[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1123925: direwolf: CVE-2025-34457 CVE-2025-34458

On Wednesday, 24 December 2025 20:29:44 Greenwich Mean Time Salvatore 
Bonaccorso wrote:
> Hi,
> 
> On Wed, Dec 24, 2025 at 05:55:27PM +0000, hibby wrote:
> > On Wednesday, 24 December 2025 06:29:11 Greenwich Mean Time Salvatore
>
> those do not need a DSA but miht be fixed with the upcoming point
> releases (a prerequisite for that is though that the fix is first in
> unstable). Once that has happened, can you prepare fixes via the
> upcoming point releases? I would agree they are not urgent to be
> handled.
>

Having looked in more detail today, I have determined that CVE-2025-34458 does 
not apply to <  v1.8 of the package, so no stable/oldstable update will be 
required for that. The vulnerability was introduced with new functionality 
that was only shipped in the 1.8 release - How do I update the security 
tracker to reflect this?

I have created the patch for CVE-2025-34457 and will ship that in the next day 
or so [1]

[1] https://salsa.debian.org/debian-hamradio-team/direwolf/-/commits/debian/
trixie 

Cheers,
--
Dave Hibberd <hibby@debian.org>  
Debian Developer
Packet Radioist
MM0RFN
Reply to: