On Wed, 21 May 2025 09:31:17 +0200 Marc Leeman <marc.lee...@gmail.com> wrote: > I have already prepared the 24.1 on salsa, but my usual sponsor is > recovering and my other sponsor has GPG key problems :-/ > > I'm trying to get hold of someone that upload the package. > > On Wed, 21 May 2025 at 07:09, Salvatore Bonaccorso <car...@debian.org> wrote: > > > > Source: openvpn3-client > > Version: 24+dfsg-2 > > Severity: grave > > Tags: security upstream > > Justification: user security hole > > X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> > > > > Hi, > > > > The following vulnerability was published for openvpn3-client. > > > > Marc, I'm marking this RC as openvpn3-client is fresh to be included > > in trixie and it would be ideal we do not start with an open CVE. It > > is really borderline to mark it RC and you feel absolutely strong feel > > free to downgrate. Though I'm still convicend it should be made into > > trixie before release. > > > > CVE-2025-3908[0]: > > | The configuration initialization tool in OpenVPN 3 Linux v20 through > > | v24 on Linux allows a local attacker to use symlinks pointing at an > > | arbitrary directory which will change the ownership and permissions > > | of that destination directory. > > > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > For further information see: > > > > [0] https://security-tracker.debian.org/tracker/CVE-2025-3908 > > https://www.cve.org/CVERecord?id=CVE-2025-3908 > > [1] https://community.openvpn.net/Security%20Announcements/CVE-2025-3908 > > > > Regards, > > Salvtore > > > > -- > g. Marc > > GPG: 827C FD74 BA46 8152 A041 F3A0 7A6A 4F17 5995 A65B > >
Marc, If your sponsor issue still persists, you can always upload to Debian Mentors, file an RFS and let's see if we can get this CVE fix sponsored by another DD. -- Regards Phil Donate: https://buymeacoffee.com/kathenasorg -- "I play the game for the game’s own sake" Arthur Conan Doyle - The Adventure of the Bruce-Partington Plans -- Internet Relay Chat (IRC): kathenas Website: https://kathenas.org Instagram: https://instagram.com/kathenasorg Threads: https://www.threads.net/@kathenasorg --
signature.asc
Description: This is a digitally signed message part
