Your message dated Mon, 04 Aug 2025 16:24:28 +0000
with message-id <[email protected]>
and subject line Bug#1109549: fixed in wolfssl 5.7.2-0.3
has caused the Debian Bug report #1109549,
regarding wolfssl: CVE-2025-7394
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1109549: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109549
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wolfssl
Version: 5.7.2-0.1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for wolfssl.
CVE-2025-7394[0]:
| In the OpenSSL compatibility layer implementation, the function
| RAND_poll() was not behaving as expected and leading to the
| potential for predictable values returned from RAND_bytes() after
| fork() is called. This can lead to weak or predictable random
| numbers generated in applications that are both using RAND_bytes()
| and doing fork() operations. This only affects applications
| explicitly calling RAND_bytes() after fork() and does not affect any
| internal TLS operations. Although RAND_bytes() documentation in
| OpenSSL calls out not being safe for use with fork() without first
| calling RAND_poll(), an additional code change was also made in
| wolfSSL to make RAND_bytes() behave similar to OpenSSL after a
| fork() call without calling RAND_poll(). Now the Hash-DRBG used gets
| reseeded after detecting running in a new process. If making use of
| RAND_bytes() and calling fork() we recommend updating to the latest
| version of wolfSSL. Thanks to Per Allansson from Appgate for the
| report.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-7394
https://www.cve.org/CVERecord?id=CVE-2025-7394
[1]
https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wolfssl
Source-Version: 5.7.2-0.3
Done: Bastian Germann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
wolfssl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastian Germann <[email protected]> (supplier of updated wolfssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 04 Aug 2025 17:57:05 +0200
Source: wolfssl
Architecture: source
Version: 5.7.2-0.3
Distribution: experimental
Urgency: medium
Maintainer: Jacob Barthelmeh <[email protected]>
Changed-By: Bastian Germann <[email protected]>
Closes: 1109549
Changes:
wolfssl (5.7.2-0.3) experimental; urgency=medium
.
* Non-maintainer upload.
* Drop kfreebsd patch.
* Fix CVE-2025-7394. (Closes: #1109549)
* Drop misleading license reference in the package description.
Checksums-Sha1:
2b914f31676e12a71535e3072885498222500ddb 2008 wolfssl_5.7.2-0.3.dsc
db4d7cbb7d5dfdb9d19cae30fce9cc66ca072bdf 35000 wolfssl_5.7.2-0.3.debian.tar.xz
909af7c7beb1644bf6e28c14b87492a41943e878 5507
wolfssl_5.7.2-0.3_source.buildinfo
Checksums-Sha256:
7eb87dabe5d683218f33aa19805b79d10256d24895e9734b2ea7bfadd7522e5b 2008
wolfssl_5.7.2-0.3.dsc
07ec423b83cebb5aae164614c984b020961085073904e664ba9024631e53c177 35000
wolfssl_5.7.2-0.3.debian.tar.xz
0f306de791c9417535395a8a5ec954d990b277e89835c16a716544307a10d123 5507
wolfssl_5.7.2-0.3_source.buildinfo
Files:
0ab6d67cfb32a095f655b704ba16d03d 2008 libs optional wolfssl_5.7.2-0.3.dsc
55b234b846b07743b533bf9532b7f842 35000 libs optional
wolfssl_5.7.2-0.3.debian.tar.xz
e666423b9357580e5ad1cc1a938a951a 5507 libs optional
wolfssl_5.7.2-0.3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmiQ2jEQHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFD0CDADLpOlPHFxMGYnFE5cztwf40cC+2gKA0FFp
/iTmNNNkZoXfOqzB78IwWtvJskc6bdbISbVTfhsoWS3M+V66Ubhko7wwqN212v3f
tQKWsDVKvi8e9X66Nzc6bkLtvJ0TrfZbqjUSMhJTONG29qh3nnL9n3fFMhlIWPvl
vo8ti0VZswihfTF1jbmSTnQWM6w600EaqhbpA19P//Jx6ilnmH3ypg/plt3/vIy1
DI9HVZWWMtAmjtPhbkdr/S3RkChLpX0AQSUqP2OaFDpdRs1Fp5a7N7jOvHdjuxxj
pbucBu5IrKQzexvs68bOntFvbQ9sBqrAyZk4Nome4jB0N0H/7hBxoXaqYp/p8wmj
g5KOv2XHeTblPsfoDS7JypGvWxCUhgGyymHTh8RW5lENa2v09XTXaOOGs0qhg26O
WWpVto932vNiDbtaNyyFEJpMpwwBb8OTJYWLGR3SWr6KGlV3WWSVgdmCYxJa62W2
25BPF7BbFfF7Inw0oh5tOmGNq/FkS10=
=Loms
-----END PGP SIGNATURE-----
pgpZCPUGpcOLI.pgp
Description: PGP signature
--- End Message ---
