-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 16 Dec 2025 20:36:49 +0100
Source: dropbear
Binary: dropbear-bin dropbear-bin-dbgsym
Architecture: arm64
Version: 2025.89-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: arm Build Daemon (arm-ubc-02) <buildd_arm64-arm-ubc-02@buildd.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Description:
 dropbear-bin - lightweight SSH2 server and client - command line tools
Closes: 1123069
Changes:
 dropbear (2025.89-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream security and bugfix release (closes: #1123069).
     + Fix CVE-2025-14282: Privilege escalation via unix stream forwarding in
       Dropbear server. Other programs on a system may authenticate unix
       sockets via SO_PEERCRED, which would be root user for Dropbear forwarded
       connections, allowing root privilege escalation.
     + The server now drops privileges of the dropbear process after
       authentication.
     + Remote server TCP socket forwarding will now use OS privileged port
       restrictions rather than having a fixed "allow >=1024 for non-root"
       rule.
     + Unix stream sockets are now disallowed when a forced command is used,
       either with authorized_key restrictions or "dropbear -c command".
   * DEP-8: Add "Depends: e2fsprogs" to remote-unlocking test.
Checksums-Sha1:
 11db327f1fc56670a9bd1e23a6a86236e66a972e 785916 dropbear-bin-dbgsym_2025.89-1~deb13u1_arm64.deb
 9d99b0647f4c8c08bff04212e26387e2f2960edf 174696 dropbear-bin_2025.89-1~deb13u1_arm64.deb
 6e70345c52c82082f9b833dc30a8c3865ea2474f 6003 dropbear_2025.89-1~deb13u1_arm64-buildd.buildinfo
Checksums-Sha256:
 1a60d7a1493cbc9ab1ac6719feeaefc23acfcd4ba2dca43dfc811f29857e419e 785916 dropbear-bin-dbgsym_2025.89-1~deb13u1_arm64.deb
 1cfab9f1d5dbf89a8ad790cafe5585a8e08a7c0e0ce098c7a89f957a6428976e 174696 dropbear-bin_2025.89-1~deb13u1_arm64.deb
 f8608a2d7b5a20bf204cb3ef53e62c1df890fc32b088a79c9477eae163a73ba9 6003 dropbear_2025.89-1~deb13u1_arm64-buildd.buildinfo
Files:
 a9c0bbb0301256d18dd08448a85e2862 785916 debug optional dropbear-bin-dbgsym_2025.89-1~deb13u1_arm64.deb
 155f8d5848a468ec0ee38d4b6f3b97d9 174696 net optional dropbear-bin_2025.89-1~deb13u1_arm64.deb
 d3bc1e858a26b1651ff84f95a3f9c43d 6003 net optional dropbear_2025.89-1~deb13u1_arm64-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEbIns2iWsAAdAqh2MS/ZIXkV8oLAFAmlBzt8ACgkQS/ZIXkV8
oLA4MRAAoeSs5bRJ/OlhEt84o6amS/RtsnXy0R6N9o8oDzgdI9XVH1PFp2UqVLbc
7qsD/DzrNQj/k4f8T9sTI7yd0++Pz5ZLhLOYPoy47pmJFAO8awThdz/Kwgs601E1
IxtDfaq/36ZdjfaVmYDpp1kYf2eiCznJoYGaGPGTzsNsyPkfKsqmX7dHk5M/XdAj
t/DK5HusltLBUmsYjpSpGu0hrmb/sTnUQtkj0KJnXrUd61fOduvSsm5cZNEFdpqL
DThE1o9JblKAp0YV4A/HTVou5JnIo3m3iT9xMjqHbLFcezVZy47HDXN9HDVACzYL
upAbIUIEPqwP3T4sCH27CCKsYiprDq5wbAvIj2Hc3uFBnDrfyPXgiskx81cOFBk1
cE7bP2GmZf9Y2OwPkgalcFm+JsX3G1r6dJ0MZ3L5LCcXnegQzRWh1DiTO5QtsLHp
NF68yn1aZ8pU43nM5SLK0g2ngOYhB6F5/Hkr6Rx/GydeQnJUPkz5dsvcOfNQ9piT
8KYZvHTJJCNtbEIby+YFl77RYheZNeXFMM5VYWg3EpnDx/C3gAbUDCZyg2bZm1JT
iUCiP7CjrPaHXZhJSgQ4lxMK5QNjhGQrHYWua74Fs3rmCLgRmdKfUzb2Twhwh2Fh
RTWRDtpBaJqAFmH6CYyIB74QxsoTIBbFo2K+5R7Ogo2HiWdJ340=
=N555
-----END PGP SIGNATURE-----