-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 11 May 2017 14:15:21 +0200 Source: openvpn Binary: openvpn Architecture: source amd64 Version: 2.4.0-5 Distribution: unstable Urgency: high Maintainer: Alberto Gonzalez Iniesta <a...@inittab.org> Changed-By: Alberto Gonzalez Iniesta <a...@inittab.org> Description: openvpn - virtual private network daemon Changes: openvpn (2.4.0-5) unstable; urgency=high . * Change typo fix in command line help. * SECURITY UPDATE: pre-authentication denial-of-service vulnerability (both client and server) from a too-large control packet. - debian/patches/CVE-2017-7478.patch: Do not assert on too-large control packet - CVE-2017-7478 * SECURITY UPDATE: authenticated remote DoS vulnerability due to packet ID rollover - debian/patches/CVE-2017-7479-prereq.patch: merge packet_id_alloc_outgoing() into packet_id_write() - debian/patches/CVE-2017-7479.patch: do not assert when packet ID rollover occurs - CVE-2017-7479 * SECURITY UPDATE: auth tokens left in memory after de-auth - debian/patches/wipe_tokens_on_de-auth.patch: always wipe token as soon as a TLS session is considered broken. * Kudos to Steve Beattie <sbeat...@ubuntu.com> for doing all the backporting work for this upload. Checksums-Sha1: 6a883a5e3754f85ffcca93d7500fdeb8bfe9ed43 2092 openvpn_2.4.0-5.dsc 442e10d0f09c5c48395e641c82db131553be5267 56832 openvpn_2.4.0-5.debian.tar.xz 0ebba28ece7c3deca583036c74d2fe83b06eeefd 1371924 openvpn-dbgsym_2.4.0-5_amd64.deb 6372c8bd4b78f600a93fc218bb5b2c64b7c97304 6465 openvpn_2.4.0-5_amd64.buildinfo c8063b9ad39ef8d64dcffcda0c83bb479ca214f4 499612 openvpn_2.4.0-5_amd64.deb Checksums-Sha256: 1eb538f52ba8adb445aba8a5e2f016e245b54b2182caf4261915124ba331a695 2092 openvpn_2.4.0-5.dsc 63375ba20d283c6a13de8ab1a951d12d866b0476759c829202c440ccc04d5d15 56832 openvpn_2.4.0-5.debian.tar.xz 1bdc83510f3a72f6677e1b3d7b41fb09a4038860e749b232d9e630a15c8068c8 1371924 openvpn-dbgsym_2.4.0-5_amd64.deb 73950211edcc3856a8b91a38b5ffd383a8607f4bfd275bf6e789a863aeca7efb 6465 openvpn_2.4.0-5_amd64.buildinfo de85bb57a12124452090c9171297b52a1a85517a3d834724a735244728c5312f 499612 openvpn_2.4.0-5_amd64.deb Files: e79fcbc8400cc005c793bfed91cf5f6f 2092 net optional openvpn_2.4.0-5.dsc df36b76882b917241c3b682efcbd39d6 56832 net optional openvpn_2.4.0-5.debian.tar.xz a3060965821a5896279df342a3146e5d 1371924 debug extra openvpn-dbgsym_2.4.0-5_amd64.deb 5915562befce6d44738ae4397eecfd5d 6465 net optional openvpn_2.4.0-5_amd64.buildinfo e899ceed350cbd48d5f5e33b205cb52c 499612 net optional openvpn_2.4.0-5_amd64.deb
-----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEEU0fL2D4wqetNfUvyAJszdWuaqlUFAlkUWBMQHGFnaUBpbml0 dGFiLm9yZwAKCRAAmzN1a5qqVZx3EACEFNXGJENI/Y1G5nigGEQTwJYcPcWFCDLP WHhSj4Hyqy3BtE+Q+18SzaykXr2iymcpBepX8o55eTwiOE/P2dUxNrau2UMmLbdy GyObrouJhKFWgiJ9d+s6Vm3slCKRQrHgEIY3B6oCSgtsYuXp5Fmvb8gO5ssLcA2f 7RXNRjpCubD9sXiINAXsoZIuEzyQV94tO5uQUDUkvhy09PRZ8l+L/uGjEM/LGDZv 2lHKQD4hWTrAIye3aShyGIcMfeEzY0L0iY3jV7HpO463e7BihKlvTA78T6vXkTnX JDs+60mZXTBovyEw1jA9kIATJ9DUVGPBUaiYNVeO2NerM+wetz/U/vlLSx9JqYZB H1BhO4TTJRfx2IWLsnRD5rxzArdMK+F3p1UpYmCCdrzomThNkecKQwr2IWHS5BWn 1j/WbO7mkxt9jaYjEZLjxFEmPWjd1DtPxOAdMrEgoLjTCmv1N76GRY8Cd8W6jTnE cliAKKoeyhxjrwoC6IpbPdYL/t33voG4+Cp6vtKRr19wn92OLU0hfJPQNUE3JieS FomgsaKTxVLlU/RFlmY1Ydu8t4aPE7/9rW8WF4dhiGzNcKNkOnL/pENyrWcc8638 hG/HJT/aPWkRnnVX+zZwOgz63hcn5LVcZ1LahsOFHKS2PNTWLVSBBL/XjpObxwRy /nNdlCA3JQ== =qvEF -----END PGP SIGNATURE-----