isc-kea (2.6.3-1) [PTS] [DDPO]

OK: VCS matches the version in the archive

Git: https://salsa.debian.org/debian/isc-kea.git
JSON
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: debian/unstable
Path: debian/changelog
Repo size: 2560000
Browser: https://salsa.debian.org/debian/isc-kea
Last scan: 2025-06-09 21:56:07+00
Next scan: 2025-06-18 04:31:00+00
CI pipeline status: failed

Debian changelog in Git:

isc-kea (2.6.3-1) unstable; urgency=medium

  * New upstream version 2.6.3.
    Closes: #1106737 by fixing:
    - CVE-2025-32801:
      Loading a malicious hook library can lead to local privilege escalation
    - CVE-2025-32802:
      Insecure handling of file paths allows multiple local attacks
    - CVE-2025-32803:
      Insecure file permissions can result in confidential information leakage
    Thanks: Salvatore Bonaccorso
  * d/*.service: restrict RuntimeDirectory and StateDirectory.
    This is part of the fix of the aforementioned CVEs.
  * d/kea-common.postinst: make /etc/kea owned by _kea:_kea and chmod 0750
  * d/p/0009-disable-database-tests.patch: refresh (context)
  * d/p/0010-set-control-sockets-location.patch drop patch (upstreamed)
  * d/p/0011-kea-ctrl-agent-authentication.patch: drop patch (upstreamed)
  * d/t/smoke-test: execute some test commands as the _kea user.

 -- Paride Legovini <paride@debian.org>  Mon, 02 Jun 2025 19:00:06 +0200

This branch is even with tag debian/2.6.3-1