-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 26 Nov 2025 22:54:51 +0100
Source: openvpn
Binary: openvpn openvpn-dbgsym
Architecture: s390x
Version: 2.6.3-1+deb12u4
Distribution: bookworm-security
Urgency: medium
Maintainer: s390x Build Daemon (zani) <buildd_s390x-zani@buildd.debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Description:
 openvpn    - virtual private network daemon
Closes: 1112516 1121086
Changes:
 openvpn (2.6.3-1+deb12u4) bookworm-security; urgency=medium
 .
   [ Bernhard Schmidt ]
   * Cherry-pick patches for CVE-2025-13086
     - check-message-id.patch: Check message id/acked ids too when doing
       sessionid cookie checks - bugfix for floating client problem, code
       prequesite for the CVE patch to apply
     - CVE-2025-13086.patch: Fix memcmp check for the hmac verification in the
       3way handshake being inverted (Closes: #1121086)
 .
   [ Aquila Macedo ]
   * Add new autopkgtest for unit tests.
 .
   [ Carlos Henrique Lima Melara ]
   * debian/patches/CVE-2024-5594-regression-fix.patch: cherry-pick from
     upstream to fix a regression introduced with CVE-2024-5594's fix. Namely,
     "Allow trailing \r and \n in control channel message". (Closes: #1112516)
   * debian/salsa-ci:
       - Allow lintian job to fail. Sid's version dislikes things from bookworm.
       - Disable gbp setup-gitattributes.
       - Disable reprotest on bookworm. It can't run on bookworm, so the build
         fails because of build dependencies problems.
   * debian/tests/unit-tests: enable unit-tests in configure and be verbose.
Checksums-Sha1:
 5efbab515eeafa498665ef612551bc333b62a084 1234124 openvpn-dbgsym_2.6.3-1+deb12u4_s390x.deb
 b9bf075fcc6f77d4a4d09de630315a38632bfdc0 7722 openvpn_2.6.3-1+deb12u4_s390x-buildd.buildinfo
 b8cd35e0191cd14b552b38ff3db79a235abe45b2 604804 openvpn_2.6.3-1+deb12u4_s390x.deb
Checksums-Sha256:
 70842f9aafa4dac9fb42f33fccb79ef70614979b1ce5620cb54d1342de5bd6da 1234124 openvpn-dbgsym_2.6.3-1+deb12u4_s390x.deb
 695f92696bab3173c9f2a053d1ecd6f4827a1a1b909b0da7cab951032aec0835 7722 openvpn_2.6.3-1+deb12u4_s390x-buildd.buildinfo
 eff3359bc77abdb7cb44e3a629df4d5d9daa0fde5984d37bd853f77c6d27028a 604804 openvpn_2.6.3-1+deb12u4_s390x.deb
Files:
 20b8034aa64a80fed1b7c836ee07f161 1234124 debug optional openvpn-dbgsym_2.6.3-1+deb12u4_s390x.deb
 8f866e54786dd5bffcee79f7ee04a7b5 7722 net optional openvpn_2.6.3-1+deb12u4_s390x-buildd.buildinfo
 0d5628d8ec55a0c36415cf6731efac3a 604804 net optional openvpn_2.6.3-1+deb12u4_s390x.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEgh4msZ+e2PZfd5KckaCrxAR3BY0FAmksyEQACgkQkaCrxAR3
BY1cuBAA0bggCkVMs0qGnGyBmcA8ZlW+cb2VqSZZJ9L6pZrBdVCNEiOA3Ibdh+7/
urqlB4RyyP4UXNGG4I9pbB6CJLm/jkZszDtzJMHblr7krvUL9l3k7ChCn+5ax7Mv
/T5W7177E0vc00jsVGMtDGfDU8Ne/guXukfgHEx0hSNxh5NjM9zve7LKJw6OGox7
uxxE5+2cPMAEXpmZ3W8sJ6hvNQZH9kZghq6odi6M05mfPQcHW+KgzWKME4kRrMS7
gWk77xgN4BLh4ljdbXiOiSKBcavmQrpo81uJ8Zm6UIELVMyOXD/bm4cg15TQEyf5
Kimoro0azvyrg0jFWH/gM8aTDPSpLvsRycoO6qOh78DDk5kCdyz3C4NQpsH4pSzl
+GS+Wn1dRf7ikVm8Yiz3vD35W9DDLKYI2jzzjdOg2j6/x3bfvF8+VwKczagKPFlr
83un5WJotHIELUchi3gzXsmlknuXyglRHDJhfGjvVGqwZnQU4mZu3TWfgj8bFD7v
STS+4u4mRWDVdo0pF9Gl15s94m7oC/YC1Wwzd68UMtVYPbOikbfGVSEV/itxrko3
4bk34CRNuPN2xA1caeQnEiWUu14ZH00xBQAFx2n6WZGfAbSMz8H2LDc8aytPyDtj
bitV4BwHglfXSs6+581+VtlZzKX9ABVlB47uFkAH6hZiy4c8nGc=
=1U4g
-----END PGP SIGNATURE-----