I have also reported this upstream to the primary developer.
--David
KI6ZHD
On 12/24/2025 09:55 AM, hibby wrote:
On Wednesday, 24 December 2025 06:29:11 Greenwich Mean Time Salvatore
Bonaccorso wrote:
Source: direwolf
Version: 1.8.1+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team
<[email protected]>
Hi,
Hello!
The following vulnerabilities were published for direwolf.
CVE-2025-34457[0]:
CVE-2025-34458[1]:
Thanks for this! It's reasonably niche software, so I guess we don't need to
move too quickly, but I've done some work and want to know more about next
steps / good practice.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
Hello - I have cherrypicked the fixes and uploaded to unstable as version
1.8.1+dfsg- and mentioned the ids [1].
Please adjust the affected versions in the BTS as needed.
The fixes should cover prior versions - is it worth me tagging the version in
stable as affected and preparing an upload for the security queue?
Cheers,
Hibby
[1] https://salsa.debian.org/debian-hamradio-team/direwolf/-/blob/master/
debian/changelog?ref_type=heads
--
Dave Hibberd <[email protected]>
Debian Developer
Packet Radioist
MM0RFN
