-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 01 Jul 2026 22:20:55 +0200 Source: openvpn Binary: openvpn openvpn-dbgsym Architecture: i386 Version: 2.6.14-1+deb13u3 Distribution: trixie-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) Changed-By: Bernhard Schmidt Description: openvpn - virtual private network daemon Changes: openvpn (2.6.14-1+deb13u3) trixie-security; urgency=high . * Cherry-pick upstream security patches from the 2.6.21 release - CVE-2026-12996: Fix use-after-free bug in ack_write_buf(), triggerable by a well-timed sequence of control channel + authentication packets - CVE-2026-13117: Fix use-after-free bug in tls_wrap_reneg(), triggerable by suitable sequence of dynamic tls-crypt control-channel packets - CVE-2026-13122: Fix server crash on reception of suitably malformed auth-token, if --auth-gen-token external-auth is active - CVE-2026-12932: Fix memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes - CVE-2026-11771: Fix possible 1-byte buffer overrun on NTLMv2 proxy responses. - CVE-2026-13698: Fix another memory leak on reception of suitable tls-crypt-v2 packets that could lead to an out of memory situation and server crash Checksums-Sha1: e27d0bcd6aea70a81600a4e26bdfe4a297eb3c3c 1138864 openvpn-dbgsym_2.6.14-1+deb13u3_i386.deb ea76a42d340eef47500ace84dfd68c507a7e6819 7186 openvpn_2.6.14-1+deb13u3_i386-buildd.buildinfo 602b05aa8843dd3d0c74d88212a6a13401f8c2bf 702048 openvpn_2.6.14-1+deb13u3_i386.deb Checksums-Sha256: bbab2e499df80f05f7e749a950aae90209368a80a7b4c1252b8d64d680f8e4dd 1138864 openvpn-dbgsym_2.6.14-1+deb13u3_i386.deb 1b0221af25dd3c8c0d7a08612223bd241aec83431430a402cbadf50a705675f3 7186 openvpn_2.6.14-1+deb13u3_i386-buildd.buildinfo d21b0a47327df549d2492db88a5b74111db3d53708fe07291df9fdfa4fe35ea6 702048 openvpn_2.6.14-1+deb13u3_i386.deb Files: 8ad7ff9e429407eb5420d87531d1f50e 1138864 debug optional openvpn-dbgsym_2.6.14-1+deb13u3_i386.deb d968b19be0d932ed08b43988a6603352 7186 net optional openvpn_2.6.14-1+deb13u3_i386-buildd.buildinfo 49cd3ff327e0f0785e65bb0398ff5af4 702048 net optional openvpn_2.6.14-1+deb13u3_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEb5EwsJvHBEjqIJYIbheoBegwXLIFAmpG5tUACgkQbheoBegw XLKZCw//WlDEoQB4Ke5VANMlTSWxNLTdxxVQJx3mA6u+cnQ+E2xOzdQP/llQpu2x KiYOilWrNeYtrFwYUlHnMAzePLOLZw4RWIYn/6UPTh/vNH86J9owVvGvUzqKRF8m 0rvlaoUdRJBb8Dw+j9DIlFM5alK7nJ4ALjGPLi0DZ2Je/3A3R3qaTTWBQ4NI6+rE 7DBJdnzJKH5lnmEt3czhlYmaGSaOkjr7zFV4AxBG1GEx9JXQ8QcvjQ6BCGvLGDzy ofMYy/vBdW2eZt4QrNA2qrDrD9pgucLiilzAcbPaZNI3ZJBENty86+mFmWWMJ9YG dtbeNQ+vlVX0kjqO62GAFTAlMoanq510xJVj6OWQkPdFYzGT2gqYEouyJ9++33ZC Ir16LEADgUwNZE4a6z/l0nV0BQgPuk6QRYiuYGI9KHNCB3CuaF0/iTJt56c62T/G v88Hn1IOje2ibSolnzZbgI97gMVsr2wk23gKc+Pzyv5mT0GJEq59cEuoV57UiWgN gxOqcUt9cShpOW9j6w/9zsRGc1qf6NR/R0ItHPMGz8MLVazdn3Q//5eSpzxpTMN7 DhZshKYCy+W1Mn2deONX1wg7pZ6eYpMM0ZE6HbxtoEX9Mu0SSAjDjDfLMIbNv+DE uVbevbHIITTQ0SNdyl3REQvs3dwVAWtPUwr86a1suvH6SWsloa4= =em1C -----END PGP SIGNATURE-----