dropbear (2025.89-1) [PTS] [DDPO]

COMMITS: VCS has seen 1 commit since the debian/2025.89-1 tag

Git: https://salsa.debian.org/debian/dropbear.git -b debian/latest
JSON
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: debian/latest
Path: debian/changelog
Repo size: 1622016
Browser: https://salsa.debian.org/debian/dropbear
Last scan: 2026-02-19 22:13:02+00
Next scan: 2026-02-27 03:13:00+00
CI pipeline status: success

Debian changelog in Git:

dropbear (2025.89-1) unstable; urgency=high

  * New upstream security and bugfix release (closes: #1123069).
    + Fix CVE-2025-14282: Privilege escalation via unix stream forwarding in
      Dropbear server. Other programs on a system may authenticate unix
      sockets via SO_PEERCRED, which would be root user for Dropbear forwarded
      connections, allowing root privilege escalation.
    + Unix stream sockets are now disallowed when a forced command is used,
      either with authorized_key restrictions or "dropbear -c command".
    + The server now drops privileges of the dropbear process after
      authentication.
    + Remote server TCP socket forwarding will now use OS privileged port
      restrictions rather than having a fixed "allow >=1024 for non-root"
      rule.
  * d/control: Remove `Rules-Requires-Root: no`.
  * d/s/lintian-overrides: Drop unused override.
  * d/watch: Port to Version 5.

 -- Guilhem Moulin <guilhem@debian.org>  Tue, 16 Dec 2025 17:14:59 +0100

This branch is 1 commit ahead of tag debian/2025.89-1

Git log:

commit 0129d10f91a776c53ef38a1c549451e94e4aa4c7
Author: Guilhem Moulin <guilhem@debian.org>
Date:   Wed Feb 4 10:15:26 2026 +0100

    Cherry-pick upstream change to fix FTBFS source after build.
    
    Regression from DROPBEAR_2024.84.
    
    Closes: #1044936