1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES.DEVE

  • Accepted isc-kea 2.6.3-1 (source) into unstable

    From Debian FTP Masters@21:1/5 to All on Tue Jun 3 17:40:02 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Mon, 02 Jun 2025 19:00:06 +0200
    Source: isc-kea
    Architecture: source
    Version: 2.6.3-1
    Distribution: unstable
    Urgency: medium
    Maintainer: Kea <isc-kea@packages.debian.org>
    Changed-By: Paride Legovini <paride@debian.org>
    Closes: 1106737
    Changes:
    isc-kea (2.6.3-1) unstable; urgency=medium
    .
    * New upstream version 2.6.3.
    Closes: #1106737 by fixing:
    - CVE-2025-32801:
    Loading a malicious hook library can lead to local privilege escalation
    - CVE-2025-32802:
    Insecure handling of file paths allows multiple local attacks
    - CVE-2025-32803:
    Insecure file permissions can result in confidential information leakage
    Thanks: Salvatore Bonaccorso
    * d/*.service: restrict RuntimeDirectory and StateDirectory.
    This is part of the fix of the aforementioned CVEs.
    * d/kea-common.postinst: make /etc/kea owned by _kea:_kea and chmod 0750
    * d/p/0009-disable-database-tests.patch: refresh (context)
    * d/p/0010-set-control-sockets-location.patch drop patch (upstreamed)
    * d/p/0011-kea-ctrl-agent-authentication.patch: drop patch (upstreamed)
    * d/t/smoke-test: execute some test commands as the _kea user. Checksums-Sha1:
    af04797ef518f5f77eebe682741757fd6cc01723 2865 isc-kea_2.6.3-1.dsc
    1b3074be301ae6f885ce63028503c9d0fa38c5c1 10498882 isc-kea_2.6.3.orig.tar.gz
    d29c3c7aac170276838dd44d148eecfcb231f315 833 isc-kea_2.6.3.orig.tar.gz.asc
    8c3a0e1d61af8cbf7e00cbd2269f135b0cdf0a79 42376 isc-kea_2.6.3-1.debian.tar.xz
    1934a4318131f488d712e46466df164f95b15994 8913 isc-kea_2.6.3-1_source.buildinfo Checksums-Sha256:
    80ed03d97f6af9c79134859b23cc8bc64114e3a93848a8d2c9a0895972ea8efe 2865 isc-kea_2.6.3-1.dsc
    00241a5955ffd3d215a2c098c4527f9d7f4b203188b276f9a36250dd3d9dd612 10498882 isc-kea_2.6.3.orig.tar.gz
    f6946770faeaeb055dced609bf29a949542236921b6780e1a07a56d66b461883 833 isc-kea_2.6.3.orig.tar.gz.asc
    7f99de391aaf3aa6a786b052ce8078ea261f9c6df395d73169dc17681e4b1367 42376 isc-kea_2.6.3-1.debian.tar.xz
    c313ad970c1950146668a8ab0c048e5d3fe4ea00c3c796eda951e9378cc44bff 8913 isc-kea_2.6.3-1_source.buildinfo
    Files:
    e00d372923a7260513b8f2f0973ddcda 2865 net optional isc-kea_2.6.3-1.dsc
    abf8cb8bbc74fd7691883b837e9deec8 10498882 net optional isc-kea_2.6.3.orig.tar.gz
    91b1f7ddd097fef8852b6ae7b1deb664 833 net optional isc-kea_2.6.3.orig.tar.gz.asc
    77832fc2f4737a63e0be56d7e4928318 42376 net optional isc-kea_2.6.3-1.debian.tar.xz
    e2ea98f5c30d730f3689f92bee7ddf63 8913 net optional isc-kea_2.6.3-1_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    wsC7BAEBCgBvBYJoPusrCRDWWGGIPgFNuUcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmeVdLFbQiHcjOfQ4doOLg9BbfmEBwohHan0yhqgeV7W 0xYhBFYa1YXu12aSG6jdltZYYYg+AU25AACzMQf/dSifc7t+wjlwtioMpS1y+EJ9 9NtjxKnI7XLethiVd3ezqj2Nn3YQC3fh8jEByhYnGU5feK+RzluXSzaJmwt1Q1wQ jCCV6LjM/KdiLvtWmhX0TxoK9zZFbgq4HjsSj0pD6mnQQ+KwtzXIRwZpQt391MnH AMlZsVKG+zW+Fj7ooVNcnCt0iDtENY0nfHROCJWNyTFVfng/ghAu/cAWukHBTdqD 1y9K/UNj8KNqeoIRTQ9YN18dNvK60AqDxY1Vv/Mb7tsPawa6eQJZovinvL2Z2LIN 1DcTAxmHnssvBF2lWJu9A/BBWlGrIXc83bebrG97W8/ncQ/C2KZXjUdqGZG4aw==
    =zQwn
    -----END PGP SIGNATURE-----


    --==============19417458606562147=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaD8R4QAKCRCb9qggYcy5 Ift/AQCH1wPSJoVlTaGirnmdo/Anxetk1QmWuyL0KKwn1fU4cQEA5R7SXVA+y39N ndAWCuu8Xel8KCsPEatPhNMAyq6YCgQ=PsNb
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)