dropbear (2025.89-1)
[PTS] [DDPO]
OK: VCS matches the version in the archive
- Git: https://salsa.debian.org/debian/dropbear.git -b debian/latest
-
- Branch: debian/latest
- Path: debian/changelog
- Repo size: 1454080
- Browser: https://salsa.debian.org/debian/dropbear
- Last scan: 2026-01-02 13:31:03+00
- Next scan: 2026-01-09 23:53:00+00
- CI pipeline status: success
- Debian changelog in Git:
dropbear (2025.89-1) unstable; urgency=high
* New upstream security and bugfix release (closes: #1123069).
+ Fix CVE-2025-14282: Privilege escalation via unix stream forwarding in
Dropbear server. Other programs on a system may authenticate unix
sockets via SO_PEERCRED, which would be root user for Dropbear forwarded
connections, allowing root privilege escalation.
+ Unix stream sockets are now disallowed when a forced command is used,
either with authorized_key restrictions or "dropbear -c command".
+ The server now drops privileges of the dropbear process after
authentication.
+ Remote server TCP socket forwarding will now use OS privileged port
restrictions rather than having a fixed "allow >=1024 for non-root"
rule.
* d/control: Remove `Rules-Requires-Root: no`.
* d/s/lintian-overrides: Drop unused override.
* d/watch: Port to Version 5.
-- Guilhem Moulin <guilhem@debian.org> Tue, 16 Dec 2025 17:14:59 +0100
- This branch is even with tag debian/2025.89-1
