-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 01 Jul 2026 22:20:55 +0200 Source: openvpn Binary: openvpn openvpn-dbgsym Architecture: armel Version: 2.6.14-0+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: armel Build Daemon (arm-ubc-01) Changed-By: Bernhard Schmidt Description: openvpn - virtual private network daemon Changes: openvpn (2.6.14-0+deb12u2) bookworm-security; urgency=high . * Cherry-pick upstream security patches from the 2.6.21 release - CVE-2026-12996: Fix use-after-free bug in ack_write_buf(), triggerable by a well-timed sequence of control channel + authentication packets - CVE-2026-13117: Fix use-after-free bug in tls_wrap_reneg(), triggerable by suitable sequence of dynamic tls-crypt control-channel packets - CVE-2026-13122: Fix server crash on reception of suitably malformed auth-token, if --auth-gen-token external-auth is active - CVE-2026-12932: Fix memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes - CVE-2026-11771: Fix possible 1-byte buffer overrun on NTLMv2 proxy responses. - CVE-2026-13698: Fix another memory leak on reception of suitable tls-crypt-v2 packets that could lead to an out of memory situation and server crash Checksums-Sha1: 7d02e49d0f832c44f757ed56df054ae831312afc 1232772 openvpn-dbgsym_2.6.14-0+deb12u2_armel.deb e1c1c12230078f6b6c76c064a81818e99cca6053 7712 openvpn_2.6.14-0+deb12u2_armel-buildd.buildinfo 17ff462a8a635bdc68eacbe6f2373e3f90f50858 607552 openvpn_2.6.14-0+deb12u2_armel.deb Checksums-Sha256: 946afcc7bf6ae511de108ece2a7a986072651fb0ca71bd6fb8d5dbfae04302b8 1232772 openvpn-dbgsym_2.6.14-0+deb12u2_armel.deb 5fbc078ee01ace40beaac6f1daf3c84893f3f6a82f4194d2aa6da0b8e7299a1e 7712 openvpn_2.6.14-0+deb12u2_armel-buildd.buildinfo 8f62297f81aa2d3c85b91f27ad5ac7c78630290ad671cd5be2fe28858f2629fb 607552 openvpn_2.6.14-0+deb12u2_armel.deb Files: 67017dbf23822dbadd5d079cf59c4576 1232772 debug optional openvpn-dbgsym_2.6.14-0+deb12u2_armel.deb 7fe7670ae9c19fdab342a9cf6ce4f0d6 7712 net optional openvpn_2.6.14-0+deb12u2_armel-buildd.buildinfo f272dc518c11b5b2c3bf1c8cd9740c50 607552 net optional openvpn_2.6.14-0+deb12u2_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0Ha//LlsGOpbQ/H4xqCFmsOWgoYFAmpG5rwACgkQxqCFmsOW goaNlw//WF8jtTIyTccRqyjH3C9TQ+tUYq0JayGrrCxI5ATQ7YecJg0wB2bE69NC onz/hdDtJKHnn5vu33KmU7/YlBnQLzY4rR3g3jfyYJayfteAMpEKENqmE6/ScqZZ DrORCZRyYX0N/zluRnv47mtoP8sTDLmv9narv+AXKWtr4Z2+kdzz+1xnq1sqLnKF GpGDIALCqPp9cHKxXOwfif7A5hEp9RWfSoNUCDMsY2Jw576xdnnlNfjlYJOTrEIz nhxBl0ecCfPyj7u9Kc1Bpi47h69i7jvi7gvgrEaMXz1M0ZrAk1kFLgWJsOdNQ+74 F/a+HvhDNJTw4AiYKxCvyHcCuGOahMlouUhQzOofsNaGuEBmAXNPri8xm0RuIp+r TzW0ILJAxRW7wxMLE5RtzebUf20lQIzldAfz3gWikVYIRXXX4b3Rf5juCfNx3Joz 91vsGJS8QThuGboEgTALmfLRabt6fBnZ55BVUBmAokFh9NFIpDy6nk53UeE13ErQ jC/raRJEBnV76nS31k38aapQiZrPTZAput9Ptu4yQ6G6Ru/f5YOL0w/G009bDONF XPJUI1P9EaHMVY0N+3ZmfplzVxJsPGytcdMsvQQrg6p3m7qsNp8xLEDIyDHvYXXj ZpQ7As5RW+MkoVvZ1MPqZgzQ0dBhRPOgIhBw9fZzQrhUQWNVmOI= =Kj8M -----END PGP SIGNATURE-----