-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 22 Jun 2017 18:00:56 +0200 Source: openvpn Binary: openvpn Architecture: source amd64 Version: 2.4.0-6+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Alberto Gonzalez Iniesta <agi@inittab.org> Changed-By: Alberto Gonzalez Iniesta <agi@inittab.org> Description: openvpn - virtual private network daemon Closes: 865480 Changes: openvpn (2.4.0-6+deb9u1) stretch-security; urgency=high . * SECURITY UPDATE: (Closes: #865480) - CVE-2017-7508.patch. Fix remotely-triggerable ASSERT() on malformed IPv6 packet. - CVE-2017-7520.patch. Prevent two kinds of stack buffer OOB reads and a crash for invalid input data. - CVE-2017-7521.patch. Fix potential double-free in --x509-alt-username. - CVE-2017-7521bis.patch. Fix remote-triggerable memory leaks. Checksums-Sha1: 37c7a0b851c9913e3282aac1c5d6546e545070fc 2120 openvpn_2.4.0-6+deb9u1.dsc 7772eb3ddea45c3f894e6a534f3368369d3d0bc0 1409019 openvpn_2.4.0.orig.tar.gz b82d9e4d2155eb9021ae26b032864bcdba79d798 60464 openvpn_2.4.0-6+deb9u1.debian.tar.xz eb0f331c54fc9eaed399cfb9ba5e856b31aceb90 1372536 openvpn-dbgsym_2.4.0-6+deb9u1_amd64.deb 1a8de24b9b3ba32e1ded5615e6d3715ce0cc6911 6489 openvpn_2.4.0-6+deb9u1_amd64.buildinfo ee25a6c6476a6ff51f145c70b2fa3756d5aa5af6 499984 openvpn_2.4.0-6+deb9u1_amd64.deb Checksums-Sha256: e7b3dca7b124c7c3ceba3d03b9865e79866868095db667a4e1151fecf5342db0 2120 openvpn_2.4.0-6+deb9u1.dsc f21db525b3c03a9bbd0a7ab6d0e4fbaf8902f238bf53b8bc4e04f834e4e7caa4 1409019 openvpn_2.4.0.orig.tar.gz 099bec0492d4674fcccc0c31024226443244dc07cc301f111bc3bfb102504981 60464 openvpn_2.4.0-6+deb9u1.debian.tar.xz 2f7ae2d0fe6537213e83dcc26bee56002585177ac99c5c22f050c43fea14d961 1372536 openvpn-dbgsym_2.4.0-6+deb9u1_amd64.deb 6a75a2f56488b143ccc0075244e29679787d0318c9cf7f11b0291388cb4cd3bd 6489 openvpn_2.4.0-6+deb9u1_amd64.buildinfo c4073d791976ecb382e6be994245953efca255b5003b31603184ced3de668080 499984 openvpn_2.4.0-6+deb9u1_amd64.deb Files: d8e83eb625e5cc05b22f6370645ac559 2120 net optional openvpn_2.4.0-6+deb9u1.dsc e4b3932000a17d782b72e094752619ec 1409019 net optional openvpn_2.4.0.orig.tar.gz 97826f07ea713254d5f61fdf7c932653 60464 net optional openvpn_2.4.0-6+deb9u1.debian.tar.xz cab96daa04532bbe1372f2f1b074f62a 1372536 debug extra openvpn-dbgsym_2.4.0-6+deb9u1_amd64.deb be0dd4c9c3a67239d4abcde66fa7f2f2 6489 net optional openvpn_2.4.0-6+deb9u1_amd64.buildinfo 0cfe5ab8436200a69656d32c330463b3 499984 net optional openvpn_2.4.0-6+deb9u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEEU0fL2D4wqetNfUvyAJszdWuaqlUFAllRIiQQHGFnaUBpbml0 dGFiLm9yZwAKCRAAmzN1a5qqVVPWD/9XNGFC4tZclZnFsAbblxb5XF+wUpTCYncO Jmf+VNPNB7/jg4nAAmDEFBwXZipmGGgE9AztgyU3K919YEJwWZ66dXqP1P0X68BY OLw8BIisyoTKVnZnANUgDZ7ASozpzOCWfd2ZxIB/VDvVBBWoTaUCEkJjUxRSWeqT JZjLezwznlnwnPZe5sOa6sTMSMor1xCH7N2+d1nw1oOmFBjrvbAm3rXbZwNC6GSA sXQy9Yk/Irdj3c2fLnnp3U8bbH7B5ft7GMYY9OuAYdHY7hmTiZvxiQFVgvpXhkP+ zVa4arUBokguI9/nO75VFh7tnhWC8uZReugDjKcV9+blAVyaPRvahIY27RaDJUwT 0TnXO+YpZS21Ls+iwD8pTr0Bt3kCuDoz7WGVLK/Wfb8sQhMj0e6EwKrIfEK+j3wy 5w5ZCl/ZoJX1EXJYbK6SiX8MILrWIkGI/b3maFfSVtex8GpRqQEWl7c6TKaK80Uc q/ntl5PwqkMr4o9Pv68Rn3OAQnV0Z6NPuf9227ngSbY3fgxncvF7YnJLxqeoBY0s JLw9MJ6EmQJhu/wOLq45mKoOIXmTQqlXj+AAU0WhXZ2imnf7aJksGuE8sBSoTTi5 BsPBw+v5S3/62Mb6B9Kk7LhFcRGItINZMKzrTKXjWVa3t2N8ffm036SevLIR/Ipd 1AzDZtRzLA== =JZbU -----END PGP SIGNATURE-----
