-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 01 Jul 2026 22:20:55 +0200 Source: openvpn Binary: openvpn openvpn-dbgsym Architecture: armhf Version: 2.6.14-1+deb13u3 Distribution: trixie-security Urgency: high Maintainer: armhf Build Daemon (arm-ubc-05) Changed-By: Bernhard Schmidt Description: openvpn - virtual private network daemon Changes: openvpn (2.6.14-1+deb13u3) trixie-security; urgency=high . * Cherry-pick upstream security patches from the 2.6.21 release - CVE-2026-12996: Fix use-after-free bug in ack_write_buf(), triggerable by a well-timed sequence of control channel + authentication packets - CVE-2026-13117: Fix use-after-free bug in tls_wrap_reneg(), triggerable by suitable sequence of dynamic tls-crypt control-channel packets - CVE-2026-13122: Fix server crash on reception of suitably malformed auth-token, if --auth-gen-token external-auth is active - CVE-2026-12932: Fix memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes - CVE-2026-11771: Fix possible 1-byte buffer overrun on NTLMv2 proxy responses. - CVE-2026-13698: Fix another memory leak on reception of suitable tls-crypt-v2 packets that could lead to an out of memory situation and server crash Checksums-Sha1: 3bbb6208a65a3f0ae43abada8669a22271bc747f 1256696 openvpn-dbgsym_2.6.14-1+deb13u3_armhf.deb 0c896943928b4efa4682907e617688fe2e5cad1c 7151 openvpn_2.6.14-1+deb13u3_armhf-buildd.buildinfo e9bba3f1f00801088f9a57ef4449db171703e3f1 617332 openvpn_2.6.14-1+deb13u3_armhf.deb Checksums-Sha256: ef76a25b4545d4d701c386ca9794f5a164aa48ea4c5d2e4b637dd3c363b0d7c7 1256696 openvpn-dbgsym_2.6.14-1+deb13u3_armhf.deb f0f5d6dd9092f814a2493b2354ab66aaef7fe564a88728472cb5030895ed550f 7151 openvpn_2.6.14-1+deb13u3_armhf-buildd.buildinfo 5a070cb36c139eb126cd138d95c8949dc56d809d5e41cdf4d3aa096d93ffb325 617332 openvpn_2.6.14-1+deb13u3_armhf.deb Files: e75fd0df5e53cd4107c7d081646fc5ca 1256696 debug optional openvpn-dbgsym_2.6.14-1+deb13u3_armhf.deb 0d166c4ffc31f7b638f6ea81172e426a 7151 net optional openvpn_2.6.14-1+deb13u3_armhf-buildd.buildinfo d3d2b255f85449e406a778cf9ecb3ff7 617332 net optional openvpn_2.6.14-1+deb13u3_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7rv+l3KtZdQea77lnwznazfjXToFAmpG5sMACgkQnwznazfj XTpV8Q//XLQTGHNtWD4vbI8u60kNSPpaSPod5mke+sp1AMxWXuj8WwagVaQ9+bsj WBe+GH5rBd+HZt62k2WWFC1ZTD0bO50WZ35BKjG2aZufklhPxNyceHqXqwADBP7+ Xd4ze+BkxdAfuJPW6gmFd6HBcUVhT0KwiPc3ipgx56gnZahHTtS+tuUBkFegSl5m Kbkvc522z1gcMsI6L/KbYdnUlxIoSIU2dBPu8cSRqG3wb0Zwi75fBJ3Tl08Gmj7F O0qU4TdgHe5++BJHW9/AfndPOaBkG8uwk1Qx+p+77i5w4X2V7d5woXD6LAPKll5i uelXvrfE5JrZMv0z5x1FfD88e/MMBQuP7UqcwHFyDEhZ6UQZBSSEv+huSqxHIWTv uaFjMTz5BaW0zHlwlwyt3IZZ5bVTA32Bk4VGhxQ+tYW68TiJrR/YGylKpeFT9qY7 mKh4+mmDNn0kpXBxwkNebLcaGXx9q9XqbPWBdgY3Nju3P8YFYQ2/VZdrfZYs7E3t 7xdRJq92RhpgbOCOYJMWmOYyuqPNXlTN9bGMKs/z1B+RNJpfhx/K5lmMTB/JngVa T0nNDYEps4iDO+9jwpedOL7k1ypY4MdjjgocJ4XX0F0ZOC8/+3h6uEWOjtpqAFpK 0trwTAVetvAEf1EsSLDsbsDmCk24jnMLTrF1NKbC39ORBZQfZWY= =D/5j -----END PGP SIGNATURE-----