-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 01 Jul 2026 22:20:55 +0200 Source: openvpn Binary: openvpn openvpn-dbgsym Architecture: riscv64 Version: 2.6.14-1+deb13u3 Distribution: trixie-security Urgency: high Maintainer: riscv64 Build Daemon (rv-manda-01) Changed-By: Bernhard Schmidt Description: openvpn - virtual private network daemon Changes: openvpn (2.6.14-1+deb13u3) trixie-security; urgency=high . * Cherry-pick upstream security patches from the 2.6.21 release - CVE-2026-12996: Fix use-after-free bug in ack_write_buf(), triggerable by a well-timed sequence of control channel + authentication packets - CVE-2026-13117: Fix use-after-free bug in tls_wrap_reneg(), triggerable by suitable sequence of dynamic tls-crypt control-channel packets - CVE-2026-13122: Fix server crash on reception of suitably malformed auth-token, if --auth-gen-token external-auth is active - CVE-2026-12932: Fix memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes - CVE-2026-11771: Fix possible 1-byte buffer overrun on NTLMv2 proxy responses. - CVE-2026-13698: Fix another memory leak on reception of suitable tls-crypt-v2 packets that could lead to an out of memory situation and server crash Checksums-Sha1: 63e1cf9be03d6f02a1f4de6142045345c50c94c7 1192268 openvpn-dbgsym_2.6.14-1+deb13u3_riscv64.deb 9c60bb5e928d81f83a959019011efcb46b910f29 7229 openvpn_2.6.14-1+deb13u3_riscv64-buildd.buildinfo 050589e49e330613e7777836f954bede46bc2a5a 670216 openvpn_2.6.14-1+deb13u3_riscv64.deb Checksums-Sha256: 25a126a47d3804d9c4fb9ad99a28f0423af795e03afca23c7d339ada3729cf71 1192268 openvpn-dbgsym_2.6.14-1+deb13u3_riscv64.deb 886992aadfcd841717b6628aae13cc7e44cbe53eaf2ac96c0ce0da546ee9d17e 7229 openvpn_2.6.14-1+deb13u3_riscv64-buildd.buildinfo 162c834bf41012863212e6e23cc8d117a310c0735b2a3720e13cfce8373fce55 670216 openvpn_2.6.14-1+deb13u3_riscv64.deb Files: 1ed774177ed94e8bba5f5385e74e2d6c 1192268 debug optional openvpn-dbgsym_2.6.14-1+deb13u3_riscv64.deb 8268a74db1be132d008f511362030887 7229 net optional openvpn_2.6.14-1+deb13u3_riscv64-buildd.buildinfo 37b15e5cd1486e63c051953b2d22e8bc 670216 net optional openvpn_2.6.14-1+deb13u3_riscv64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEwN+C+Bc8deN4UliX50ghctvtZFQFAmpHBJoACgkQ50ghctvt ZFSrXA/6AjccWykqa+ou6eacCrajPifDAoSgDmfxU5zQ4Rs3uEft1rpCcc2Ki2OZ W2l9r/gF1t0G82NEi76dwMYUzCaI6gqbVd+aRXlIwyAlsruD7GLM1jTbimaa8q1+ ADikDBsBF/Z5l61o/Px0qAm18Bbb7Pa8/Abz/D7Ap9EDiejaZXWsGNVHEIeYIaHR KF3dx2LhN9kbwIfAAc5MCIFeukh2JW+MmtW8zzDs/FqY2NTUUifNxz1OCauuYLAx O0tq8yEy/4ah6/ezkNBZgmWCyBsbPYS9zdL4x1CoLGdhw0PZFc76JlWYmfykM707 qM+iRO4HvcaLPKSP6hbJdVJG61WCJdYneAVFBYo0uvzora36lROxYYRGqWMSR7l2 xbd83TvECmN45vKkG1iibf3XnPv6nsD2X7DslBamdoPV4L2QZXayp6xDStzJURmq x51xbheFZsJZrnod8s5cryovV6q2s3pK2wRJk6/LEo6AWPdC7IFQgTXP5GZYZ+J+ 87eqhs8zcm4OcqM+R3wZYVera1k2WItGi8IfUnvGTbZwzy5grDQr+JDfAMjc4ZB5 S9lsyiaulIPM3VBDHbx6fDcyY3N//i2B9Ky34I1dl8yqfuh08UqtE/k0BthTDlxF +d/b4MZzOcz2UE8gEC/uP60qqvSzaLDE/NeI2dQTf/2CvXDal0k= =4ATh -----END PGP SIGNATURE-----