Package "openvpn"

  openvpn (2.6.14-0ubuntu0.25.04.3) plucky-security; urgency=medium

  * SECURITY UPDATE: incorrect HMAC verification check
    - debian/patches/CVE-2025-13086.patch: fix memcmp check for the hmac
      verification in the 3way handshake being inverted in
      src/openvpn/ssl_pkt.c, tests/unit_tests/openvpn/test_pkt.c.
    - CVE-2025-13086

 -- Marc Deslauriers <email address hidden> Mon, 24 Nov 2025 17:31:42 -0500

  openvpn (2.6.14-0ubuntu0.25.04.2) plucky; urgency=medium

  * d/p/handle_intentional_route_push_float_ip.patch: Fix floating IP due
    to "route VPN_IP net_gateway", which can lead to incorrect blocking of
    a source IP switch for 60 seconds immediately after connection setup.
    (LP: #2108860)

 -- Jonas Jelten <email address hidden> Tue, 09 Sep 2025 16:27:21 +0200

  openvpn (2.6.14-0ubuntu0.25.04.1) plucky; urgency=medium

  * New upstream version 2.6.14 (LP: #2040467):
    - CVE Fixes:
      + CVE-2025-2704
    - Bug Fixes:
      + Repair source IP selection for --multihome.
      + Allow tls-crypt-v2 to be setup only on initial packet of a session.
    - See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn26 for
      additional bug fixes and information.
  * Remove patches fixed upstream:
    - d/p/CVE-2025-2704.patch
    [Fixed in 2.6.14]

 -- Lena Voytek <email address hidden> Thu, 29 May 2025 16:57:16 -0400