Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted dropbear 2025.89-1 (source) into unstable
Date: Tue, 16 Dec 2025 16:49:40 +0000
Signed by: Guilhem Moulin <guilhem@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 16 Dec 2025 17:14:59 +0100
Source: dropbear
Architecture: source
Version: 2025.89-1
Distribution: unstable
Urgency: high
Maintainer: Guilhem Moulin <guilhem@debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1123069
Changes:
 dropbear (2025.89-1) unstable; urgency=high
 .
   * New upstream security and bugfix release (closes: #1123069).
     + Fix CVE-2025-14282: Privilege escalation via unix stream forwarding in
       Dropbear server. Other programs on a system may authenticate unix
       sockets via SO_PEERCRED, which would be root user for Dropbear forwarded
       connections, allowing root privilege escalation.
     + Unix stream sockets are now disallowed when a forced command is used,
       either with authorized_key restrictions or "dropbear -c command".
     + The server now drops privileges of the dropbear process after
       authentication.
     + Remote server TCP socket forwarding will now use OS privileged port
       restrictions rather than having a fixed "allow >=1024 for non-root"
       rule.
   * d/control: Remove `Rules-Requires-Root: no`.
   * d/s/lintian-overrides: Drop unused override.
   * d/watch: Port to Version 5.
Checksums-Sha1:
 39a8fa934c9f9c17484463fcf18e3102505bf1ab 2556 dropbear_2025.89-1.dsc
 65a32c5de0041e65cf9ab6cc894a64e07ed31e47 2374006 dropbear_2025.89.orig.tar.bz2
 759ece8f1c87edd16a9fc1531d7df74d46dd1ca2 833 dropbear_2025.89.orig.tar.bz2.asc
 588ac6fe83b2423d87da741df50858c6e75c8380 35208 dropbear_2025.89-1.debian.tar.xz
 7b191c6641aba21ef3bc7059f1bf18427b70eb79 5910 dropbear_2025.89-1_source.buildinfo
Checksums-Sha256:
 2b2516f3fb5ff6a3371e031e990657c05b928287e29ae4aaa480c05799488832 2556 dropbear_2025.89-1.dsc
 0d1f7ca711cfc336dc8a85e672cab9cfd8223a02fe2da0a4a7aeb58c9e113634 2374006 dropbear_2025.89.orig.tar.bz2
 ef0ff9a8fe8e0b6c66892c9415f0d6e8e5676aac5a024ebcc43c2271d1c8f0d6 833 dropbear_2025.89.orig.tar.bz2.asc
 39b54d8ab88741d76205f97e6ea562f0134325f7647bec55407df65d21506457 35208 dropbear_2025.89-1.debian.tar.xz
 8312fecbe3be1935dd43b196b34211a0f78e7d842e90b75c7ce14819718a77b6 5910 dropbear_2025.89-1_source.buildinfo
Files:
 c5c2ebce711f4428467e7dde531f1b44 2556 net optional dropbear_2025.89-1.dsc
 2816ff711130f030daee12cbb10fd5ec 2374006 net optional dropbear_2025.89.orig.tar.bz2
 1f0c0a79e8f024412072306eb221970e 833 net optional dropbear_2025.89.orig.tar.bz2.asc
 ee3b4f2ea058938b24cf446f42d3e704 35208 net optional dropbear_2025.89-1.debian.tar.xz
 74d2ee5c8282578c7d37169e1cd3f5f9 5910 net optional dropbear_2025.89-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmlBivMACgkQ05pJnDwh
pVLOyw/+PJt2bPYOgl7CmYG6so8m/P5/WszDMn3BSUxwG0JzIezdflLysAVeyQsh
WDomNN7BEVtsw4fJL13NJV9qr1IkC9ZjQ3t/E3olmKgI5AgpbnXEnGoW/0i27hmZ
QOdpYWzKxyZRidf9EtuG/PjbFBIHOIb0wLpw9Yrwx+uOZRA8AZFhEfMY0yO2S4uI
IMA4KhQ/i40apyUorH64xkzO4YTxtU5bjPEw+WRTUIVg5yC60FJBGJSeXlCPcnGv
QM3WmnT3inebB0I1vS0IuTvr9sGOpZYURx7f7mCDet9t24hIfJMWvN95/qctGSXP
Ydi/745CnqDrE6V96aKNG8Ez0Gx791LsZ/jqoQGqRLUDqQ6S2w+VinNd7kP4siT8
QlFkDR8OgGvZKok4uuhICTYcGbIeFKb3jFpTsRmuHnG63zbDZqsoZgSUMJuNdq3p
zRT6wCgMTMfe4DfvEN1HISXHuwxOaCKDVgwCrT3mZIVjB386C5xKdO4RCr7Ppxhe
54jG574e8NyzSa0gLLWVy1NzQ9TtmHDERCdkZAamykqUDW/iZvzZujUDBGReUQgI
0VpO58gHEoDePCb+awpmbOK8/fVQyReIR2WpTOP2We2vxWlVVJAcCbrSDivyPDfp
30ZLVEZyNoSidkzJCTdtytLYgWiWWrecAE/FYGF5g60ErUyAapM=
=3/hq
-----END PGP SIGNATURE-----
News for package dropbear
