[ubuntu/questing-proposed] openvpn 2.6.19-0ubuntu0.25.10.1 (Accepted)

Lena Voytek lena.voytek at canonical.com
Wed Feb 25 21:05:40 UTC 2026 

openvpn (2.6.19-0ubuntu0.25.10.1) questing; urgency=medium

  * New upstream version 2.6.19 (LP: #2127658):
    - CVE Fixes:
      + CVE-2025-13086
    - Updates:
      + Disable DCO if --bind-dev option is given
    - Bug Fixes:
      + Fix incorrect file descriptor handling in p2mp server on inotify FD
        during a SIGUSR1 restart.
      + Fix bug where --management-forget-disconnect and --management-signal
        could be executed even if password authentication to managment
        interface was still pending.
      + Repair client-side interaction on reconnect between DCO event handling
        and --persist-tun.
      + Prevent crash on invalid server-ipv6 argument.
      + Fix invalid pointer creation in tls_pre_decrypt().
      + Properly check for errors in creation on $auth_failed_reason_file.
      + Apply close-on-exec option to correct socket for incoming TCP
        connections.
      + Fix missing perf_pop() call in ssl_mbedtls.
      + Apply more checks to incoming TLS handshake packets before creating new
        state.
      + Fix broadcast address configuration for broadcast-based applications
        using ifconfig to get address.
    - See https://community.openvpn.net/ReleaseHistory for additional
      information.
  * Remove patches fixed upstream:
    - d/p/CVE-2025-13086.patch
    [Fixed in 2.6.16]
    - d/p/avoid-redefining-ovpn-enums.patch
    - d/p/handle_intentional_route_push_float_ip.patch
    [Fixed in 2.6.15]
  * d/watch: Update download URL.

Date: Fri, 20 Feb 2026 18:02:57 -0500
Changed-By: Lena Voytek <lena.voytek at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openvpn/2.6.19-0ubuntu0.25.10.1
-------------- next part --------------
Format: 1.8
Date: Fri, 20 Feb 2026 18:02:57 -0500
Source: openvpn
Built-For-Profiles: noudeb
Architecture: source
Version: 2.6.19-0ubuntu0.25.10.1
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Lena Voytek <lena.voytek at canonical.com>
Launchpad-Bugs-Fixed: 2127658
Changes:
 openvpn (2.6.19-0ubuntu0.25.10.1) questing; urgency=medium
 .
   * New upstream version 2.6.19 (LP: #2127658):
     - CVE Fixes:
       + CVE-2025-13086
     - Updates:
       + Disable DCO if --bind-dev option is given
     - Bug Fixes:
       + Fix incorrect file descriptor handling in p2mp server on inotify FD
         during a SIGUSR1 restart.
       + Fix bug where --management-forget-disconnect and --management-signal
         could be executed even if password authentication to managment
         interface was still pending.
       + Repair client-side interaction on reconnect between DCO event handling
         and --persist-tun.
       + Prevent crash on invalid server-ipv6 argument.
       + Fix invalid pointer creation in tls_pre_decrypt().
       + Properly check for errors in creation on $auth_failed_reason_file.
       + Apply close-on-exec option to correct socket for incoming TCP
         connections.
       + Fix missing perf_pop() call in ssl_mbedtls.
       + Apply more checks to incoming TLS handshake packets before creating new
         state.
       + Fix broadcast address configuration for broadcast-based applications
         using ifconfig to get address.
     - See https://community.openvpn.net/ReleaseHistory for additional
       information.
   * Remove patches fixed upstream:
     - d/p/CVE-2025-13086.patch
     [Fixed in 2.6.16]
     - d/p/avoid-redefining-ovpn-enums.patch
     - d/p/handle_intentional_route_push_float_ip.patch
     [Fixed in 2.6.15]
   * d/watch: Update download URL.
Checksums-Sha1:
 50bcdd730daa3482cae3ba01e65c6ea8bafcaf17 2404 openvpn_2.6.19-0ubuntu0.25.10.1.dsc
 0a8f410dc42f54298c7a0bc5cacafba39bec11c6 1926557 openvpn_2.6.19.orig.tar.gz
 373a9573eb279189957ebba38944d1d23699d759 66192 openvpn_2.6.19-0ubuntu0.25.10.1.debian.tar.xz
 3702ad9e32172c5feebf871c326c87b1db29f865 8695 openvpn_2.6.19-0ubuntu0.25.10.1_source.buildinfo
Checksums-Sha256:
 de6d3e4331ec78ba18002e9709ae31433cbbe269cf5f75d28daebe4c662763fb 2404 openvpn_2.6.19-0ubuntu0.25.10.1.dsc
 13702526f687c18b2540c1a3f2e189187baaa65211edcf7ff6772fa69f0536cf 1926557 openvpn_2.6.19.orig.tar.gz
 5f7a458cdae82989f290f096e70c30c334bf44448df313fcd4609cfce83545c2 66192 openvpn_2.6.19-0ubuntu0.25.10.1.debian.tar.xz
 67109cccbdf0fdb5cdf28efa00e3781f0df879d51aab3191d2681230106036b4 8695 openvpn_2.6.19-0ubuntu0.25.10.1_source.buildinfo
Files:
 274489482b17a2d0101af3b6cc7eb103 2404 net optional openvpn_2.6.19-0ubuntu0.25.10.1.dsc
 ed2b0b0be35a0ff177f3b651eec8e773 1926557 net optional openvpn_2.6.19.orig.tar.gz
 b2c2d13c2cf5cf1e8ab0b0f50a872939 66192 net optional openvpn_2.6.19-0ubuntu0.25.10.1.debian.tar.xz
 d6b1da7bec7cdd2fee2da6134b9f5e4c 8695 net optional openvpn_2.6.19-0ubuntu0.25.10.1_source.buildinfo
Original-Maintainer: Bernhard Schmidt <berni at debian.org>
Vcs-Git: https://git.launchpad.net/~lvoytek/ubuntu/+source/openvpn
Vcs-Git-Commit: 3bdfd86073b3f428276fd3d838a1b4260cd6f1ef
Vcs-Git-Ref: refs/heads/backport-2.6.19-questing

More information about the Questing-changes mailing list