Thanks for the merge request. We rate this security vulnerability as being "low" priority, which means we will not publish a security update for it unless another more important issue turns up in openvpn, at which point we will bundle both updates together.
I am unsubscribing ubuntu-security-sponsors for now. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1184223 Title: CVE-2013-2061: use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1184223/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
