc70c7e56285cc0bdf06130f0ed6bad42eb8840f 7382 openvpn_2.6.14-1+deb13u1_amd64.buildinfo
Files:
 2c980089fcc3fe820b3b04fce9c84aff 2275 net optional openvpn_2.6.14-1+deb13u1.dsc
 20f7324bd5fdf7121d0f7b40a2c2b975 1926343 net optional openvpn_2.6.14.orig.tar.gz
 69bd34496719550bade52bc21ce98c38 65032 net optional openvpn_2.6.14-1+deb13u1.debian.tar.xz
 bc1836d6f0334fcb17be1ead9fdf6dc0 7382 net optional openvpn_2.6.14-1+deb13u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAmkswW8RHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJMOuA//crVDI6ij7LnMOlXyjIDyYClD/BFQ3ic8
hAE5SLAJCjE8mXi4mGq4HzbY2k34CJ0ttYPqe5FqNNsDe/AhhCv2gtxEK5c9caL8
57+ATf9UELyAZOzC734oOFb0RM6ftPT9uBHUpA3azFMY3+moOd4gElB2xkX3+1Ar
WiUrEoGUtKH/rtgTcq63eGgnZdFQZQDmNxUjR3gsAThevwRGu1NfJalDeIEGM8LI
Uaq8nfDZYSUK4ivPliSZLerNakt1N0sN5PyJ4tVy+WyIHRsOZJMCu3o3AExcrmnq
LkwYAfosmXl7b2+DNvTrerLHZLtSEnyE5fZ7/rs2ybyLiNB7M7D96n/i68Ivs2oH
9A2G5q4bs2k35RAo9WgSaqdeKt9WeFyzhUTedJ0pBQ94Z5Cqf9OzhuApiLHUYzKi
GeoDIau+3m9r52U+g+d0LBzmsz67zuzsVBTOWesjjtyExtQRuXArOKpmIu5ohdIK
y0EPuN/pCPwGEGpkxzmw5JWg7E3qGKv1wARXYif0MdMCQASORLXgv/U75F+LHZtO
gX7qJASU7bVM4SsL1CCIgzcc/yNWsRwgFDeHXzwrI7B0wUr31rlUG9Jgf3O8by6l
gR1f9d+QO8zaKmY7j/57Ns7NNyMvaiB2raO90NBm6jMt6BYIDKKyNAvYxkFIZP9P
I6XEcgqrGSM=
=FoRs
-----END PGP SIGNATURE-----