Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted openvpn 2.7.2-1 (source) into unstable
Date: Wed, 22 Apr 2026 23:37:31 +0000
Signed by: Bernhard Schmidt <berni@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 22 Apr 2026 22:40:54 +0200
Source: openvpn
Architecture: source
Version: 2.7.2-1
Distribution: unstable
Urgency: high
Maintainer: OpenVPN Maintainers <openvpn@packages.debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Changes:
 openvpn (2.7.2-1) unstable; urgency=high
 .
   * New upstream version 2.7.2
     - CVE-2026-40215: fix race condition in TLS handshake that could lead to
       leaking of packet data from a previous handshake under specific
       circumstances
     - CVE-2026-35058: fix server ASSERT() on receiving a suitably malformed
       packet with a valid tls-crypt-v2 key
Checksums-Sha1:
 5e031634699355c310f7dd057c76c4ff540e29fa 2338 openvpn_2.7.2-1.dsc
 9f1ce1d685aba414ce05b6899c3ce274a23d4544 2107857 openvpn_2.7.2.orig.tar.gz
 1dea17a4f53443f2ef1efb59d54c0fe3e05cc8a8 61296 openvpn_2.7.2-1.debian.tar.xz
 6184d9f4595709cc421fff5d3c063bd0fc58ac66 7216 openvpn_2.7.2-1_amd64.buildinfo
Checksums-Sha256:
 f869ff086915634616cbb513781ec386548d32b13d0ada54917968ada76ca9ce 2338 openvpn_2.7.2-1.dsc
 9c3e150a595fc9a375221f2fa9f10524a9c064536cf81c96e3ba66c735b86f26 2107857 openvpn_2.7.2.orig.tar.gz
 783095719caee9d6637ca560bbe51385d814bb368e4d604c5800bd35f25e8573 61296 openvpn_2.7.2-1.debian.tar.xz
 a01f84ee8c68d0b2bfff73b7f569ba4269f4d69197ad9a2cd67c1553a0cd8f49 7216 openvpn_2.7.2-1_amd64.buildinfo
Files:
 94e192334010aeaeda837041d18504ca 2338 net optional openvpn_2.7.2-1.dsc
 31dc9a9b6f829791386a5d7254d9c666 2107857 net optional openvpn_2.7.2.orig.tar.gz
 c76c3de7b93a62bafdc91831a15924e7 61296 net optional openvpn_2.7.2-1.debian.tar.xz
 28e4b267e300d976575bc6fbc8b396f6 7216 net optional openvpn_2.7.2-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAmnpVckRHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJOlgQ//RNk4BkqrW7Oskyp2EM+fNd0f3l0qCuob
Lh83/FzXHXAuvaVMdP2SLjyrE/vQw45nTvxRkH0bGBA0yHywZE9ZcHVfRKZJA/CW
syZ2qJOQ/9Uuc2Bp7ETumV7lFJRkv/bbn0RlFtJD2pZ9nzssTbh4sO+ygaimv/ys
gnKAoAR4KZYa7Hcqjf3F4GNFia7nsyFHfYw5b/XHDIbP7YzuP9gY7VkX576165wh
nLONNjF0g8SbiCrIE8MozlRuf+D4q2rehElZ2bXzpbPrsrZhT5nHmuYcmyoUni6q
/4Xq+W/O6bX1GtgIEwLX5AIWM+t6mQDT/VzL/q0z/RKk+Ydp+QgrxH2TaADDj3MF
3Z3nkGl6OoUnd8hgEh4kwFsGukqydbJSBKgY1rQMYUOl3fgyukSJBY2lnatgu576
8+8ySf1RRy3Yek7BU39vZac/cTBQ2I3BgP0CqkL82HYbON2Wq9fWYJaSrtnwxbng
5R2o+kNmCoVdHjBpBtc/1wPkGEFNMApusINSzOoxzqXZTRIPHEiFj4oSUneR1p/B
j6TwBnBO358mf9ScTAF+NQSIqchwvNwRYcroN/tPGKJpK2wsNUBEbqNulE7lzTTh
KLNrpgec1jWJKlawuO2rUZvj/s7Cf3xOWpNdxhxz/Aqt1MMZscAMTlmAqV7G00aH
B/hmYhORz84=
=rS13
-----END PGP SIGNATURE-----

News for package openvpn