-
openvpn (2.3.2-7ubuntu3.2) trusty-security; urgency=medium
* SECURITY UPDATE: birthday attack when using 64-bit block cipher
- debian/patches/CVE-2016-6329.patch: print warning if 64-bit cipher is
selected in src/openvpn/crypto.c, src/openvpn/crypto_openssl.c.
- CVE-2016-6329
* SECURITY UPDATE: DoS due to Exhaustion of Packet-ID counter
- debian/patches/CVE-2017-7479-pre.patch: merge
packet_id_alloc_outgoing() into packet_id_write() in
src/openvpn/crypto.c, src/openvpn/packet_id.c,
src/openvpn/packet_id.h.
- debian/patches/CVE-2017-7479.patch: drop packets instead of assert
out if packet id rolls over in src/openvpn/crypto.c,
src/openvpn/packet_id.c, src/openvpn/packet_id.h.
- CVE-2017-7479
* SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet
- debian/patches/CVE-2017-7508.patch: remove assert in
src/openvpn/mss.c.
- CVE-2017-7508
* SECURITY UPDATE: Remote-triggerable memory leaks
- debian/patches/CVE-2017-7512.patch: fix leaks in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7512
* SECURITY UPDATE: Pre-authentication remote crash/information disclosure
for clients
- debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
- CVE-2017-7520
* SECURITY UPDATE: Potential double-free in --x509-alt-username and
memory leaks
- debian/patches/CVE-2017-7521.patch: fix double-free in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7521
* SECURITY UPDATE: DoS in establish_http_proxy_passthru()
- debian/patches/establish_http_proxy_passthru_dos.patch: fix
null-pointer dereference in src/openvpn/proxy.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Thu, 22 Jun 2017 10:51:34 -0400
-
openvpn (2.3.2-7ubuntu3.1) trusty-security; urgency=medium
* SECURITY UPDATE: server denial of service via too-short control channel
packets
- debian/patches/CVE-2014-8104.patch: drop too-short control channel
packets instead of asserting out in src/openvpn/ssl.c.
- CVE-2014-8104
* debian/patches/update_certs.patch: update test certs to fix FTBFS.
-- Marc Deslauriers <email address hidden> Mon, 01 Dec 2014 17:10:01 -0500
-
openvpn (2.3.2-7ubuntu3) trusty; urgency=medium
[ Simon Deziel ]
* Refresh delta with debian/openvpn.init.d:
- Make stop action reliable by killing if needed
(LP: #1274254, LP: #1200519)
- Use new path for status file (LP: #1261088)
-- Stephane Graber <email address hidden> Tue, 04 Feb 2014 09:31:39 -0500
-
openvpn (2.3.2-7ubuntu2) trusty; urgency=medium
* Patch libtool.m4 and configure to support ppc64el.
-- Matthias Klose <email address hidden> Mon, 30 Dec 2013 12:32:35 +0100
-
openvpn (2.3.2-7ubuntu1) trusty; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/openvpn.init.d:
+ Do not use start-stop-daemon and </dev/null to avoid blocking boot.
+ Show per-VPN result messages.
+ Add "--script-security 2" by default for backwards compatabliity.
- Demote easy-rsa to Suggests
openvpn (2.3.2-7) unstable; urgency=low
* Fix postinst when no *.pid files exist in /run/sendsigs.omit.d/.
(Closes: #730679)
openvpn (2.3.2-6) unstable; urgency=low
* Move PID and status files to openvpn subdir in /run.
(Closes: #614036). Thanks Stephen Gildea for the patch and Simon Deziel
for the upgrade path.
* Add --enable-x509-alt-username option to ./configure
-- Stephane Graber <email address hidden> Mon, 02 Dec 2013 18:14:42 -0500
-
openvpn (2.3.2-5ubuntu1) trusty; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/openvpn.init.d:
+ Do not use start-stop-daemon and </dev/null to avoid blocking boot.
+ Show per-VPN result messages.
+ Add "--script-security 2" by default for backwards compatabliity.
- Demote easy-rsa to Suggests
openvpn (2.3.2-5) unstable; urgency=low
* Patch init script to fix race conditions on restarts.
(Closes: #716794). Thanks Simon Deziel for the patch.
* Improve update-resolv-conf script. Thanks Thomas Hood
for the patch. (Closes: #721082)
-- Stephane Graber <email address hidden> Mon, 21 Oct 2013 13:07:37 -0400
-
openvpn (2.3.2-4ubuntu1) saucy; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/openvpn.init.d:
+ Do not use start-stop-daemon and </dev/null to avoid blocking boot.
+ Show per-VPN result messages.
+ Add "--script-security 2" by default for backwards compatabliity.
openvpn (2.3.2-4) unstable; urgency=low
* Fix depends on iproute to iproute2.
openvpn (2.3.2-3) unstable; urgency=low
* Add iproute2 support on linux archs.
* Add versioned Build-Depends on dpkg-dev since --export=configure
is used. (Closes: #697560)
openvpn (2.3.2-2) unstable; urgency=low
* Add pkg-config to Build-Depends while waiting for libpkcs11-helper1-dev's
maintainter to decide if he includes pkg-config as a Depends.
Thanks Roland Stigge for finding out. (Closes: #711076)
openvpn (2.3.2-1) unstable; urgency=low
* New upstream version.
Less messages about script security (Closes: #573129)
* Add --enable-pkcs11 to configure to avoid losing PKCS11.
Thanks Jaak Pruulmann-Vengerfeldt for noticing before the
upload! (Closes: #710085)
-- Stephane Graber <email address hidden> Tue, 09 Jul 2013 17:20:31 -0400