Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To:
Subject: Accepted openvpn 2.6.3-1+deb12u2 (source) into stable-security
Date: Wed, 15 Nov 2023 19:12:00 +0000
Signed by: Bernhard Schmidt <berni@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 11 Nov 2023 23:21:37 +0100
Source: openvpn
Architecture: source
Version: 2.6.3-1+deb12u2
Distribution: bookworm-security
Urgency: medium
Maintainer: Bernhard Schmidt <berni@debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Changes:
 openvpn (2.6.3-1+deb12u2) bookworm-security; urgency=medium
 .
   * Cherry-Pick upstream fixes for two CVEs
     - CVE-2023-46849: Use of --fragment option can lead to a division by zero
       error which can be fatal
     - CVE-2023-46850: Incorrect use of send buffer can cause memory to be sent
       to peer
Checksums-Sha1:
 5bc4d19238b46263b923ae47a8fe99f1ee739173 2236 openvpn_2.6.3-1+deb12u2.dsc
 a94a914cccdc72980729054ae42c6862fcc1c7fc 1860557 openvpn_2.6.3.orig.tar.gz
 c4925beb63c637aadcea803dc7aeb726677dadcf 61804 openvpn_2.6.3-1+deb12u2.debian.tar.xz
 e043a854b0f47cf47bcb5a2d20fffb5293b33efb 7794 openvpn_2.6.3-1+deb12u2_amd64.buildinfo
Checksums-Sha256:
 a0cac845f57e61c5affd6f0c8be699b32a8672f99f5f5e5c3cfbe2694562dd94 2236 openvpn_2.6.3-1+deb12u2.dsc
 13b207a376d8880507c74ff78aabc3778a9da47c89f1e247dcee3c7237138ff6 1860557 openvpn_2.6.3.orig.tar.gz
 189ca607fec5a5d6d5db8da617bd301f7a94f1fc3850b5d557907979c0eff2d7 61804 openvpn_2.6.3-1+deb12u2.debian.tar.xz
 023ef346330da1727a4d1065206f104b92e9107b18acc5a64f8166fc997de293 7794 openvpn_2.6.3-1+deb12u2_amd64.buildinfo
Files:
 c905070b777bf10f1b8f70ab9142145c 2236 net optional openvpn_2.6.3-1+deb12u2.dsc
 477476a82ad0e606aa460460d640595c 1860557 net optional openvpn_2.6.3.orig.tar.gz
 1e90688f6a70408ab40d3e0795dc0f96 61804 net optional openvpn_2.6.3-1+deb12u2.debian.tar.xz
 01cde1b808484497e389a836ba287956 7794 net optional openvpn_2.6.3-1+deb12u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAmVT2TMRHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJOPXA/9Hp/sQXMkTvZ7EO6cGeJ6UPqUJadBM2aq
5qh76dEwgHumc/CmbS/OaBpMmBEjSKObSfBNhF/1zU7WgDoyyrdGrWJ0a3Mv3kHW
XLbLbBeSDs9tDhzkJNkaw/NCerditLecEB5vi1FEofITKp0Ilq3K8hnJHaYactNR
NyUE4lpcN0zhFZPfuO7W0jkbn5tGnOLc+LAjV7xRaZ14O9wZiHzwMD/yfmSZNCjH
HKFE6c0DezvHm3arpmaAmJyf2m3gIZK+55HhS29F7nRTuWOrden1S5ihejG1//C8
OZyH9+psGZdh24rWgh6M2NapqH0dlnQSui1H6IQBnC+kDRfziOV5QVhh4jHVtpcp
4p61T4eVkDuHXxJ2k562xBVwymjqkIDMNkrmPFd/SF+mhFm3SoxtPIUNmuHsJzR1
/JugZTxfSQndFTUwLxnzW2pyHowQT5gZHA73on0/v92j960+65N3lVZ1MsoubMtI
R0+3PUsIEELvo94a7C87Td4s9+GCBMvLBC4f/we5x8bUHqxzmrKaYrrC4rqjIlai
ZgBkctExEAbxXS+7lF7C7AwoexLxdADVaSS43cjVhvn+SeTveghEGhOxoDx/uAwE
AC8NlA2RwDzPhEv/NLO+97TzZqklQ9MKPfzRjbfU1liCn/8Ui/iYhrkWAQIm1QpP
GqVidslvVNE=
=dgQj
-----END PGP SIGNATURE-----
News for package openvpn
