[Bug 291733] security/dropbear: Update to 2025.89 to fix CVE-2025-14282

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 17 Dec 2025 01:13:53 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291733

            Bug ID: 291733
           Summary: security/dropbear: Update to 2025.89 to fix
                    CVE-2025-14282
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: pkubaj@FreeBSD.org
          Reporter: polarian@polarian.dev
          Assignee: pkubaj@FreeBSD.org
             Flags: maintainer-feedback?(pkubaj@FreeBSD.org)

Created attachment 266278
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=266278&action=edit
patch

Attached is a patch to update dropbear to 2025.89, and the vuxml for the
vulnerability.

CVE-2025-14282 - privilege escalation via unix domain socket forwardings

For more information see:
https://github.com/turistu/odds-n-ends/blob/main/CVE-2025-14282.md

-- 
You are receiving this mail because:
You are the assignee for the bug.