-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 16 Dec 2025 20:36:49 +0100
Source: dropbear
Binary: dropbear dropbear-initramfs
Architecture: all
Version: 2025.89-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) <buildd_amd64-x86-conova-02@buildd.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Description:
 dropbear   - lightweight SSH2 server and client - startup scripts
 dropbear-initramfs - lightweight SSH2 server and client - initramfs integration
Closes: 1123069
Changes:
 dropbear (2025.89-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream security and bugfix release (closes: #1123069).
     + Fix CVE-2025-14282: Privilege escalation via unix stream forwarding in
       Dropbear server. Other programs on a system may authenticate unix
       sockets via SO_PEERCRED, which would be root user for Dropbear forwarded
       connections, allowing root privilege escalation.
     + The server now drops privileges of the dropbear process after
       authentication.
     + Remote server TCP socket forwarding will now use OS privileged port
       restrictions rather than having a fixed "allow >=1024 for non-root"
       rule.
     + Unix stream sockets are now disallowed when a forced command is used,
       either with authorized_key restrictions or "dropbear -c command".
   * DEP-8: Add "Depends: e2fsprogs" to remote-unlocking test.
Checksums-Sha1:
 46d854c069907691afda3805d476109253529c7d 46768 dropbear-initramfs_2025.89-1~deb13u1_all.deb
 d19c219f64b9d4708032d7f8fcaddca08a01b222 5976 dropbear_2025.89-1~deb13u1_all-buildd.buildinfo
 bcb13c20126bd01b51d73b1cd182a191c7acf136 45316 dropbear_2025.89-1~deb13u1_all.deb
Checksums-Sha256:
 e03e8e99021abfae29c550f7cdf0542b776fbb1c563f47b6411489a505167b93 46768 dropbear-initramfs_2025.89-1~deb13u1_all.deb
 5e64e41a59ef478808c7a147367bebff52d0893b7961e1fa865af77208f3fae1 5976 dropbear_2025.89-1~deb13u1_all-buildd.buildinfo
 b0cc12d4b93239dc0d41ca34b4a023c0ee3daf1f368b647e04815b36318b8c50 45316 dropbear_2025.89-1~deb13u1_all.deb
Files:
 f621e4b8b49c774afadaca2c5fe6763c 46768 net optional dropbear-initramfs_2025.89-1~deb13u1_all.deb
 40fda1d299bee7a18b5fb05bedb30ac3 5976 net optional dropbear_2025.89-1~deb13u1_all-buildd.buildinfo
 4b2b6e5012fca55846a7f2c9c5775347 45316 net optional dropbear_2025.89-1~deb13u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErwLLVsiCiGZggzpHJuP6X4A0XeIFAmlB5jwACgkQJuP6X4A0
XeK6WBAAyJmxsrMIis8XK2V6WTtRLAGpZY0Z6xE//8+fcZYZHt925kwENIau/8h5
3EspQrWqlSrocwLt3fOMq1Z9aIZH05lPrAR8SGHJXjUXHd2ZMW/42gmNR4hoVDxK
2CnOsnSGvdAwkNexRCBn+xpLkAFHUGgbLec2Jeo1zcHTOH44Zz7EcAKtJ9En6cPJ
MZO0WqMonoopTneDAxOdHtmz32dM5fVX/c1CZNZeLQ/dOsvcrZ6wmOZtRxikqK8B
um8r3LMCbajHUL6aKcbIeWRBF+5ssvjL1FdfwNSC49VOQ1LC6tKuRVdHe7uGN8xT
KzHLibFAx/YCbQ0jk1gcqK6qY8Ardj3y3FxbK8PyxdSyQxD6LGD7oTLjCywXYsjd
UBDKQfRrqPnz8B8ueI4i9Pwlad/aHOPUqcLV6nwoKTHAj+qFCl+buWIy3ZtYOPbQ
pddfPyRbb7+nmSCnw5p40jnerevSP7r24oaiN5+TU8yuJX9YkAu+1rSYlJH/uidD
9ip/dD8U9j5vwQwDBhkaDmMYKAcejrLsfjNYoSWp+nnL7QmV6y71avQ8D89l2et+
hl3o5Yn0/pStSHf5VnTnm7aKXIgM8B9qgsu7wUcrOIp6XeVP76rp5bLtVYGSQMLg
O32Mz/AlesN0NoMxuqLC+aBlmncMc3jGVbZfpHdltR+g0zPwu8c=
=4u3H
-----END PGP SIGNATURE-----