-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 16 Dec 2025 20:36:49 +0100
Source: dropbear
Architecture: source
Version: 2025.89-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Guilhem Moulin <guilhem@debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1123069
Changes:
 dropbear (2025.89-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream security and bugfix release (closes: #1123069).
     + Fix CVE-2025-14282: Privilege escalation via unix stream forwarding in
       Dropbear server. Other programs on a system may authenticate unix
       sockets via SO_PEERCRED, which would be root user for Dropbear forwarded
       connections, allowing root privilege escalation.
     + The server now drops privileges of the dropbear process after
       authentication.
     + Remote server TCP socket forwarding will now use OS privileged port
       restrictions rather than having a fixed "allow >=1024 for non-root"
       rule.
     + Unix stream sockets are now disallowed when a forced command is used,
       either with authorized_key restrictions or "dropbear -c command".
   * DEP-8: Add "Depends: e2fsprogs" to remote-unlocking test.
Checksums-Sha1:
 cfb8ea4ab2f193387ca6a6c7850ea1b1d7189a23 2599 dropbear_2025.89-1~deb13u1.dsc
 65a32c5de0041e65cf9ab6cc894a64e07ed31e47 2374006 dropbear_2025.89.orig.tar.bz2
 759ece8f1c87edd16a9fc1531d7df74d46dd1ca2 833 dropbear_2025.89.orig.tar.bz2.asc
 0a4fb5884dd26dc7c63f8983d6f47d5e490b911a 35256 dropbear_2025.89-1~deb13u1.debian.tar.xz
 1c415e9205ab52a867974bb0aaf3e947bed0c389 5942 dropbear_2025.89-1~deb13u1_source.buildinfo
Checksums-Sha256:
 4894db0aeed8ab9b25fbea47aa7ef35b055c4473a3512b975b87886db02091f6 2599 dropbear_2025.89-1~deb13u1.dsc
 0d1f7ca711cfc336dc8a85e672cab9cfd8223a02fe2da0a4a7aeb58c9e113634 2374006 dropbear_2025.89.orig.tar.bz2
 ef0ff9a8fe8e0b6c66892c9415f0d6e8e5676aac5a024ebcc43c2271d1c8f0d6 833 dropbear_2025.89.orig.tar.bz2.asc
 6cd9872fa30e82db1c754101b4413a9b343f4e1bb4069d139a03305ab3f882c2 35256 dropbear_2025.89-1~deb13u1.debian.tar.xz
 cadbc678b117558d2895c2099c6a7247051b09c8dbb64fcd2636209759b939a2 5942 dropbear_2025.89-1~deb13u1_source.buildinfo
Files:
 1463c3d0e34e8e38a3f90fa6afeed115 2599 net optional dropbear_2025.89-1~deb13u1.dsc
 2816ff711130f030daee12cbb10fd5ec 2374006 net optional dropbear_2025.89.orig.tar.bz2
 1f0c0a79e8f024412072306eb221970e 833 net optional dropbear_2025.89.orig.tar.bz2.asc
 555a4c81eac428b8ff0cd49f4eebd351 35256 net optional dropbear_2025.89-1~deb13u1.debian.tar.xz
 dd99c4416631223936ff3fe9d47209c7 5942 net optional dropbear_2025.89-1~deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmlBte0ACgkQ05pJnDwh
pVLyDQ//d2S5z/7pQjvSiKaIOaikzT6lxp1C5QZZ7rv7KW2Ccpx9VVjKbHdq96EE
y19COgITwo+b75h8ZoHWxQf6PQsyGg6c3+aCMnZ/D0S3IknC0pHNRTL64H5EFhGR
kVL6v6z2lT/Y6yr4lFPOy3MjB7Hf/WsxbWB1ACrLNyYN+nkjQCiJ42/4BQc7NReP
AO9c+bNsqhQMt8UErbuCgyO6nt54c+GVoMxhmi1GSSj2s7erwVhp1ecI5xL8NnCi
3Hw2dFxteRTC3uuVZ2FkL6QCT7POmpXP9dAiL9NV6VC4jIf9TuFa6kgSVL7fjmS3
Nlv37odVdFv/3cf2vcwAwNhZP7Ya7EToSiBLPNbgGHX+CZflK321P6C6gJM+ZoN7
EoOIQtToYXJHsGWGVrlkWY6zPb+or+FD4s9njdF/dh0t7K+yq709DFOnKlGdIkc2
+y7UGJn1VZDV+ibV0RWnx5iC5xx25Ldsb4+7gGp/UoeANP0cX+koAC4ob/jiWrPl
E/NITaRkJ0tiOk4CZ4DAf4/8OPAnx0qczIkshhA1IPjjyD74j5WFhrpFETcKmnXo
cXlcK+3ngSAxQw16/3OAID0JZpxF5VfMN2JmKxskAaL57TILUz7qcxTLEHjUOQ4y
pwYlakef1SVUR0wntkrhQrh0rxkMSBQfMev8VW/BDYHCSINoPzs=
=YKV3
-----END PGP SIGNATURE-----