netcat-openbsd (1.218-5) unstable; urgency=low

  This release adds support for abstract namespace sockets in the AF_UNIX
  family.  When the specified socket path starts with an at symbol '@', such as
  in `nc -U @foobar.sock`, it is read as an abstract socket (on Linux).

  This has possible security implications: `nc -lU @foobar.sock` used to bind
  pathname socket '@foobar.sock' in the current directory, subject to umask and
  file system access restrictions, while on Linux it now binds 'foobar.sock' in
  the abstract namespace where ownership and permissions have *no meaning*.

  In order to specify a pathname socket make sure the argument doesn't start
  with '@'; for instance by prefixing with './' or by using a fully-qualified
  path.  (Note however that on Linux socket pathnames may not exceed 108 bytes
  in size.)

 -- Guilhem Moulin <guilhem@debian.org>  Fri, 11 Mar 2022 21:54:15 +0100