-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 01 Jul 2026 22:20:55 +0200 Source: openvpn Binary: openvpn openvpn-dbgsym Architecture: arm64 Version: 2.6.14-1+deb13u3 Distribution: trixie-security Urgency: high Maintainer: arm64 Build Daemon (arm-conova-04) Changed-By: Bernhard Schmidt Description: openvpn - virtual private network daemon Changes: openvpn (2.6.14-1+deb13u3) trixie-security; urgency=high . * Cherry-pick upstream security patches from the 2.6.21 release - CVE-2026-12996: Fix use-after-free bug in ack_write_buf(), triggerable by a well-timed sequence of control channel + authentication packets - CVE-2026-13117: Fix use-after-free bug in tls_wrap_reneg(), triggerable by suitable sequence of dynamic tls-crypt control-channel packets - CVE-2026-13122: Fix server crash on reception of suitably malformed auth-token, if --auth-gen-token external-auth is active - CVE-2026-12932: Fix memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes - CVE-2026-11771: Fix possible 1-byte buffer overrun on NTLMv2 proxy responses. - CVE-2026-13698: Fix another memory leak on reception of suitable tls-crypt-v2 packets that could lead to an out of memory situation and server crash Checksums-Sha1: 75c71d1c0310eb9a2396b547ace578611e951dc3 1255356 openvpn-dbgsym_2.6.14-1+deb13u3_arm64.deb 8a4e6b701cfeb21aa6c8f2f6c274c0f9d250f4c8 7269 openvpn_2.6.14-1+deb13u3_arm64-buildd.buildinfo 768738612c5ac0dfaa6475f6c6254ab4af3776e5 629880 openvpn_2.6.14-1+deb13u3_arm64.deb Checksums-Sha256: 691c024244eeda92516a1d38d442ca778f937cf709fdfbf585e0a8bf88b6477f 1255356 openvpn-dbgsym_2.6.14-1+deb13u3_arm64.deb 8b7c2971fb29df38def2b14cb129c7dd3b391a80d761d70a0b57a3d2bc3fb91c 7269 openvpn_2.6.14-1+deb13u3_arm64-buildd.buildinfo e42d86fdc7b8e7ff944cfcfaea4d0927d308d068f452bb4602b41076080d336b 629880 openvpn_2.6.14-1+deb13u3_arm64.deb Files: d0058e079cc2d57172996c285b1e4760 1255356 debug optional openvpn-dbgsym_2.6.14-1+deb13u3_arm64.deb 2f2fe656520a327e0d58b55b1df8b663 7269 net optional openvpn_2.6.14-1+deb13u3_arm64-buildd.buildinfo ca70e08b4d2d5aff771dd38761bf9c6f 629880 net optional openvpn_2.6.14-1+deb13u3_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYxmcRLDHP0tCCM0oScpU3dYulLgFAmpG5rMACgkQScpU3dYu lLgvyBAAhHlxFvqlCfFXiK+YXKorExnG80vFwiaO7dQrnmtWFcf+QLUCWeAEt7jn 7bTzT96QULbaWGr27jbhKMx10XY11nI0/1mG+xFm/zxWWgp1T+es+ijtXoan6Z8u Onc/bV7b0kPGjrYLGVmZz52op7irL3NO+FjJFJo7HlrzgFRvqTguZPmbWimrjF+f /jZGKKN66Y/8GgfQ14d+cYRNtA/ODUhIVDL5xM3+Jy6uWh1lAfCz4rhonv8orHIC zZEMNSsk/ohxtRpPV4ysw0OSt6JIyR4U7PTiurlzknzKFVILinoudLCuo3jRUM5q 5dNiRj9QlFdWH43hTjy9xCh0FNmUhZTjV5DIrfphorpTPyIFWXuWuacGwbdSdQXk 3LD0aN0mx9Ljjgk+v96ZcmI8naAnGpKcTLqN0cWkF/YhKtVWLmVCMXfR32/BkjbO pyQ77rJBzFtpsZKohSGWoga3vS9NsnSITJwhubMPy+7HAuAnN9kOIvsUbr72OXVw kVj2rG7VMCeHeg/lP88HGD0PO4dmGXAbtJ3maodv5tpIWWhyFqeQFavgiaJ7C6A5 3OfyL3rz2GX8CPLVZShTGoWUOQS8E+0sSMg9L5+wR8xLKJujoz4qio49G4nC8aZV P7Q2QnsaQDqhjKArkiotMNupZ+3DvX84mCXdQDfpmjh+B7w7F1A= =2Qs1 -----END PGP SIGNATURE-----