-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 19 May 2026 16:54:30 +0200 Source: haveged Architecture: source Version: 1.9.21-1 Distribution: sid Urgency: high Maintainer: Daniel Baumann <daniel@debian.org> Changed-By: Daniel Baumann <daniel@debian.org> Closes: 1137096 Changes: haveged (1.9.21-1) sid; urgency=high . * Merging upstream version 1.9.21: - Fix privilege escalation via command socket [CVE-2026-41054] - the uid check sent a NAK to non-root callers but did not exit the function, allowing unprivileged local users to send commands to the root-running daemon via the abstract UNIX socket (Closes: #1137096). Checksums-Sha1: e90ef94a7802554688146f3274f03dd2480766d8 1509 haveged_1.9.21-1.dsc ebd86b20b035d490e31a6acc05da2cf12fe0b0a2 355196 haveged_1.9.21.orig.tar.xz f8f809acdbf5ea880450a65f85c215c7076a0381 12216 haveged_1.9.21-1.debian.tar.xz eb69e44655198db872bdf333e7ced2fda8a508ea 6341 haveged_1.9.21-1_amd64.buildinfo Checksums-Sha256: 833a9d42ec98b07f8bcf341cf81c62c59114089d22a8ff79fe08dc84a646cf9a 1509 haveged_1.9.21-1.dsc 0262ac81b1666a0d5c18de430056cfa7abfb23176f8c2296b9616548e73d7903 355196 haveged_1.9.21.orig.tar.xz 839b2aec7e78b3431936b10b4cba18f6e72ec1e418d7202fd2e9cc38b1cddf63 12216 haveged_1.9.21-1.debian.tar.xz ddfbf77e86930dd1489cb4c55dd31d4c330a7802fa336557fe061a6c0e99d5fb 6341 haveged_1.9.21-1_amd64.buildinfo Files: 78d5f7de80ce661c6e6e99bf149d840b 1509 misc optional haveged_1.9.21-1.dsc b8b08eb9ab61f7c4f31bb5563e26dc94 355196 misc optional haveged_1.9.21.orig.tar.xz 122ef0e6a2c0304c20d2b7fda64b72ca 12216 misc optional haveged_1.9.21-1.debian.tar.xz 80b630faa63be0534fb7008fd530cc68 6341 misc optional haveged_1.9.21-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQQmmGg4gLaoSj0ERgL7tPDoCoAiLwUCagx6KwAKCRD7tPDoCoAi L+kmAQC510bhDALByPBhXpCrs57dbP5X+4N0qiSJMPwkYEwXmgD/VvDf3UmJBoSu q1+Ez6JdOIgGqJsjcpQyR/ZT3BruNwU= =9ZMr -----END PGP SIGNATURE-----
