Your message dated Thu, 20 Nov 2025 23:05:01 +0000
with message-id <[email protected]>
and subject line Bug#1121086: fixed in openvpn 2.7.0~rc2-2
has caused the Debian Bug report #1121086,
regarding openvpn: CVE-2025-13086
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1121086: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121086
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: openvpn
Version: 2.6.15-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 2.6.14-1
Control: found -1 2.6.3-1+deb12u2
Control: found -1 2.6.3-1+deb12u3
Control: found -1 2.6.0-1
Hi,
The following vulnerability was published for openvpn.
CVE-2025-13086[0]:
| HMAC verification check: fix incorrect memcmp() call
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-13086
https://www.cve.org/CVERecord?id=CVE-2025-13086
[1] https://community.openvpn.net/Security%20Announcements/CVE-2025-13086
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openvpn
Source-Version: 2.7.0~rc2-2
Done: Bernhard Schmidt <[email protected]>
We believe that the bug you reported is fixed in the latest version of
openvpn, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bernhard Schmidt <[email protected]> (supplier of updated openvpn package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 20 Nov 2025 23:31:00 +0100
Source: openvpn
Architecture: source
Version: 2.7.0~rc2-2
Distribution: unstable
Urgency: medium
Maintainer: Bernhard Schmidt <[email protected]>
Changed-By: Bernhard Schmidt <[email protected]>
Closes: 1121086
Changes:
openvpn (2.7.0~rc2-2) unstable; urgency=medium
.
* New upstream version 2.7.0~rc2 to unstable
- CVE-2025-12106
IPv6 address parsing: fix buffer overread on invalid input
- CVE-2025-13086
HMAC verification check: fix incorrect memcmp() call (Closes: #1121086)
.
* Highlights from the 2.7 upstream release
- Multi-socket support for servers -- Handle multiple
addresses/ports/protocols within one server
- Support for new upstream DCO Linux kernel module
+ replaces previous ovpn-dco-v2 out-of-tree kernel module with an
official kernel module available since Linux 6.16+
Checksums-Sha1:
24698b61ae5c94ca6397607452c842b8d9c3e1b2 2274 openvpn_2.7.0~rc2-2.dsc
64dbcb75012e3a8c2e2e6a6aee4367ef8ba41eac 2080851 openvpn_2.7.0~rc2.orig.tar.gz
48312904ea31be42017a4dd8c066a63fbc29106f 60016
openvpn_2.7.0~rc2-2.debian.tar.xz
6486fb4ef4790adf45e9cc7b70ef93bbf71bb254 7162
openvpn_2.7.0~rc2-2_amd64.buildinfo
Checksums-Sha256:
e51174cac261c690c2f02623449db7b35cc088ffcb148ae450e706025e16f4fa 2274
openvpn_2.7.0~rc2-2.dsc
6623e8b397dda3a7c05f041099f2f5acb038ea833afded94e7f2811da8b09eae 2080851
openvpn_2.7.0~rc2.orig.tar.gz
8ac58d9af310909cfe4594ae4954bd46e9b9c9a02a0276dfc057793e4345fce6 60016
openvpn_2.7.0~rc2-2.debian.tar.xz
0980bb12224aacbb055643ec34d1629d3946b63e32c0641c8eb55d4a9fe4e73a 7162
openvpn_2.7.0~rc2-2_amd64.buildinfo
Files:
00cc7aaef5fb33c07a654d62290669c6 2274 net optional openvpn_2.7.0~rc2-2.dsc
e1c60917bcf5e5adca735373a1d6b14e 2080851 net optional
openvpn_2.7.0~rc2.orig.tar.gz
b7830574786696c02ecc07e67a972213 60016 net optional
openvpn_2.7.0~rc2-2.debian.tar.xz
8cf71fe1180027f4b47be8cad3ac5a5c 7162 net optional
openvpn_2.7.0~rc2-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAmkfmZsRHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJOxOA/9EsMmmRy3wPiyNbt2uKMe0EBuMWbvJm5f
ncebB+cir7bPkLkbcdvgD7xlbYqId2mcuVlJ775u3ScRMrkU3DfShsdSUipsmVbM
M7F6LFRdS5IxcoUCa6HjQ7fP9EvHAc/QqofcPvSlZFDjjIUwPvPaJoAYFIofgesM
bMn0a2FBsGoPMz6aHjd3xyBLkCzHa23zzCy91Hds3dKUrlTvs+RFLPjz+g61zDSf
7Ujn4H5aHFyTyBJEZG4Y/iLgEVae02uICW2qM+WhcCoXnRXkubpBQdJQ1XNkjrme
QPJxlqyAQNcmuqaBj0bJvrreOutD/6U3SdU24Jky0t4tjJjbfsX95XbgN2FK6k9R
PD/OXLB/z2Yadc08CKtsTqbxzK+YbsEjKhO264GSACWjzj0FFTlr8ifBFcaR8PkQ
XmaDqUxBVa7E5wt6b7199ZtT3GpW42UND593I++YQcEL2hO637CVdtbjIlI9dOE4
YRd1x5/+Oz//yXfL15G7epqJyxeq9G+C9Zb63lEhB0iojIrMCjbV4FVaZCgUbd+P
RF7cr1y+j5UTQCYE7PowQTu6SVm3VDFnfkHlZ++wobroeEP6fJROaxx8q2tNYpH+
FLZyU9TD5wdy1D6aFJICuOOOuBVL3dLdUkFediQmCV5EV+iV/x4hfQvs95LF7wHh
eB90dpaq7qc=
=frX2
-----END PGP SIGNATURE-----
pgpevXQn8duC6.pgp
Description: PGP signature
--- End Message ---
