-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 27 Dec 2025 10:40:36 +0100 Source: smb4k Binary: smb4k smb4k-dbgsym Architecture: ppc64el Version: 4.0.0-1+deb13u1 Distribution: trixie-security Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-osuosl-02) Changed-By: Salvatore Bonaccorso Description: smb4k - Samba (SMB) share advanced browser Closes: 1122381 Changes: smb4k (4.0.0-1+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix two security issues in the KAuth mounthelper: - CVE-2025-66002: local users can perform arbitrary unmounts via smb4kmounthelper due to lack of input validation - CVE-2025-66003: local users can perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba share (Closes: #1122381) * Merge Smb4KHardwareInterface class from master so that the merged security fixes can be compiled Checksums-Sha1: fe15b6f4533d152ef8a3be2b5c13e76eb2a80367 11832872 smb4k-dbgsym_4.0.0-1+deb13u1_ppc64el.deb 34f37de90964400b44058c82689c7cd2f3e71fe0 21837 smb4k_4.0.0-1+deb13u1_ppc64el-buildd.buildinfo 962123386ea5858472c6ec4bba1d0e199da60af0 5131064 smb4k_4.0.0-1+deb13u1_ppc64el.deb Checksums-Sha256: 2d59f11c9259799f7c89ceb806ed981cc14d481fe33cd9d3a9b761411ce7b8b0 11832872 smb4k-dbgsym_4.0.0-1+deb13u1_ppc64el.deb b9cf5681eb84650c595f4309147ba56564d0842b50c98b20db3fbdf7f9765761 21837 smb4k_4.0.0-1+deb13u1_ppc64el-buildd.buildinfo 58ac100f98b0e03bd82a07532faa23d5d44951f5460f1310bfe2c397fc8ffc9a 5131064 smb4k_4.0.0-1+deb13u1_ppc64el.deb Files: af65095b65a99bcae2afbb5abe39e8a3 11832872 debug optional smb4k-dbgsym_4.0.0-1+deb13u1_ppc64el.deb 3a7664d7ad7e52a768cdd50244343421 21837 kde optional smb4k_4.0.0-1+deb13u1_ppc64el-buildd.buildinfo 7af1f480d838716c8b2757cec9c2a635 5131064 kde optional smb4k_4.0.0-1+deb13u1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYo4fOZBRi9qmvTxH1PowSTJ8+YQFAmlVF0QACgkQ1PowSTJ8 +YTuig//XjQWzR3tdd77gN/RNZzljXvlU4dLuh25dUrsYg8XbK8uu/W8x0p5S5qo DJziLqdcc1I+HolLWqtZMCq4WNfM96zPcbtypPOOmkaGBuUfGe1q8naUlukabTta wzSI1eW8qAfZZ3Bqe63LKGx3/uhGrojdO9GB2TE2n9SdEU2Dc9C+scvHL8RuH934 /z2LV4JZOwAGy2N+hEmnoAGttkH0xlPzezTlbjtZF0XIEnK3a1GIDPzaAGuBEr4Q 7fgzLbJBfsNcm/XHtTpFtBs+u5HXfSV3uSkyQKYjAhtTUK5Y8XyjZQkmroy67dIC yiVWhSH4+siBDWKajOnXvBvC88SRZnrDGtSzwliy0x6O71sezd4r/jwbKReNNpHA lL3JttpEFq1885wGs2Z5IgO6pM4QvA7isuuuv+fsEZBuy+fCWhyqjKStiZjc/H/9 BsTbz4c4O0YRotqNZ0PaDzFBgSsGIfzBcqSXXUF5Jh9wkE0XOgWfKID3rV0d00n8 qtjFOqF8jfnBwfUl2eUB07Ov3t65VDGvPovk0N7i5r0zWHoEM8Se71jm5fq6MgM4 KvhPzA0br33PRkldcgltlJCNEZuwpLKQhkn7YhxXB4CMSJbAyyTOVxowCpy/4gYh vDA0H6Jaj7OQGhqBA4ZQrueMLMIEgDy5urlect8orsiYmhpPdw4= =VRSv -----END PGP SIGNATURE-----