|
I have also reported this upstream to the primary developer. --David KI6ZHD On 12/24/2025 09:55 AM, hibby wrote:
On Wednesday, 24 December 2025 06:29:11 Greenwich Mean Time Salvatore Bonaccorso wrote:Source: direwolf Version: 1.8.1+dfsg-1 Severity: important Tags: security upstream X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org> Hi,Hello!The following vulnerabilities were published for direwolf. CVE-2025-34457[0]:CVE-2025-34458[1]:Thanks for this! It's reasonably niche software, so I guess we don't need to move too quickly, but I've done some work and want to know more about next steps / good practice.If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.Hello - I have cherrypicked the fixes and uploaded to unstable as version 1.8.1+dfsg- and mentioned the ids [1].Please adjust the affected versions in the BTS as needed.The fixes should cover prior versions - is it worth me tagging the version in stable as affected and preparing an upload for the security queue? Cheers, Hibby [1] https://salsa.debian.org/debian-hamradio-team/direwolf/-/blob/master/ debian/changelog?ref_type=heads -- Dave Hibberd <hibby@debian.org> Debian Developer Packet Radioist MM0RFN |