-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 01 Jul 2026 22:20:55 +0200 Source: openvpn Binary: openvpn openvpn-dbgsym Architecture: armhf Version: 2.6.14-0+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: armhf Build Daemon (arm-ubc-06) Changed-By: Bernhard Schmidt Description: openvpn - virtual private network daemon Changes: openvpn (2.6.14-0+deb12u2) bookworm-security; urgency=high . * Cherry-pick upstream security patches from the 2.6.21 release - CVE-2026-12996: Fix use-after-free bug in ack_write_buf(), triggerable by a well-timed sequence of control channel + authentication packets - CVE-2026-13117: Fix use-after-free bug in tls_wrap_reneg(), triggerable by suitable sequence of dynamic tls-crypt control-channel packets - CVE-2026-13122: Fix server crash on reception of suitably malformed auth-token, if --auth-gen-token external-auth is active - CVE-2026-12932: Fix memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes - CVE-2026-11771: Fix possible 1-byte buffer overrun on NTLMv2 proxy responses. - CVE-2026-13698: Fix another memory leak on reception of suitable tls-crypt-v2 packets that could lead to an out of memory situation and server crash Checksums-Sha1: c28d870572af3769a354a05d09602100d7f313fb 1236868 openvpn-dbgsym_2.6.14-0+deb12u2_armhf.deb 7e2db3f50afd0460aef9b8add89ef8e6f586ad53 7714 openvpn_2.6.14-0+deb12u2_armhf-buildd.buildinfo 32c3bedc5917f328540d9c0829b6a904267f55b1 613644 openvpn_2.6.14-0+deb12u2_armhf.deb Checksums-Sha256: 0e4cb7a130163c52f4240b72e076460841f20573dd2c2eec6def2a631dcb0fe7 1236868 openvpn-dbgsym_2.6.14-0+deb12u2_armhf.deb ef315c6f5d66c311221bdccf338e4c242228f0091366fcb9fd5502d15ee9492f 7714 openvpn_2.6.14-0+deb12u2_armhf-buildd.buildinfo 9fdfe1a27edf08c91801eeecff5008c407b1a13fec6b04bb611b4efe2edf1f29 613644 openvpn_2.6.14-0+deb12u2_armhf.deb Files: 91bd01e7c8365f567178b1b5332a6feb 1236868 debug optional openvpn-dbgsym_2.6.14-0+deb12u2_armhf.deb f29e2ba3190f8fd780067ba21d608e5c 7714 net optional openvpn_2.6.14-0+deb12u2_armhf-buildd.buildinfo af94ad22c2d19798f4786b7101a86b55 613644 net optional openvpn_2.6.14-0+deb12u2_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBOUsBrtd5lcy6oRfutMAkCxKbL0FAmpG5p4ACgkQutMAkCxK bL346g/9Gg2V61FIs0YCLTwzTg/VBPLfysFxArbo4bJ6SFzmyTIoQJRx2Fg15v58 MuQq9iYb4G/B18gXC6PsBJlYNyEs7BbJ6Bc3nPD+otC6uKa+SMcP1R49KxauLC4K oxZCm2ze2fMjoUhLCO3sRCuMvAar9WgpfzLHb6AE+S+fVYz+t4H0bG/ujYlp5vmt lcJoBMl52b9iTUy3XtLxwsAimz+Tfp34y3F0vy65HyVyW65j6XnAWp2X96WZlBnK HLvgVM5HEQ24S45Nk6fkUv8q1Vxr+gECz+hyGJkL+BSiUIsA4+x+cwZazbp9H2Yz J+BybH/ZW8tKUBboVs5QG5rxK9wS8Vi5PtKNPCWI1Tx0FQRk+xakpxqycaYeZGYb 5Z8SqqmP0OTqAbgWGxA9QS1PhHIXliTJHm80O8hFqsG16cKmAhWqci4Mu9l7YaEQ +ZAwrduMnSeYmRefkUc9gjgpdVQ2rjcWkJheb6t0CJOXey/83SFCAXCm6w/Ov62D L/9oP4lF85ZrmfalhsW7UbjnhKXbWy7LpCXAabr2Me055QjXbblmcrtyMuCjseUE mkEmmiga0CRyFDcAlqKZ5q9W2taVtu5wGaqsylQyAqakaIoiDcfOxZBuIGiED1Qs Pk/wvRMdzeYNHCgtON/PdS98l1BDGPSnvuEB0AVukvWABcEqbT0= =KRHH -----END PGP SIGNATURE-----