openvpn versions before 2.3.9 contained a bug where the code would read invalid memory. I don't know if this is exploitable in any way, but similar issues usually get handled as vulnerabilities unless proven otherwise. (this one didn't get a CVE, but this is probably due to the general CVE-hiccups currently going on.) We already have 2.3.10-r1 in tree since a while, so I propose stabilizing that.
(In reply to Hanno Boeck from comment #0) > We already have 2.3.10-r1 in tree since a while, so I propose stabilizing > that. I agree. Thanks for your work and the report! arches: please get 2.3.10-r1 stable
amd64 stable
Stable for HPPA PPC64.
x86 stable
arm stable
Alpha is skipping this one on favor of bug 582902.
ppc stable
sparc stable
ia64 stable. Maintainer(s), please cleanup. Security, please vote.
GLSA Vote: No.