Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted openvpn 2.5.1-3+deb11u1 (source) into oldstable-security
Date: Sat, 08 Mar 2025 09:20:19 +0000
Signed by: Sylvain Beucler <beuc@beuc.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 01 Mar 2025 17:17:19 -0300
Source: openvpn
Architecture: source
Version: 2.5.1-3+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Bernhard Schmidt <berni@debian.org>
Changed-By: Aquila Macedo Costa <aquilamacedo@riseup.net>
Closes: 1086653
Changes:
 openvpn (2.5.1-3+deb11u1) bullseye-security; urgency=medium
 .
   * Non-maintainer upload.
   * Add new autopkgtest for unit tests
   * d/salsa-ci:
     - Pointing to LTS's salsa-ci
     - Disable gbp setup-gitattributes
   * d/patches:
     * sample-keys-renew-10-years.patch: Import patch to update certificates.
       (Closes: #1086653)
     * CVE-2022-0547.patch: Import and backport patch for CVE-2022-0547
       - A vulnerability in openvpn 2.1 to v2.4.12 and v2.5.6 allows
         authentication bypass in external authentication plug-ins when
         multiple deferred authentication replies are used, granting
         access with partially correct credentials.
     * CVE-2024-5594.patch: Import and backport patch for CVE-2024-5594
       - A vulnerability in openvpn before version 2.6.11 allows attackers to
         inject unexpected arbitrary data into third-party executables or
         plug-ins by exploiting improperly sanitized PUSH_REPLY messages.
Checksums-Sha1:
 de2f4b2d23b748e10b982749cc211ab9554e9486 2210 openvpn_2.5.1-3+deb11u1.dsc
 3cd781388bc11fe6242f1688bf8c1f9a7b3c22a4 1132708 openvpn_2.5.1.orig.tar.xz
 e42bbfb68ee6769e37582fd15d638c584beccd76 112796 openvpn_2.5.1-3+deb11u1.debian.tar.xz
 79fa3081eed91df65a03d653900e54b64b53a662 7728 openvpn_2.5.1-3+deb11u1_amd64.buildinfo
Checksums-Sha256:
 535218198c81cc582fe88aea5bb34c471d2618c010319065ff6a70b160b1fd3b 2210 openvpn_2.5.1-3+deb11u1.dsc
 40930489c837c05f6153f38e1ebaec244431ef1a034e4846ff732d71d59ff194 1132708 openvpn_2.5.1.orig.tar.xz
 e294748fb42f5db73c3ed49a9de35cf398784aa0bf9a7a71bf8c27ee36af032e 112796 openvpn_2.5.1-3+deb11u1.debian.tar.xz
 3efb54248fcf4c7c2c6d0e89c3c774fdb8335698fa0b00e05e303b0db2e6c800 7728 openvpn_2.5.1-3+deb11u1_amd64.buildinfo
Files:
 c296353ace021af6a80bd4d3b17e5900 2210 net optional openvpn_2.5.1-3+deb11u1.dsc
 754f7b00c5d19bb488f56ffc5ab492f2 1132708 net optional openvpn_2.5.1.orig.tar.xz
 0133f03f6822521bfbf531ba43e2f69d 112796 net optional openvpn_2.5.1-3+deb11u1.debian.tar.xz
 9240a19c52ed8e648e38e50992a6589e 7728 net optional openvpn_2.5.1-3+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmfMB00ACgkQDTl9HeUl
XjA6DA//a3WLgaj/IKcqpgnwlnXaHfmFqLEmyWeXtnuoYOV89sJ6Aa9qa2oKX0Nt
lJTMpvY1vT4EpsC0zg45mGx06eenHPB2zmhsthiDiS5qoFHrC399bjV0PB/XY1xL
2Ypdxd3sSc5rJmdDawr4jCjjRVSLsLw/Yp2ofEk+hRsuHr0kCEWMtNgQppRto5XC
rl0wBC4fQQg8BRWUp9tdjbvsMCmcNqPxi6oz6VyvLhqXugnM6fvvxMWdMnCiaVJF
RBBu2SpQw43tFLrps18j0yu8TdVhWAAS/wq8RXx0dcURzitQdpZFeq7ofsDgJkCm
6Rz5J4xk8kyhAUMt5q2SVexljiAHxvzTwg7LE2UP/LzDAB0KqW2vEZaTDXworYES
SfjxaWc+7P6yaSOKqO79pTtBQhM7kK6htTUY2xE5Q4pJbq4fIr9LugM4fDRaPQOW
v/wD9wEhWcsoj/9cRt2JDmbQZdr/jWOln+e6dWLbI3j6XKnQFPHSxpBHw/cSYCIH
cruUNqunBF57nprd3nK9KkLyYrifuKrOlsgQJILCKJzPXBNMOU5IZN99F2Gm7Q0T
Wc9pja5AhNGGvPz6A3iQwBryrWBKowg2wwGB3C7r5SD6Inw29qGuiMrN8bn+zoTV
XtT0HEse3h+q4LpQa4wH1aSZV+E/yixrBrhGypVzcqiTYenvXv4=
=ymIr
-----END PGP SIGNATURE-----
News for package openvpn
