Thanks for the merge request. We rate this security vulnerability as being "low" priority, which means we will not publish a security update for it unless another more important issue turns up in openvpn, at which point we will bundle both updates together.
I am unsubscribing ubuntu-security-sponsors for now. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvpn in Ubuntu. https://bugs.launchpad.net/bugs/1184223 Title: CVE-2013-2061: use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1184223/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs