-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 26 Nov 2025 22:54:51 +0100
Source: openvpn
Binary: openvpn openvpn-dbgsym
Architecture: i386
Version: 2.6.3-1+deb12u4
Distribution: bookworm-security
Urgency: medium
Maintainer: i386 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Description:
 openvpn    - virtual private network daemon
Closes: 1112516 1121086
Changes:
 openvpn (2.6.3-1+deb12u4) bookworm-security; urgency=medium
 .
   [ Bernhard Schmidt ]
   * Cherry-pick patches for CVE-2025-13086
     - check-message-id.patch: Check message id/acked ids too when doing
       sessionid cookie checks - bugfix for floating client problem, code
       prequesite for the CVE patch to apply
     - CVE-2025-13086.patch: Fix memcmp check for the hmac verification in the
       3way handshake being inverted (Closes: #1121086)
 .
   [ Aquila Macedo ]
   * Add new autopkgtest for unit tests.
 .
   [ Carlos Henrique Lima Melara ]
   * debian/patches/CVE-2024-5594-regression-fix.patch: cherry-pick from
     upstream to fix a regression introduced with CVE-2024-5594's fix. Namely,
     "Allow trailing \r and \n in control channel message". (Closes: #1112516)
   * debian/salsa-ci:
       - Allow lintian job to fail. Sid's version dislikes things from bookworm.
       - Disable gbp setup-gitattributes.
       - Disable reprotest on bookworm. It can't run on bookworm, so the build
         fails because of build dependencies problems.
   * debian/tests/unit-tests: enable unit-tests in configure and be verbose.
Checksums-Sha1:
 871c8dfd78ead3b2db09014d499268a9398cc675 1120392 openvpn-dbgsym_2.6.3-1+deb12u4_i386.deb
 d1ab0740cceafc07dab040f4c4fe7e39e92a4b05 7775 openvpn_2.6.3-1+deb12u4_i386-buildd.buildinfo
 999ebca170675f1e8d876e136c3fee89849779dd 689900 openvpn_2.6.3-1+deb12u4_i386.deb
Checksums-Sha256:
 eda37625fa5a8e3dee97f8d71774da2ffd4c6d9b601c58d26488228663519101 1120392 openvpn-dbgsym_2.6.3-1+deb12u4_i386.deb
 56eb3209c5436dcb5773d2d191959edda2c68866f50f4cea3523a04744f2f3c5 7775 openvpn_2.6.3-1+deb12u4_i386-buildd.buildinfo
 889ac231065f93d2336fbc3493c0bf72aad5dc8b4628df32d03e4b852cee0dc1 689900 openvpn_2.6.3-1+deb12u4_i386.deb
Files:
 9bc87b9fb71ad9f59db3d636078184ad 1120392 debug optional openvpn-dbgsym_2.6.3-1+deb12u4_i386.deb
 01730d02e1715d65549ddbec1538e3f6 7775 net optional openvpn_2.6.3-1+deb12u4_i386-buildd.buildinfo
 6f344c291d55717c98ef6355c7b63c1f 689900 net optional openvpn_2.6.3-1+deb12u4_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEv2qEY4xQXyY/2dWIvGw9w6VrLCcFAmksyBAACgkQvGw9w6Vr
LCfBTA/7BSwru9t4hhO40WqYEwc6E83KYTCvjqxVffRzGrOj4ixjMk4gFGwU+W3I
pIkrnKJ3WC6GS69ObNfCChVmUhQG825O7F6nj0GQY0HUVPg1KkfBrWp8rD/bEZ1C
xznGrpOCdBoJ7GdIUZ1y24+EJsDlVUEdnqdt22nLjaUmFc7RCJsiWRx+sIeIXF6o
Ta9OXlhGS0OhGk3YrucqdPjMLNIELnu67lJcdf2BcI+W0t8xd5mEKbPVf2FstNg8
RNzCPdOc9wnK57TlLb93+VjKLOe/YNBpg/qo/yyV/UOdVSdBcmyKkohEJjyjoO0a
eEkcs/0bGcKI3+o+xNBwGozVBAEhwZ48/okitt7CX3T1nE4zpeECFH8M0F18Cz2x
LQl0wKAAu3+m/QDVEEYCeJo5pBKB3hRUWtzSgFhexA7t4vKh3uG24K1olG9M2Ja2
fXQrsjmw5Pp4mxEp560+oyIeScMfjLPg0ArgKCkzb6o3BkugXOAJcBJwnuA/yXz7
PJm32H/Z5WenEihRy4I69U5dJLFEmo6Va+J+DGD/irZKk97l3Dy4LtbtZqad++eB
fdjcuKC4LZTR0X1fz0vVdAn0N/HYXaEmEZAT5O+wlJedtE/gq9V38ttsaakRTPSl
uhxaBIIC3orLtmDE9u6FX/Ifs6SzSHDYR/rTO8upV/+8vDkZR9w=
=C+AX
-----END PGP SIGNATURE-----