-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 01 Jul 2026 22:20:55 +0200 Source: openvpn Binary: openvpn openvpn-dbgsym Architecture: amd64 Version: 2.6.14-1+deb13u3 Distribution: trixie-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) Changed-By: Bernhard Schmidt Description: openvpn - virtual private network daemon Changes: openvpn (2.6.14-1+deb13u3) trixie-security; urgency=high . * Cherry-pick upstream security patches from the 2.6.21 release - CVE-2026-12996: Fix use-after-free bug in ack_write_buf(), triggerable by a well-timed sequence of control channel + authentication packets - CVE-2026-13117: Fix use-after-free bug in tls_wrap_reneg(), triggerable by suitable sequence of dynamic tls-crypt control-channel packets - CVE-2026-13122: Fix server crash on reception of suitably malformed auth-token, if --auth-gen-token external-auth is active - CVE-2026-12932: Fix memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes - CVE-2026-11771: Fix possible 1-byte buffer overrun on NTLMv2 proxy responses. - CVE-2026-13698: Fix another memory leak on reception of suitable tls-crypt-v2 packets that could lead to an out of memory situation and server crash Checksums-Sha1: c26ce3933b0aad4dc24bb1925401b6df4c1b65db 1276376 openvpn-dbgsym_2.6.14-1+deb13u3_amd64.deb d2cc5562382763afce8980323f4e5a0d3c7c38cd 7285 openvpn_2.6.14-1+deb13u3_amd64-buildd.buildinfo 72350143b82f18f4f6fca75d9baa7bab178365d3 662872 openvpn_2.6.14-1+deb13u3_amd64.deb Checksums-Sha256: fa959f94e8d73acb7cc37b1ca63a9ceff090581e17630cf4f379a2003e302092 1276376 openvpn-dbgsym_2.6.14-1+deb13u3_amd64.deb 7ce86e8d8e652575b7445aa87fbb5a088de0c2adaba348e88acd755c65fb9336 7285 openvpn_2.6.14-1+deb13u3_amd64-buildd.buildinfo 8952d637f0634589d733ea18e4fc36d0556dee2b38f50f963852328c2766feca 662872 openvpn_2.6.14-1+deb13u3_amd64.deb Files: a969429b5ff91395a1722843f809e8db 1276376 debug optional openvpn-dbgsym_2.6.14-1+deb13u3_amd64.deb 8116f3feb8bd92b2605cb3f96cea3ced 7285 net optional openvpn_2.6.14-1+deb13u3_amd64-buildd.buildinfo 30a64eeda271d18229dff3e1402e0804 662872 net optional openvpn_2.6.14-1+deb13u3_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5ZI1lXv5WjhHIVjsN8Ugyu9dQiQFAmpG5t4ACgkQN8Ugyu9d QiTWyhAAndrOO68bTiWqa2XAyvVwM5jgdYrwN6tPbbRwYfmqDd8d4ms9hH1mp8vU W06DR+o44T4tZoLok9Izlhp05bu7LQsdDYR3geJofx2QHp9HsidircB+sdypnYvW ILjgNJGe4Daehirk7oFJaEhiJGd45xXZtDn3ghR0aKrQBRCoWPkiwgiNANk04yTr BkIaSBK2CNooq/Hj4B7nS/sM4vupO0acFEk/9bzxLG2HEC0+IfbJCETDvgEJF+kn ihvmTegMeuES9hbfFCFZWSTHPZ+FlfeEAbdGIF4Mqw4roIhPkU3hOFIfVkWBa+fv ASNrxitgJqX1L6DSnWeH5kT8GSOEj7LE0qZXbQUrepfcuQznk/0FFGDhg8Oi4eIh sHQl5InvubsabDegjYrUo0hgCCucmcrF1HubO9/mHUjcIxrWydqIReFHsJySu0r7 KI0RTLTyRlidcplxwBxZPJlcCr2uhjuKofHXdZhnFFKSyVYZnm9CN14ND1O+dIbl IA4IENStEP/9JVpTU+12O+wkhYifjT4xlYxqrLw1H8tSte2+g6azWjVIHy8li7IR 5oLXRvg4txJ9U7zRGDBFLaFIcdwm9x09UpbdSrBX3LyBMEP7CML6EQSuVeJ3sIFu 8Q6RFagNyjwrJLgW7huhkK4EppdS/xkiQK0fS2Lq0UvyBZuAmxE= =AU4+ -----END PGP SIGNATURE-----