Your message dated Sat, 06 Sep 2025 12:14:50 +0100 with message-id <ee4c0876608d99eb3f8b333b556fbd92e7a652eb.camel@adam-barratt.org.uk> and subject line Closing p-u requests for fixes included in 12.12 has caused the Debian Bug report #1110813, regarding bookworm-pu: package wolfssl/5.5.4-2+deb12u2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1110813: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110813 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: bookworm-pu: package wolfssl/5.5.4-2+deb12u2
- From: Bastian Germann <bage@debian.org>
- Date: Mon, 11 Aug 2025 10:20:03 +0200
- Message-id: <175490040318.1303.16991796555429513802.reportbug@duagon-BXN3S64.localdomain>
Package: release.debian.org Severity: normal Tags: bookworm X-Debbugs-Cc: wolfssl@packages.debian.org Control: affects -1 + src:wolfssl User: release.debian.org@packages.debian.org Usertags: pu [ Reason ] Fix for CVE-2025-7394. The Security Team does not support wolfssl officially. [ Impact ] Users are vulnerable for CVE-2025-7394. [ Tests ] None. [ Risks ] Trivial codechange by upstream. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in oldstable [x] the issue is verified as fixed in unstable [ Changes ] Additional random reseed. [ Other info ] I have NMUed the package to fix this.diff -Nru wolfssl-5.5.4/debian/changelog wolfssl-5.5.4/debian/changelog --- wolfssl-5.5.4/debian/changelog 2023-10-23 19:46:16.000000000 +0200 +++ wolfssl-5.5.4/debian/changelog 2025-08-11 10:16:46.000000000 +0200 @@ -1,3 +1,10 @@ +wolfssl (5.5.4-2+deb12u2) bookworm; urgency=medium + + * Stable update to address the following vulnerabilities: + - Fix CVE-2025-7394. (Closes: #1109549) + + -- Bastian Germann <bage@debian.org> Mon, 11 Aug 2025 10:16:46 +0200 + wolfssl (5.5.4-2+deb12u1) bookworm; urgency=medium * Stable update to address the following vulnerabilities: diff -Nru wolfssl-5.5.4/debian/patches/CVE-2025-7394.patch wolfssl-5.5.4/debian/patches/CVE-2025-7394.patch --- wolfssl-5.5.4/debian/patches/CVE-2025-7394.patch 1970-01-01 01:00:00.000000000 +0100 +++ wolfssl-5.5.4/debian/patches/CVE-2025-7394.patch 2025-08-04 17:57:05.000000000 +0200 @@ -0,0 +1,42 @@ +From 0c12337194ee6dd082f082f0ccaed27fc4ee44f5 Mon Sep 17 00:00:00 2001 +From: Josh Holtrop <josh@wolfssl.com> +Date: Thu, 5 Jun 2025 19:48:34 -0400 +Subject: [PATCH] Reseed DRBG in RAND_poll() + +--- + src/ssl.c | 20 +++++++++++++++++--- + 1 file changed, 17 insertions(+), 3 deletions(-) + +diff --git a/src/ssl.c b/src/ssl.c +index 80e55cf865..26c6c9fe67 100644 +--- a/src/ssl.c ++++ b/src/ssl.c +@@ -26041,11 +26041,25 @@ int wolfSSL_RAND_poll(void) + return WOLFSSL_FAILURE; + } + ret = wc_GenerateSeed(&globalRNG.seed, entropy, entropy_sz); +- if (ret != 0){ ++ if (ret != 0) { + WOLFSSL_MSG("Bad wc_RNG_GenerateBlock"); + ret = WOLFSSL_FAILURE; +- }else +- ret = WOLFSSL_SUCCESS; ++ } ++ else { ++#ifdef HAVE_HASHDRBG ++ ret = wc_RNG_DRBG_Reseed(&globalRNG, entropy, entropy_sz); ++ if (ret != 0) { ++ WOLFSSL_MSG("Error reseeding DRBG"); ++ ret = WOLFSSL_FAILURE; ++ } ++ else { ++ ret = WOLFSSL_SUCCESS; ++ } ++#else ++ WOLFSSL_MSG("RAND_poll called with HAVE_HASHDRBG not set"); ++ ret = WOLFSSL_FAILURE; ++#endif ++ } + + return ret; + } diff -Nru wolfssl-5.5.4/debian/patches/series wolfssl-5.5.4/debian/patches/series --- wolfssl-5.5.4/debian/patches/series 2023-10-23 19:46:16.000000000 +0200 +++ wolfssl-5.5.4/debian/patches/series 2025-08-11 10:15:23.000000000 +0200 @@ -5,3 +5,4 @@ disable-crl-monitor.patch disable-jobserver.patch cve-2023-3724.patch +CVE-2025-7394.patch
--- End Message ---
--- Begin Message ---
