-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 02 Apr 2025 17:45:15 +0200
Source: openvpn
Binary: openvpn openvpn-dbgsym
Architecture: amd64
Version: 2.6.3-1+deb12u3
Distribution: bookworm
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-csail-01) <buildd_amd64-x86-csail-01@buildd.debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Description:
 openvpn    - virtual private network daemon
Closes: 1074488 1086653 1101935
Changes:
 openvpn (2.6.3-1+deb12u3) bookworm; urgency=medium
 .
   [ Bernhard Schmidt ]
   * Cherry-Pick upstream fixes for various CVEs (Closes: #1074488)
     - CVE-2025-2704: possible ASSERT() on OpenVPN servers using --tls-crypt-v2
       (Closes: #1101935)
     - CVE-2024-5594: malicious peer can DoS or send garbage to logs
     - CVE-2024-28882: client can circumvent management client-kill
       both (Closes: #1074488)
   * Run salsa pipeline in Bookworm environment
     - add d/source/options to make it build in Bookworm Salsa
 .
   [ Aquila Macedo ]
   * d/p/sample-keys-renew-10-years: import upstream patch to update expired
     certificates used in the build-time tests (Closes: #1086653)
Checksums-Sha1:
 d34d1142fff24b7011296023a6c378e28f09d22d 1258728 openvpn-dbgsym_2.6.3-1+deb12u3_amd64.deb
 d30eed650936e31506b769965c333a6334821ad6 7671 openvpn_2.6.3-1+deb12u3_amd64-buildd.buildinfo
 865496ad58e5405eddc8a31ebdd0c199bb7ee685 651728 openvpn_2.6.3-1+deb12u3_amd64.deb
Checksums-Sha256:
 5fab5fb4cd901928944e8a37e3b700822c74eab61ceba14feb30601f21de0e1f 1258728 openvpn-dbgsym_2.6.3-1+deb12u3_amd64.deb
 e3c3ba34d783a0023e35269f8c3e4d7c03585727756d2b1b850461d0dd855032 7671 openvpn_2.6.3-1+deb12u3_amd64-buildd.buildinfo
 66bf8cefbc5c03e17aa7a463d1a5874ab35af3fda20eb2c9eb4649480063929c 651728 openvpn_2.6.3-1+deb12u3_amd64.deb
Files:
 d15e6889e211e3b67530cb9a66b21427 1258728 debug optional openvpn-dbgsym_2.6.3-1+deb12u3_amd64.deb
 550995eeac1a3950e268a29134e2bf2a 7671 net optional openvpn_2.6.3-1+deb12u3_amd64-buildd.buildinfo
 f8b77ce4c77c59fd838e675ea786392c 651728 net optional openvpn_2.6.3-1+deb12u3_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXNeYFUF3FbHcrtSeIy3Pg040HrAFAmgeMUoACgkQIy3Pg040
HrBKlBAApTFynUWJ42L47b2hRFOwvzP4taQx6atVEPMCpH/v6fXObQPNRP6xmLR2
RmxztfnKzA+c52AnFWxlwwglDmtnq9AaIw2a0GLbEd7vAGdzkUN5KBnl7JnEqJGb
5EB2ipAlEEJOkpPmPkUWrm5GOrLk++iyx6QbOcVdXXHiMdbg4i3sScIOe3Oh0yNC
NDbYTyoiFYdijp/rYqPK3UFJJ5wyBubF7kI/Ov/C+7hKvt4ONO73eYLsOIqGZGhK
VLBHWeqizsWWxrmQf3hmWCk6YaO0MZOv9S3GYdDvkYuJiXbcfeJmMxx6wkIb4R1c
zx7RIfjKwdDVn8ljRr0fGPhi7wY2jlgWU2LhYzbF3RkF8Ak0T5rcPWtK6m2RxEXh
8UO6l/MXo1cXE5j6S3A5Z3Wz8unmswA/PrxzqcBewcLtoomw+ZECfdPJ4B2KqaNq
hWL0/OVx5CrVWnJBfuR7lVBx7boQ61me27v1u33mPJ/XtrCjxm2NZuHyQqXUHxzT
sGQj3gx4d8cnv2BLK7kWHJZ9FaVW9hjr3B/WcekGNKsVlvPYHaB+w/CdOsfP92Om
AoILXLObrgwwKkFJnKwW5qrE6euo1r+BIZNkTv1VEjXdI0lTZ8swcE/K1FhI1huv
Q94sln0YAqToz2GB2X1ndXZCTw+pk4Z6PyXB2wt+VDKcx5E7nKI=
=nLRj
-----END PGP SIGNATURE-----