ubuntu/+source/openvpn:ubuntu/zesty-security

Last commit made on 2017-06-22
Get this branch:
git clone -b ubuntu/zesty-security https://git.launchpad.net/ubuntu/+source/openvpn
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/zesty-security
Repository:
lp:ubuntu/+source/openvpn

Recent commits

1ce9024... by Marc Deslauriers on 2017-06-22

Import patches-unapplied version 2.4.0-4ubuntu1.3 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: bd6c65cc87445b44027fdbb98d2c698e2075dd69

New changelog entries:
  * SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet
    - debian/patches/CVE-2017-7508.patch: remove assert in
      src/openvpn/mss.c.
    - CVE-2017-7508
  * SECURITY UPDATE: Remote-triggerable memory leaks
    - debian/patches/CVE-2017-7512.patch: fix leaks in
      src/openvpn/ssl_verify_openssl.c.
    - CVE-2017-7512
  * SECURITY UPDATE: Pre-authentication remote crash/information disclosure
    for clients
    - debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
      OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
    - CVE-2017-7520
  * SECURITY UPDATE: Potential double-free in --x509-alt-username and
    memory leaks
    - debian/patches/CVE-2017-7521.patch: fix double-free in
      src/openvpn/ssl_verify_openssl.c.
    - CVE-2017-7521
  * SECURITY UPDATE: DoS in establish_http_proxy_passthru()
    - debian/patches/establish_http_proxy_passthru_dos.patch: fix
      null-pointer dereference in src/openvpn/proxy.c.
    - No CVE number

bd6c65c... by Steve Beattie on 2017-05-10

Import patches-unapplied version 2.4.0-4ubuntu1.2 to ubuntu/zesty-security

Imported using git-ubuntu import.

Changelog parent: 06b598bf63d59a6a41a3e2cb6c8797ee36a24c9a

New changelog entries:
  * SECURITY UPDATE: pre-authentication denial-of-service vulnerability
    (both client and server) from a too-large control packet.
    - debian/patches/CVE-2017-7478.patch: Do not assert on too-large
      control packet
    - CVE-2017-7478
  * SECURITY UPDATE: authenticated remote DoS vulnerability due to
    packet ID rollover
    - debian/patches/CVE-2017-7479-prereq.patch: merge
      packet_id_alloc_outgoing() into packet_id_write()
    - debian/patches/CVE-2017-7478.patch: do not assert when packet ID
      rollover occurs
    - CVE-2017-7478
  * SECURITY UPDATE: auth tokens left in memory after de-auth
    - debian/patches/wipe_tokens_on_de-auth.patch: always wipe token
      as soon as a TLS session is considered broken.

06b598b... by Jon Grimm on 2017-02-10

Import patches-unapplied version 2.4.0-4ubuntu1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 258a949b60bbd840885264854bd2bcd80e577aab
Upload parent: 63802e6153f479b7724f368f3515ee7991033f11

New changelog entries:
  * Merge with Debian unstable. Remaining Ubuntu changes:
    - debian/openvpn@.service: Add "--script-security 2" similar to what got
      added to debian/openvpn.init.d ages ago (LP: #1454725)
    - Demote easy-rsa to Suggests (universe package).
  * Drop:
    - debian/control: Actually drop the initscripts dependency.
      (Closes: #804968). Already in Debian

63802e6... by Jon Grimm on 2017-02-10

update-maintainer

51f87ac... by Jon Grimm on 2017-02-10

reconstruct-changelog

11181f6... by Jon Grimm on 2017-02-10

merge-changelogs

561a643... by Jon Grimm on 2017-02-10

Drop * debian/control: Actually drop the initscripts dependency.
    (Closes: #804968)

a55f0c9... by Jon Grimm on 2017-02-10

- debian/openvpn@.service: Add "--script-security 2" similar to what got
      added to debian/openvpn.init.d ages ago (see LP: #260291).

c769efe... by Jon Grimm on 2017-02-10

- Demote easy-rsa to Suggests (universe package).

258a949... by Alberto Gonzalez Iniesta <email address hidden> on 2017-02-02

Import patches-unapplied version 2.4.0-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a922daea2ba0a9a697f442595cf8144d42236c0e

New changelog entries:
  * Add NEWS entries on possible 2.4 migration issues.
    (Closes: #852381, #849909)