Hi, On Wed, Dec 24, 2025 at 05:55:27PM +0000, hibby wrote: > On Wednesday, 24 December 2025 06:29:11 Greenwich Mean Time Salvatore > Bonaccorso wrote: > > Source: direwolf > > Version: 1.8.1+dfsg-1 > > Severity: important > > Tags: security upstream > > X-Debbugs-Cc: [email protected], Debian Security Team > > <[email protected]> > > > > Hi, > > > Hello! > > > The following vulnerabilities were published for direwolf. > > > > CVE-2025-34457[0]: > > > CVE-2025-34458[1]: > > Thanks for this! It's reasonably niche software, so I guess we don't need to > move too quickly, but I've done some work and want to know more about next > steps / good practice. > > > > > If you fix the vulnerabilities please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. > > > Hello - I have cherrypicked the fixes and uploaded to unstable as version > 1.8.1+dfsg- and mentioned the ids [1]. > > > Please adjust the affected versions in the BTS as needed. > > The fixes should cover prior versions - is it worth me tagging the version in > stable as affected and preparing an upload for the security queue?
those do not need a DSA but miht be fixed with the upcoming point releases (a prerequisite for that is though that the fix is first in unstable). Once that has happened, can you prepare fixes via the upcoming point releases? I would agree they are not urgent to be handled. Regards, Salvatore
