-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 16 Dec 2025 20:36:49 +0100
Source: dropbear
Binary: dropbear-bin dropbear-bin-dbgsym
Architecture: s390x
Version: 2025.89-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: s390x Build Daemon (zandonai) <buildd_s390x-zandonai@buildd.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Description:
 dropbear-bin - lightweight SSH2 server and client - command line tools
Closes: 1123069
Changes:
 dropbear (2025.89-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream security and bugfix release (closes: #1123069).
     + Fix CVE-2025-14282: Privilege escalation via unix stream forwarding in
       Dropbear server. Other programs on a system may authenticate unix
       sockets via SO_PEERCRED, which would be root user for Dropbear forwarded
       connections, allowing root privilege escalation.
     + The server now drops privileges of the dropbear process after
       authentication.
     + Remote server TCP socket forwarding will now use OS privileged port
       restrictions rather than having a fixed "allow >=1024 for non-root"
       rule.
     + Unix stream sockets are now disallowed when a forced command is used,
       either with authorized_key restrictions or "dropbear -c command".
   * DEP-8: Add "Depends: e2fsprogs" to remote-unlocking test.
Checksums-Sha1:
 1e992f69f3d82dcf34f2e85ac9f9c6a991fb2add 777140 dropbear-bin-dbgsym_2025.89-1~deb13u1_s390x.deb
 70a459830a74ed571b5b7a8a1340f03c5d1b5fce 183876 dropbear-bin_2025.89-1~deb13u1_s390x.deb
 564536f48283126ab7e9047cb338d2a31b296e8f 5878 dropbear_2025.89-1~deb13u1_s390x-buildd.buildinfo
Checksums-Sha256:
 88e89c5543f1fa5d6b1056114117b7b40588891a24df14260c315dc1ba18ace7 777140 dropbear-bin-dbgsym_2025.89-1~deb13u1_s390x.deb
 f0bf2d95e4b2da7014e2760688c34410f8c54f5c45811d34ae0a28f8a522eca5 183876 dropbear-bin_2025.89-1~deb13u1_s390x.deb
 926bf5b3d57e6deeeca9e0438ef71147e66d8be10583516c92035613d4c0137b 5878 dropbear_2025.89-1~deb13u1_s390x-buildd.buildinfo
Files:
 b574566fa36ba5f085cf6d018752ed10 777140 debug optional dropbear-bin-dbgsym_2025.89-1~deb13u1_s390x.deb
 061f8d76f63dd99feb680565d9bfc9cc 183876 net optional dropbear-bin_2025.89-1~deb13u1_s390x.deb
 9c9944d2c9fa50597fbe56935ff3c010 5878 net optional dropbear_2025.89-1~deb13u1_s390x-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEENly2ANlpa4eeqnluvVOPI7pYNpgFAmlCBi8ACgkQvVOPI7pY
NpiRnw/+PcwvRkZw/QCqSt4anVzFxQMO8BcjB8AKhIVIQUa32W3VT6L9kFGfKBD0
oYRwlh4SzhBKR98+gGuHs2N6tasjOm18Y+xZcJQM44CQGSRdjMh8ifo5+eImJa6O
CHVP84xk5+gmd7WVF9AcD+0Ic9mWEbwc5RI5rbyTNt65bJmJdSYMwx2GTwO+gOvn
R60DYYj3o9MQU+DEhi4qKxvoNgQvet1V+R2SIEojCZzYGYr/z+pRdPNMtFDbt2V8
azzfxuxb/G9dsOMkb7mT28ZlPGpag/qeQXqTxrnjG0dRGbF8jGX0PVR6RqY3jXAk
6jVVTGpqOr6rutx+0VNqQhUnqUp2vL/PSXtIrtnhvlwR83wDL5okZ+vYCWJpX9gX
1J2wqMCPCmLQlfPfCCQMeIl51BuD6KZ+vkmVxzWcKO8wtyF1b+jb8yj/WLLUuPMX
e1uSpUAX3varBlS8UE6f5Lew/GUiH03oGITapmU/BEv1+D09me42nZ9l7S3RFLie
LWJZfjki+W1vy3UEbAaRIHFcW95hYoffjJ+D/deDzYMrnljZcULrfL5sOOHRyZpY
GdyEMSJgj64XsNKXXAzQqFp4Xfr3LGYsH5WtQv6+rC5QNwuuZzN6XzBs+PRL4a9q
4aoJY9cu2zekAsgG6W8jVc1e9dIPVykMU8kBu1VnD3LI6TR5xNM=
=9TQP
-----END PGP SIGNATURE-----