[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2024-5594/openvpn: record regression and fixes on v2.6 and v2.5

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Aug 30 08:17:32 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f2b0e2d6 by Carlos Henrique Lima Melara at 2025-08-29T22:50:26-03:00
CVE-2024-5594/openvpn: record regression and fixes on v2.6 and v2.5

- - - - -
d9606862 by Salvatore Bonaccorso at 2025-08-30T09:17:24+02:00
Merge branch 'add-more-info-CVE-2024-5594' into 'master'

CVE-2024-5594/openvpn: record regression and fixes on v2.6 and v2.5

See merge request security-tracker-team/security-tracker!241
- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -127095,6 +127095,10 @@ CVE-2024-5594 (OpenVPN before 2.6.11 does not santize PUSH_REPLY messages proper
 	- openvpn 2.6.11-1 (bug #1074488)
 	[bookworm] - openvpn 2.6.3-1+deb12u3
 	NOTE: https://github.com/OpenVPN/openvpn/commit/90e7a858e5594d9a019ad2b4ac6154124986291a (v2.6.11)
+	NOTE: https://github.com/OpenVPN/openvpn/commit/d4921ba22f5ae4537d808986743a228617c86328 (v2.5.11)
+	NOTE: Regression issue: https://github.com/OpenVPN/openvpn/issues/568
+	NOTE: Regression fix: https://github.com/OpenVPN/openvpn/commit/343573990135023d855d151fcd9248e5c26d9f8b (v2.6.12)
+	NOTE: Regression fix: https://github.com/OpenVPN/openvpn/commit/dddb87f126a6e87e61de830a9efe0bc257a71e2b (v2.5.11)
 CVE-2024-4877 (OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, le ...)
 	- openvpn <not-affected> (Only affects Windows)
 CVE-2024-6269 (A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c875a222738a2d11d17594a42bfc3952f32e895a...d9606862735297ce9dc5d4082922222b4edc8d11

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c875a222738a2d11d17594a42bfc3952f32e895a...d9606862735297ce9dc5d4082922222b4edc8d11
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250830/7239c8cf/attachment.htm>

More information about the debian-security-tracker-commits mailing list