On Wednesday, 24 December 2025 06:29:11 Greenwich Mean Time Salvatore Bonaccorso wrote: > Source: direwolf > Version: 1.8.1+dfsg-1 > Severity: important > Tags: security upstream > X-Debbugs-Cc: carnil@debian.org, Debian Security Team > <team@security.debian.org> > > Hi, > Hello! > The following vulnerabilities were published for direwolf. > > CVE-2025-34457[0]: > CVE-2025-34458[1]: Thanks for this! It's reasonably niche software, so I guess we don't need to move too quickly, but I've done some work and want to know more about next steps / good practice. > > If you fix the vulnerabilities please also make sure to include the > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > Hello - I have cherrypicked the fixes and uploaded to unstable as version 1.8.1+dfsg- and mentioned the ids [1]. > Please adjust the affected versions in the BTS as needed. The fixes should cover prior versions - is it worth me tagging the version in stable as affected and preparing an upload for the security queue? Cheers, Hibby [1] https://salsa.debian.org/debian-hamradio-team/direwolf/-/blob/master/ debian/changelog?ref_type=heads -- Dave Hibberd <hibby@debian.org> Debian Developer Packet Radioist MM0RFN
Attachment:
signature.asc
Description: This is a digitally signed message part.