-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 26 Nov 2025 22:54:51 +0100
Source: openvpn
Binary: openvpn openvpn-dbgsym
Architecture: mips64el
Version: 2.6.3-1+deb12u4
Distribution: bookworm-security
Urgency: medium
Maintainer: mipsel Build Daemon (mipsel-osuosl-03) <buildd_mips64el-mipsel-osuosl-03@buildd.debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Description:
 openvpn    - virtual private network daemon
Closes: 1112516 1121086
Changes:
 openvpn (2.6.3-1+deb12u4) bookworm-security; urgency=medium
 .
   [ Bernhard Schmidt ]
   * Cherry-pick patches for CVE-2025-13086
     - check-message-id.patch: Check message id/acked ids too when doing
       sessionid cookie checks - bugfix for floating client problem, code
       prequesite for the CVE patch to apply
     - CVE-2025-13086.patch: Fix memcmp check for the hmac verification in the
       3way handshake being inverted (Closes: #1121086)
 .
   [ Aquila Macedo ]
   * Add new autopkgtest for unit tests.
 .
   [ Carlos Henrique Lima Melara ]
   * debian/patches/CVE-2024-5594-regression-fix.patch: cherry-pick from
     upstream to fix a regression introduced with CVE-2024-5594's fix. Namely,
     "Allow trailing \r and \n in control channel message". (Closes: #1112516)
   * debian/salsa-ci:
       - Allow lintian job to fail. Sid's version dislikes things from bookworm.
       - Disable gbp setup-gitattributes.
       - Disable reprotest on bookworm. It can't run on bookworm, so the build
         fails because of build dependencies problems.
   * debian/tests/unit-tests: enable unit-tests in configure and be verbose.
Checksums-Sha1:
 8834bce7c56cfc9a31890e12f6d8ae40d920ed6b 1315776 openvpn-dbgsym_2.6.3-1+deb12u4_mips64el.deb
 7810e102814dc8da89028d3b4351b463f26683a5 7639 openvpn_2.6.3-1+deb12u4_mips64el-buildd.buildinfo
 b653e161fbc566b6fda8512306fcfb2629060121 621080 openvpn_2.6.3-1+deb12u4_mips64el.deb
Checksums-Sha256:
 ee0cd1be48c6ecbbe5fbf111c9c68d09a866d70b430881df61327534316a9c45 1315776 openvpn-dbgsym_2.6.3-1+deb12u4_mips64el.deb
 ee12a32b6f5144e716b52e6d80d14627ad96b13e7edc6b5ee0fb03df6a8aba1b 7639 openvpn_2.6.3-1+deb12u4_mips64el-buildd.buildinfo
 88161182b232b30c9ac838ea44b47aa896bdd3fd63c14dabf630978e056085ec 621080 openvpn_2.6.3-1+deb12u4_mips64el.deb
Files:
 b2c4a08fbf62db9bc2aeb2ecba4f6369 1315776 debug optional openvpn-dbgsym_2.6.3-1+deb12u4_mips64el.deb
 2d1b41b3a53fb4d12a3ae138d60111a0 7639 net optional openvpn_2.6.3-1+deb12u4_mips64el-buildd.buildinfo
 6ab7eb3756f96dfc5e0d309f4bd0d68b 621080 net optional openvpn_2.6.3-1+deb12u4_mips64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEesE3YcWKZXIkRPMemf85J+x5/aoFAmksyJsACgkQmf85J+x5
/aqRJA/+LkzrdPJUO9MydMz+KeaxObl8bjKiGV7o6Jd/8+yIoHyLlRKt8NCP+hvp
3pjV5D4743E0A5bWQ7f3NlEiq3Jx+YXh/IUztjgTKWiGgNXv+M7tV3NjZ0bWzheO
wnYJGdfFYjUh6YyufW/WsMKt1Wau3kS/H6Xi3OkrWclYIB43wcjhfKElWB2hRzQX
YwYGSbWRyI3bNjekGDWB4P4FP/GKbJgMeFNsKPvPdMrmr2hKkCB6DIt1nqSth52m
D8BhLsog/qsuCFlFN9R77Nr8mPmmbaiF+Lzc3gttc8RJeqh3/AZtQC0DU+09YSse
NivoW04bFBwJbmBc+Bd4vV+YOchQCcyd1eAU6A6F4H9/sFOd5oD9exf/P1EQV7LZ
2IWL+cqhJuZoEjUlwEaARPjrNggIvvqxBJ5Xj6GtiYtxnbjMO6q1WQeFqOFk9PVI
gkzJuwcQnmyYdeQFqhwtPRnOOFSdWkKT2vh9vcbrWZFaw69F5GWC5tRkEWw8/I7g
5ehAHLMo5//N9PdKdWMLP+x6m3pp8CAEZO3SZo6SE1hzmdQQSAoEeaW7jR+NNwl1
+s4CeB4wya4r5FbAsrfsSmdX0UJ1REKKf9dlkeqtPva8Jz1q3YRHjVhz2Q18WfrU
L5f5D32yBpCqDZ8FbxjDgdwCUw34zkweyLQvnvLDLQTodVxCB88=
=YUXs
-----END PGP SIGNATURE-----