= CVE-2024-28882: OpenVPN in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session

only call schedule_exit() once (on a given peer).

Security scope: an authenticated client can make the server "keep the session" even when the server has been told to disconnect this client.

Affected versions: 2.6.0 until 2.6.10 (inclusive)

=== References
* Release notes: https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html
* CVE record: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28882
* Reported by: Reynir Björnsson