-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 01 Jul 2026 22:20:55 +0200 Source: openvpn Binary: openvpn openvpn-dbgsym Architecture: armel Version: 2.6.14-1+deb13u3 Distribution: trixie-security Urgency: high Maintainer: armel Build Daemon (arm-conova-02) Changed-By: Bernhard Schmidt Description: openvpn - virtual private network daemon Changes: openvpn (2.6.14-1+deb13u3) trixie-security; urgency=high . * Cherry-pick upstream security patches from the 2.6.21 release - CVE-2026-12996: Fix use-after-free bug in ack_write_buf(), triggerable by a well-timed sequence of control channel + authentication packets - CVE-2026-13117: Fix use-after-free bug in tls_wrap_reneg(), triggerable by suitable sequence of dynamic tls-crypt control-channel packets - CVE-2026-13122: Fix server crash on reception of suitably malformed auth-token, if --auth-gen-token external-auth is active - CVE-2026-12932: Fix memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes - CVE-2026-11771: Fix possible 1-byte buffer overrun on NTLMv2 proxy responses. - CVE-2026-13698: Fix another memory leak on reception of suitable tls-crypt-v2 packets that could lead to an out of memory situation and server crash Checksums-Sha1: e3224991d18ace815fe769aff77f6c6400f8d330 1251500 openvpn-dbgsym_2.6.14-1+deb13u3_armel.deb ce0c8dea4a1614bec2efbfe4df8a709d4813aec5 7137 openvpn_2.6.14-1+deb13u3_armel-buildd.buildinfo 76086078601a2c77933e88f80a608adcfb27414a 612292 openvpn_2.6.14-1+deb13u3_armel.deb Checksums-Sha256: fcd872cedd9c7f653823c36daa2099d35909fff8a1f27bc1de428c13262b7823 1251500 openvpn-dbgsym_2.6.14-1+deb13u3_armel.deb 47bb0a6b4c01cf2d083dd719b57c0689356c5ce1af1cb946256cccac022bf87a 7137 openvpn_2.6.14-1+deb13u3_armel-buildd.buildinfo 72e471a7bb3a13d3a8c6bf3dd29df0076ee7ceae236bd70b7d1e2a452bd33de5 612292 openvpn_2.6.14-1+deb13u3_armel.deb Files: 20356743087d033c06b9b8774ac1ca74 1251500 debug optional openvpn-dbgsym_2.6.14-1+deb13u3_armel.deb f2f67955dcef24efe71dd1df92ec73bc 7137 net optional openvpn_2.6.14-1+deb13u3_armel-buildd.buildinfo 463e4ee6c769ac74d5085ac30090089a 612292 net optional openvpn_2.6.14-1+deb13u3_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEa5s+5E+WDkV2pQjwIyDMsRzdi8EFAmpG5tAACgkQIyDMsRzd i8HjRg//UZNvL6kpXlUih6LUxLc+cDHbS3j8qU2SuStx8sah+U2nZStFMJtA73Yq gxgxISFZ1kLLjayt9H5hKqYqgIc9tGmz+AB/ULL7Jyu0+sJ3g0hx9g9I+SeFn1xM dfc29DZRW1BAlJfmCB0stAFMJLZ8d4rTU99EFz5eoP2aQTPIWMuaFcZVthNX39wx 5bPFHfdtdZawQVHDmRQlZwnXi35+56j6akKUL4QhPDAyIWcc/9xkFYwwy3xYiZYA gho5/Kr530vFEIIy7Y7Vh/TrXbrbWmCQolHHSDq1nn1dwZjAHnOokkorWYt6cqQL 0fpl4l8gSwQXb+tUiDhcf83LS+Kq0ywz10YcD2AaFfsqPnxeXAHYcwVOvmnioRNq 0aryV2ebF5wZTAuIoJkQSC9v4Y53JACbne70wJTGlvwysGY+1I79AqhkKEw/0f6f t1XbTuxy1Ks73xY5g2GKPhhTgXsLVL7CJfNUETfqdbJuinSqcSm7tvmGpe+gcTeu pIB1cX8yMFdhi8Hq0TJ9bKxMinx1Rm+ho+H8fnw13qXQlOZ9vHA8D9MrPOXjVrkl /YiOWM4klWUWmeW75Gy1OYCeUxPrZM4wahhssww9yQdy2m6gPUQhopg4VfDWuha8 8TSl1rZ/+5p1gfDBfipUxLKXctQ8W4FJceluY2Q3ahDdB6NhbGo= =zNSF -----END PGP SIGNATURE-----