-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

A new version of OpenVPN-NL (2.3.5-nl1) is available on the OpenVPN-NL site [1]. This version is based on OpenVPN 2.3.5 [2], and PolarSSL 1.2.12 [3].

This new version of OpenVPN-NL includes a new PolarSSL release, which fixes a remotely-triggerable memory leak when parsing some X.509 certificates. When using tls-auth, this can only be achieved when the group key ("tls-auth") has been compromised. A successful attack can potentially cause a denial-of-service; confidentiality and authenticity are not compromised.

This release contains some minor bugfixes in both PolarSSL and OpenVPN [2,3].

References - ---------- [1] https://openvpn.fox-it.com/ [2] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23 [3] https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released