- To: 1086622-done@bugs.debian.org, 1098225-done@bugs.debian.org, 1098229-done@bugs.debian.org, 1098783-done@bugs.debian.org, 1100607-done@bugs.debian.org, 1100960-done@bugs.debian.org, 1101144-done@bugs.debian.org, 1102091-done@bugs.debian.org, 1102675-done@bugs.debian.org, 1102752-done@bugs.debian.org, 1103926-done@bugs.debian.org, 1103927-done@bugs.debian.org, 1104028-done@bugs.debian.org, 1104154-done@bugs.debian.org, 1104821-done@bugs.debian.org, 1104874-done@bugs.debian.org, 1104882-done@bugs.debian.org, 1105009-done@bugs.debian.org, 1105113-done@bugs.debian.org, 1105816-done@bugs.debian.org, 1105888-done@bugs.debian.org, 1105957-done@bugs.debian.org, 1105971-done@bugs.debian.org, 1105996-done@bugs.debian.org, 1106300-done@bugs.debian.org, 1106328-done@bugs.debian.org, 1106348-done@bugs.debian.org, 1106536-done@bugs.debian.org, 1106721-done@bugs.debian.org, 1106756-done@bugs.debian.org, 1106761-done@bugs.debian.org, 1106867-done@bugs.debian.org, 1107069-done@bugs.debian.org, 1107116-done@bugs.debian.org, 1107147-done@bugs.debian.org, 1107217-done@bugs.debian.org, 1107252-done@bugs.debian.org, 1107253-done@bugs.debian.org, 1107568-done@bugs.debian.org, 1107852-done@bugs.debian.org, 1107902-done@bugs.debian.org, 1108122-done@bugs.debian.org, 1108127-done@bugs.debian.org, 1108137-done@bugs.debian.org, 1108185-done@bugs.debian.org, 1108308-done@bugs.debian.org, 1108353-done@bugs.debian.org, 1108504-done@bugs.debian.org, 1108508-done@bugs.debian.org, 1108543-done@bugs.debian.org, 1108548-done@bugs.debian.org, 1108921-done@bugs.debian.org, 1109012-done@bugs.debian.org, 1109034-done@bugs.debian.org, 1109084-done@bugs.debian.org, 1109087-done@bugs.debian.org, 1109095-done@bugs.debian.org, 1109127-done@bugs.debian.org, 1109147-done@bugs.debian.org, 1109207-done@bugs.debian.org, 1109545-done@bugs.debian.org, 1109611-done@bugs.debian.org, 1109763-done@bugs.debian.org, 1109819-done@bugs.debian.org, 1109943-done@bugs.debian.org, 1109945-done@bugs.debian.org, 1109947-done@bugs.debian.org, 1109995-done@bugs.debian.org, 1110034-done@bugs.debian.org, 1110080-done@bugs.debian.org, 1110114-done@bugs.debian.org, 1110340-done@bugs.debian.org, 1110489-done@bugs.debian.org, 1110643-done@bugs.debian.org, 1110686-done@bugs.debian.org, 1110813-done@bugs.debian.org, 1111034-done@bugs.debian.org, 1111076-done@bugs.debian.org, 1111426-done@bugs.debian.org, 1111486-done@bugs.debian.org, 1111600-done@bugs.debian.org, 1111607-done@bugs.debian.org, 1111653-done@bugs.debian.org, 1111666-done@bugs.debian.org, 1111835-done@bugs.debian.org, 1111859-done@bugs.debian.org, 1111924-done@bugs.debian.org, 1111959-done@bugs.debian.org, 1111966-done@bugs.debian.org, 1111969-done@bugs.debian.org, 1111987-done@bugs.debian.org, 1111989-done@bugs.debian.org, 1112039-done@bugs.debian.org, 1112053-done@bugs.debian.org, 1112070-done@bugs.debian.org, 1112074-done@bugs.debian.org, 1112124-done@bugs.debian.org, 1112129-done@bugs.debian.org, 1112141-done@bugs.debian.org, 1112195-done@bugs.debian.org, 1112239-done@bugs.debian.org, 1112252-done@bugs.debian.org, 1112340-done@bugs.debian.org, 1112347-done@bugs.debian.org, 1112368-done@bugs.debian.org, 1112449-done@bugs.debian.org, 1112459-done@bugs.debian.org, 1112467-done@bugs.debian.org, 1112542-done@bugs.debian.org
- Subject: Closing p-u requests for fixes included in 12.12
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 06 Sep 2025 12:14:50 +0100
- Message-id: <ee4c0876608d99eb3f8b333b556fbd92e7a652eb.camel@adam-barratt.org.uk>
Package: release.debian.org Version: 12.12 Hi, Each of the updates referenced by these requests was included in today's 12.12 point release for bookworm. Regards, Adam
--- End Message ---