-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 16 Dec 2025 20:36:49 +0100
Source: dropbear
Binary: dropbear-bin dropbear-bin-dbgsym
Architecture: armhf
Version: 2025.89-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: arm Build Daemon (arm-conova-01) <buildd_arm64-arm-conova-01@buildd.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Description:
 dropbear-bin - lightweight SSH2 server and client - command line tools
Closes: 1123069
Changes:
 dropbear (2025.89-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream security and bugfix release (closes: #1123069).
     + Fix CVE-2025-14282: Privilege escalation via unix stream forwarding in
       Dropbear server. Other programs on a system may authenticate unix
       sockets via SO_PEERCRED, which would be root user for Dropbear forwarded
       connections, allowing root privilege escalation.
     + The server now drops privileges of the dropbear process after
       authentication.
     + Remote server TCP socket forwarding will now use OS privileged port
       restrictions rather than having a fixed "allow >=1024 for non-root"
       rule.
     + Unix stream sockets are now disallowed when a forced command is used,
       either with authorized_key restrictions or "dropbear -c command".
   * DEP-8: Add "Depends: e2fsprogs" to remote-unlocking test.
Checksums-Sha1:
 630e92a2db873db1762870e6c0f8e18b255599ca 783060 dropbear-bin-dbgsym_2025.89-1~deb13u1_armhf.deb
 384f1c58b3a560cfad4ecc176a0fb91a00937004 168628 dropbear-bin_2025.89-1~deb13u1_armhf.deb
 04c7d0cf1d85254c9901874724f97b16af22e653 5882 dropbear_2025.89-1~deb13u1_armhf-buildd.buildinfo
Checksums-Sha256:
 dfd89c7030312a614729abb7cb6d3f725a10a6f61e89ba15c575c2677773c45d 783060 dropbear-bin-dbgsym_2025.89-1~deb13u1_armhf.deb
 afef10179f2a9403e1f98c22a40fe5d4f2d394fdadcac2c1ac0acddf9454494b 168628 dropbear-bin_2025.89-1~deb13u1_armhf.deb
 498fa1f84f854087eb148959d399bf23844af59f3316a7f411d6fe2d50c33678 5882 dropbear_2025.89-1~deb13u1_armhf-buildd.buildinfo
Files:
 d22978af9c7ca38e0a30706b867dbd78 783060 debug optional dropbear-bin-dbgsym_2025.89-1~deb13u1_armhf.deb
 ccb43bfea4c7a8a8bc22c4ba9f0ffdb6 168628 net optional dropbear-bin_2025.89-1~deb13u1_armhf.deb
 99e7a282ed2aca0a4b085b99e5660fad 5882 net optional dropbear_2025.89-1~deb13u1_armhf-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEO4qAQUSIo2p/kVRf8U6eOZMpj68FAmlBzs4ACgkQ8U6eOZMp
j69L+g/+PqREVnIYEU3rupasTO+FiJblFInR1R52QHoyxhDLSpNBePuRnKp9q+gZ
uPEkCFV4fiGpH5pkK+MLFJBV2f5cKVuXVM+79iTUSF/C9W+XfAO/6PHTchS7fALv
+o88Vbx2LN6qCeBgPDKwZ3HJOgeg3sIKKIZBFHw/VlWQ/nj1yqVeCgDluPI2xerS
PRXqj1lSrGsiytSJ/svBkRfvZ9Jd3G6ju7iauwNNuXEGeDUsssMKkSjBCOQgcxed
zNLVNoE9XUAM/Dk6JisMPyOi8XIT4wDF9qiQiMtx00wkhd7FZ+DIYOBi0wJRixll
KFUWl3v88gs7csJYe2tVMtSRGs/fLGwOxj8Co9rn9x8KOUd+E4z87ioXQ91UKFAx
TFqFMP+xO1jNkABE3wYYqq8G5KDdVYcxuv3kFTKp5Pr3yDXJpdAcap7+BzFHRDg7
soEKcJnH+gGrYA1xE/Sn0YBNkwXWM7+GdrtrV8TiCz4ZwuCCiEX5KVasPSy3dTnK
o5VdngrTlIAdVrYEn81N0yD15SdMSN2psILsM1BWZ/kR0J/KItfxnzTXSAnc9BF/
5IAm5xVoJewIZfBXzcSI+zOxulKG5Q345DddimPdYRhe+Ziz2vd6wt+p6Vim6yGv
iEBfeujkmC42BICG/rSL7Q6JWauHiCUhLobUCmj93fwEK5jlaFY=
=C+P7
-----END PGP SIGNATURE-----