-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 16 Dec 2025 20:36:49 +0100
Source: dropbear
Binary: dropbear-bin dropbear-bin-dbgsym
Architecture: i386
Version: 2025.89-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: i386 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Description:
 dropbear-bin - lightweight SSH2 server and client - command line tools
Closes: 1123069
Changes:
 dropbear (2025.89-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream security and bugfix release (closes: #1123069).
     + Fix CVE-2025-14282: Privilege escalation via unix stream forwarding in
       Dropbear server. Other programs on a system may authenticate unix
       sockets via SO_PEERCRED, which would be root user for Dropbear forwarded
       connections, allowing root privilege escalation.
     + The server now drops privileges of the dropbear process after
       authentication.
     + Remote server TCP socket forwarding will now use OS privileged port
       restrictions rather than having a fixed "allow >=1024 for non-root"
       rule.
     + Unix stream sockets are now disallowed when a forced command is used,
       either with authorized_key restrictions or "dropbear -c command".
   * DEP-8: Add "Depends: e2fsprogs" to remote-unlocking test.
Checksums-Sha1:
 d4786d9c49f95f6ad0dc3b19a66315dc7ce7dfab 768708 dropbear-bin-dbgsym_2025.89-1~deb13u1_i386.deb
 264b36d09391d339ec3e00e9a9f817b88dcb4517 199468 dropbear-bin_2025.89-1~deb13u1_i386.deb
 6496eacad6561d9fb8d5b2a44572d8f20c456222 5917 dropbear_2025.89-1~deb13u1_i386-buildd.buildinfo
Checksums-Sha256:
 a0f2282aafcbe9c97f6e2c73c23aceef46fb614e259f0d2e0ba6605a0a7fdebb 768708 dropbear-bin-dbgsym_2025.89-1~deb13u1_i386.deb
 ee3a4cbdda897b858b5b1517ae50e47f37b3b27444eb3bfa774c536511e1733c 199468 dropbear-bin_2025.89-1~deb13u1_i386.deb
 5810732933591efa8e4f16622dc883672c87c2edcfe5f075e1abb8052937aecb 5917 dropbear_2025.89-1~deb13u1_i386-buildd.buildinfo
Files:
 4ab8f1b1c96c2acd245bf0c038af20f8 768708 debug optional dropbear-bin-dbgsym_2025.89-1~deb13u1_i386.deb
 843f5f592f18219fd6137973b8cbbe64 199468 net optional dropbear-bin_2025.89-1~deb13u1_i386.deb
 1d2f7d9979a35afa660ed4729fe1565b 5917 net optional dropbear_2025.89-1~deb13u1_i386-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEv2qEY4xQXyY/2dWIvGw9w6VrLCcFAmlBzooACgkQvGw9w6Vr
LCem4A//Z539ymvTfN4RruxtawhzkdbSjhS2jegvxr+mCttywh+9awq1+d+TJ6k+
wd29Z9DiI+F1h9UTkSN67j1Z4MrBoYV4RBtS4myFAp6D4aDQQb7ubjHV2SOv3jow
IB0z8GpndADo6x72OSm2iNikOY4KdbjYYH8UVRyNRD75IXdLFDm1TiNkJZEadiMB
AhAAGILoVcJR7/f2LN9QaDgLHlteZLRmTiwPYfkTtZRCmIcqE4bjzwQko8DiR7lz
0mgRG5grsFx1B0J3mbTlB6hTQt7ZQxHTiv1tyc8ntnY4ZmKJj1CENFjiVfVCJC7N
yEHLVYTWV3Eu3GBfO5faAhauTqN+cinpQ6riV0GcX4YycnHNSC4QQbuX0rWAawr6
6B6UvTlVYliw43qNmIQnoDf0X2gpFKxaOvTwqx0U53o5gjVRLsZvkJ++sQA9hyrO
NXj1VJoJAnuuu+XleGL6QMyok6UoDsdTbCyEQsf1SW2+aR293vL6DeEREt2l5jlL
5b6PZ9wSC6AXuabXBLeuwlG3jYEVt2SU7LGMuVG0vhivMeMnYezsooX/8Zed6Sop
SwcwlsbSv1vbQR+KnyKHWxD4dnjYPtjjg4Ceout+WKJ8fXHl4i4BA96G/oQYC5Sy
oKzt3WshdLhEVPXzi4KvkPofnws12UV8Jd2ZtTAeyW2DHTXx4GA=
=mhi5
-----END PGP SIGNATURE-----