[Git][security-tracker-team/security-tracker][master] Triage CVE-2025-13086 in openvpn for bullseye LTS.
Chris Lamb (@lamby)
lamby at debian.org
Fri Nov 21 16:44:46 GMT 2025
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b50311fb by Chris Lamb at 2025-11-21T08:44:33-08:00
Triage CVE-2025-13086 in openvpn for bullseye LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -647,6 +647,7 @@ CVE-2025-12106 [IPv6 address parsing: fix buffer overread on invalid input]
CVE-2025-13086 [HMAC verification check: fix incorrect memcmp() call]
[experimental] - openvpn 2.7.0~rc2-1
- openvpn 2.7.0~rc2-2 (bug #1121086)
+ [bullseye] - openvpn <not-affected> (Vulnerable code not present)
NOTE: https://community.openvpn.net/Security%20Announcements/CVE-2025-13086
NOTE: Introduced with: https://github.com/OpenVPN/openvpn/commit/b364711486dc6371ad2659a5aa190941136f4f04 (v2.6_beta1)
NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/18c483dd6031d86eb393527855734e8cd62fea19 (v2.7_rc2)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b50311fbfa2c9eb25f12ae1d3bc1f6f85247bd02
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b50311fbfa2c9eb25f12ae1d3bc1f6f85247bd02
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251121/e73f4a48/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list