-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 16 Dec 2025 20:36:49 +0100
Source: dropbear
Binary: dropbear-bin dropbear-bin-dbgsym
Architecture: amd64
Version: 2025.89-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Description:
 dropbear-bin - lightweight SSH2 server and client - command line tools
Closes: 1123069
Changes:
 dropbear (2025.89-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream security and bugfix release (closes: #1123069).
     + Fix CVE-2025-14282: Privilege escalation via unix stream forwarding in
       Dropbear server. Other programs on a system may authenticate unix
       sockets via SO_PEERCRED, which would be root user for Dropbear forwarded
       connections, allowing root privilege escalation.
     + The server now drops privileges of the dropbear process after
       authentication.
     + Remote server TCP socket forwarding will now use OS privileged port
       restrictions rather than having a fixed "allow >=1024 for non-root"
       rule.
     + Unix stream sockets are now disallowed when a forced command is used,
       either with authorized_key restrictions or "dropbear -c command".
   * DEP-8: Add "Depends: e2fsprogs" to remote-unlocking test.
Checksums-Sha1:
 d029d0d8cd7578459a37da7d0f9afcf886150374 813056 dropbear-bin-dbgsym_2025.89-1~deb13u1_amd64.deb
 db8f3df431c441b24e398fa60d95b90b82428d5f 188720 dropbear-bin_2025.89-1~deb13u1_amd64.deb
 4b63009278e537213978e1c0008ede517a6088f8 6016 dropbear_2025.89-1~deb13u1_amd64-buildd.buildinfo
Checksums-Sha256:
 0c396a92303fe08c98ef19cc4c1e5e1f3b16859ce57906125a6b6c7949a5668d 813056 dropbear-bin-dbgsym_2025.89-1~deb13u1_amd64.deb
 1ddbd76749c7076097fb899eaf55f0a398d6f62799a6000501b32ed7b5d9257b 188720 dropbear-bin_2025.89-1~deb13u1_amd64.deb
 9d43e1872dd08e83d249536eeb0155ab944bcb30fda0d975efb551d1143b776a 6016 dropbear_2025.89-1~deb13u1_amd64-buildd.buildinfo
Files:
 643977b8c000cd5fc58ea98d7475342e 813056 debug optional dropbear-bin-dbgsym_2025.89-1~deb13u1_amd64.deb
 bc7286cc3cf37a6f90ec818d7ced5cb7 188720 net optional dropbear-bin_2025.89-1~deb13u1_amd64.deb
 cfb9362a07304e2e8a445b071db23a64 6016 net optional dropbear_2025.89-1~deb13u1_amd64-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEnw0rdzqckKx6dwRTEbCLukZn24oFAmlB1NEACgkQEbCLukZn
24q1NxAAlX+fBX0pCfzhxu+hcoiaX0VP4jtmalXalFTpvJLGmLXXsPSizDW/D2eu
W3IBsqV4BdEMplVvR1ogJSWnQkGrwqtHcs8LSN/J023BVAFJ6eDnUdt8kEAa4mqB
v0teI+07jKDt2VzwQrRxtFANDJJeQ+0wMY2e6eR5suXlAuILnSyYUUT55Y3wgiRf
9xrnB8QQqG9feLBJ5X8gxidTtb2i244zYf0YnjpEXlU+WHTsP7ge+gDLdM/k2hj0
Gjer+NKZ6n31UojqGqfIEVhqUfbjht/+J6wjRJq4Epv8nm0SV6c6jXYTvs4wlMDw
VF3I6QYlVJwTnvmJ5vUOuFJCJTyUIOqmyTZ69mlA3D/O7ZNgFGJV3mt88gFORTWD
p8KsnHXmSTwjCuIh8S0pHslkwzzZ53Y4mjLwa/xgH4oRKtZZ2Kd6D+2jP+SsXC0Y
HeU0s3pe2CcdeCIEqmRlTbIOamryYFCPVylIkXM0SOfu/ApsvYgwoSfU7bEe2GtB
ALpk8MejBhqvipxsCgcxsvgHROrevodBDOcGbBuMN8gXfmHs5TMk0El+vaIEushm
mfqGGYAEDRlfq+mx1zcJHHsfMWWqh3mSWVdyQMSQiA9KQWE39jLxaVyRT3X0Kdp0
slTBOqZeinNUXllNbEprWrebMv9sDL2SX8joC+UBP9K7dTNEiUk=
=ClzU
-----END PGP SIGNATURE-----