[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1123925: direwolf: CVE-2025-34457 CVE-2025-34458

These are already reported and resolved upstream, mentioned in the cve reports. 

It’s worth telling upstream to not worry about these duplicates at Christmas!

Cheers 


On 24 Dec 2025, at 19:06, David Ranch <dranch@trinnet.net> wrote:


I have also reported this upstream to the primary developer.

--David
KI6ZHD


On 12/24/2025 09:55 AM, hibby wrote:
On Wednesday, 24 December 2025 06:29:11 Greenwich Mean Time Salvatore 
Bonaccorso wrote:

Source: direwolf
Version: 1.8.1+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team
<team@security.debian.org>

Hi,


Hello!


The following vulnerabilities were published for direwolf.

CVE-2025-34457[0]:


      

        
CVE-2025-34458[1]:


      

      
Thanks for this! It's reasonably niche software, so I guess we don't need to 
move too quickly, but I've done some work and want to know more about next 
steps / good practice. 



      

        
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.



      

      
Hello - I have cherrypicked the fixes and uploaded to unstable as version 
1.8.1+dfsg- and mentioned the ids [1].



      

        
Please adjust the affected versions in the BTS as needed.


      

      
The fixes should cover prior versions - is it worth me tagging the version in 
stable as affected and preparing an upload for the security queue?

Cheers,
Hibby

[1] https://salsa.debian.org/debian-hamradio-team/direwolf/-/blob/master/
debian/changelog?ref_type=heads

--
Dave Hibberd <hibby@debian.org>  
Debian Developer
Packet Radioist
MM0RFN

    

    

  








Reply to: