-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 02 Jun 2025 19:00:06 +0200 Source: isc-kea Architecture: source Version: 2.6.3-1 Distribution: unstable Urgency: medium Maintainer: Kea <isc-kea@packages.debian.org> Changed-By: Paride Legovini <paride@debian.org> Closes: 1106737 Changes: isc-kea (2.6.3-1) unstable; urgency=medium . * New upstream version 2.6.3. Closes: #1106737 by fixing: - CVE-2025-32801: Loading a malicious hook library can lead to local privilege escalation - CVE-2025-32802: Insecure handling of file paths allows multiple local attacks - CVE-2025-32803: Insecure file permissions can result in confidential information leakage Thanks: Salvatore Bonaccorso * d/*.service: restrict RuntimeDirectory and StateDirectory. This is part of the fix of the aforementioned CVEs. * d/kea-common.postinst: make /etc/kea owned by _kea:_kea and chmod 0750 * d/p/0009-disable-database-tests.patch: refresh (context) * d/p/0010-set-control-sockets-location.patch drop patch (upstreamed) * d/p/0011-kea-ctrl-agent-authentication.patch: drop patch (upstreamed) * d/t/smoke-test: execute some test commands as the _kea user. Checksums-Sha1: af04797ef518f5f77eebe682741757fd6cc01723 2865 isc-kea_2.6.3-1.dsc 1b3074be301ae6f885ce63028503c9d0fa38c5c1 10498882 isc-kea_2.6.3.orig.tar.gz d29c3c7aac170276838dd44d148eecfcb231f315 833 isc-kea_2.6.3.orig.tar.gz.asc 8c3a0e1d61af8cbf7e00cbd2269f135b0cdf0a79 42376 isc-kea_2.6.3-1.debian.tar.xz 1934a4318131f488d712e46466df164f95b15994 8913 isc-kea_2.6.3-1_source.buildinfo Checksums-Sha256: 80ed03d97f6af9c79134859b23cc8bc64114e3a93848a8d2c9a0895972ea8efe 2865 isc-kea_2.6.3-1.dsc 00241a5955ffd3d215a2c098c4527f9d7f4b203188b276f9a36250dd3d9dd612 10498882 isc-kea_2.6.3.orig.tar.gz f6946770faeaeb055dced609bf29a949542236921b6780e1a07a56d66b461883 833 isc-kea_2.6.3.orig.tar.gz.asc 7f99de391aaf3aa6a786b052ce8078ea261f9c6df395d73169dc17681e4b1367 42376 isc-kea_2.6.3-1.debian.tar.xz c313ad970c1950146668a8ab0c048e5d3fe4ea00c3c796eda951e9378cc44bff 8913 isc-kea_2.6.3-1_source.buildinfo Files: e00d372923a7260513b8f2f0973ddcda 2865 net optional isc-kea_2.6.3-1.dsc abf8cb8bbc74fd7691883b837e9deec8 10498882 net optional isc-kea_2.6.3.orig.tar.gz 91b1f7ddd097fef8852b6ae7b1deb664 833 net optional isc-kea_2.6.3.orig.tar.gz.asc 77832fc2f4737a63e0be56d7e4928318 42376 net optional isc-kea_2.6.3-1.debian.tar.xz e2ea98f5c30d730f3689f92bee7ddf63 8913 net optional isc-kea_2.6.3-1_source.buildinfo -----BEGIN PGP SIGNATURE----- wsC7BAEBCgBvBYJoPusrCRDWWGGIPgFNuUcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmeVdLFbQiHcjOfQ4doOLg9BbfmEBwohHan0yhqgeV7W 0xYhBFYa1YXu12aSG6jdltZYYYg+AU25AACzMQf/dSifc7t+wjlwtioMpS1y+EJ9 9NtjxKnI7XLethiVd3ezqj2Nn3YQC3fh8jEByhYnGU5feK+RzluXSzaJmwt1Q1wQ jCCV6LjM/KdiLvtWmhX0TxoK9zZFbgq4HjsSj0pD6mnQQ+KwtzXIRwZpQt391MnH AMlZsVKG+zW+Fj7ooVNcnCt0iDtENY0nfHROCJWNyTFVfng/ghAu/cAWukHBTdqD 1y9K/UNj8KNqeoIRTQ9YN18dNvK60AqDxY1Vv/Mb7tsPawa6eQJZovinvL2Z2LIN 1DcTAxmHnssvBF2lWJu9A/BBWlGrIXc83bebrG97W8/ncQ/C2KZXjUdqGZG4aw== =zQwn -----END PGP SIGNATURE-----
