-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 16 Dec 2025 20:36:49 +0100
Source: dropbear
Binary: dropbear-bin dropbear-bin-dbgsym
Architecture: riscv64
Version: 2025.89-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: riscv64 Build Daemon (rv-manda-01) <buildd_riscv64-rv-manda-01@buildd.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Description:
 dropbear-bin - lightweight SSH2 server and client - command line tools
Closes: 1123069
Changes:
 dropbear (2025.89-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream security and bugfix release (closes: #1123069).
     + Fix CVE-2025-14282: Privilege escalation via unix stream forwarding in
       Dropbear server. Other programs on a system may authenticate unix
       sockets via SO_PEERCRED, which would be root user for Dropbear forwarded
       connections, allowing root privilege escalation.
     + The server now drops privileges of the dropbear process after
       authentication.
     + Remote server TCP socket forwarding will now use OS privileged port
       restrictions rather than having a fixed "allow >=1024 for non-root"
       rule.
     + Unix stream sockets are now disallowed when a forced command is used,
       either with authorized_key restrictions or "dropbear -c command".
   * DEP-8: Add "Depends: e2fsprogs" to remote-unlocking test.
Checksums-Sha1:
 72afb7bb8a4d669b097add75f785c291185ebaa9 786884 dropbear-bin-dbgsym_2025.89-1~deb13u1_riscv64.deb
 845de5a0db1844fe180b4a58aa83d57b1a371c1e 192072 dropbear-bin_2025.89-1~deb13u1_riscv64.deb
 61d43b3880d07499e8329238ad95e0425ac0dc67 5960 dropbear_2025.89-1~deb13u1_riscv64-buildd.buildinfo
Checksums-Sha256:
 bbf06e2358727d53dbd9230de7f241c96c6e9dea9e6ba7c4bed5760d3660bff5 786884 dropbear-bin-dbgsym_2025.89-1~deb13u1_riscv64.deb
 7a89a31fc438b30319631cc3eed65ef34921b636778117ed0d819bb4a420f243 192072 dropbear-bin_2025.89-1~deb13u1_riscv64.deb
 cbeccaf244f789e39991e3e9fe78972f5aa91fccd991a40a37c97ad0f715b29d 5960 dropbear_2025.89-1~deb13u1_riscv64-buildd.buildinfo
Files:
 6d5c62c56a315bcdf235e2c587647872 786884 debug optional dropbear-bin-dbgsym_2025.89-1~deb13u1_riscv64.deb
 ea1db0329b3adbf44cbcfa13d2e94a1f 192072 net optional dropbear-bin_2025.89-1~deb13u1_riscv64.deb
 22ff4a07a4da6d285869e4d33c4de2e2 5960 net optional dropbear_2025.89-1~deb13u1_riscv64-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwN+C+Bc8deN4UliX50ghctvtZFQFAmlB0DYACgkQ50ghctvt
ZFT9yA/8CIN+v8az4j8OsEtCeqKNkgJ4Ocf76WzyYN51nYbwGYytdXQN5K66AXGA
QTVr0uX1zrGzuqZk5WFExrvMigGCspPZCQxrtPiWUIMP4REcFGrXk+kZP1/EJzas
aCCi5ZphH7mKmW6S+nxOypBEaQEc9VTA18k066iuRvj/b2IsGvRy0rXg9BCIKmn/
R5JZM6j9OtSI3dKRHaTrEMLN3LaCfA7icQxuZ1ACnxLVxlOBG5pvZ4szmCz1a+2f
EG3jf0ugItpabNdOD7MRBeXUEOtq/YyneVpshW5cKWILggRyEEeLwEOCOpGOakqD
uVcctqhfF9cNJIa+INpNUSkntxEzqd1XVuK3TDXnBk4PIEGqgvYdH0jMlJaiHtSI
RkGLq7wIXdbuLF9Ex/4LsBFNYcAU28116io6Sjl4NPZBT6fhLw6ZfBYygkPkM/w8
o++Y+A8KJagoNQonpuIOaz3gabbhYXwFY+yjs028VLTqxbOWpflU6vdWxcIqd420
PoOGG2FSOk9GZaHCTeFlnNH43QtMPK5URdkWj8vz4WecMik9h0dmmTN3NldKuLtp
R2rvLy1WWqQDTPyl0Fg/UMLzzM44ewWkup5Znlalbsv9CllfGg70fpPIKLeORuTa
ttGVbreSdVJIUVNO5AYxofXwiDaJcOpnL1Nc7BAcIlIXHMsdHBg=
=GcPe
-----END PGP SIGNATURE-----