74a66189f1
Security fixes: CVE-2025-2704: fix possible ASSERT() on OpenVPN servers using --tls-crypt-v2 Security scope: OpenVPN servers between 2.6.1 and 2.6.13 using --tls-crypt-v2 can be made to abort with an ASSERT() message by sending a particular combination of authenticated and malformed packets. No crypto integrity is violated, no data is leaked, and no remote code execution is possible. This bug does not affect OpenVPN clients. For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.14/Changes.rst Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com> |
||
|---|---|---|
| .. | ||
| 100-mbedtls-disable-runtime-version-check.patch | ||
| 101-Fix-EVP_PKEY_CTX_-compilation-with-wolfSSL.patch | ||
| 102-Disable-external-ec-key-support-when-building-with-wolfSSL.patch | ||
| 103-define-LN_serialNumber-for-wolfSSL.patch | ||