isc-kea (2.6.3-1)
[PTS] [DDPO]
OK: VCS matches the version in the archive
- Git: https://salsa.debian.org/debian/isc-kea.git
-
- Branch: debian/unstable
- Path: debian/changelog
- Repo size: 2560000
- Browser: https://salsa.debian.org/debian/isc-kea
- Last scan: 2025-06-09 21:56:07+00
- Next scan: 2025-06-18 04:31:00+00
- CI pipeline status: failed
- Debian changelog in Git:
isc-kea (2.6.3-1) unstable; urgency=medium
* New upstream version 2.6.3.
Closes: #1106737 by fixing:
- CVE-2025-32801:
Loading a malicious hook library can lead to local privilege escalation
- CVE-2025-32802:
Insecure handling of file paths allows multiple local attacks
- CVE-2025-32803:
Insecure file permissions can result in confidential information leakage
Thanks: Salvatore Bonaccorso
* d/*.service: restrict RuntimeDirectory and StateDirectory.
This is part of the fix of the aforementioned CVEs.
* d/kea-common.postinst: make /etc/kea owned by _kea:_kea and chmod 0750
* d/p/0009-disable-database-tests.patch: refresh (context)
* d/p/0010-set-control-sockets-location.patch drop patch (upstreamed)
* d/p/0011-kea-ctrl-agent-authentication.patch: drop patch (upstreamed)
* d/t/smoke-test: execute some test commands as the _kea user.
-- Paride Legovini <paride@debian.org> Mon, 02 Jun 2025 19:00:06 +0200
- This branch is even with tag debian/2.6.3-1