Re: Please test openvpn 2.2.1-8+deb7u4 before release
On Fri, May 12, 2017 at 04:13:53PM +0200, Raphael Hertzog wrote:
> Hi,
>
> On Fri, 12 May 2017, Chris Lamb wrote:
> > The Debian LTS team would like to fix the security issues which are
> > currently open in the Wheezy version of openvpn:
> > https://security-tracker.debian.org/tracker/source-package/openvpn
>
> I have just prepared an update based on the upstream patches posted
> here:
> https://sourceforge.net/p/openvpn/mailman/message/35835703/
>
> You can find the updated package here:
> dget https://people.debian.org/~hertzog/packages/openvpn_2.2.1-8+deb7u4_amd64.changes
>
> I don't have any wheezy-based OpenVPN setup that I can use to test that
> this update did not introduce any regression. So it would be nice if some
> LTS users could grab the above package, update their system and let me
> know their findings. It should be relatively safe but one never knows...
>
> Thank you!
Hi,
I'm sorry I did not see this before, since I had packages ready for
Wheezy, Jessie and Stretch already. I contacted securit@d.o yesterday
but their reply arrived late at night (instructing me to contact LTS
about the Wheezy package).
>From a quick review, the patches you applied are basically the ones in my
package, so I guess they must be OK. I only have one OpenVPN server
running Wheezy these days but I cannot test this until tomorrow (under
heavy use right now). If that's fine with you I'll come back with news.
Regards,
Alberto
--
Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico
mailto/sip: agi@inittab.org | en GNU/Linux y software libre
Encrypted mail preferred | http://inittab.com
Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55
Reply to: