Your message dated Thu, 04 Dec 2025 22:34:54 +0000
with message-id <[email protected]>
and subject line Bug#1121202: fixed in wolfssl 5.8.4-1
has caused the Debian Bug report #1121202,
regarding wolfssl: CVE-2025-11936
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1121202: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121202
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wolfssl
Version: 5.8.2-1.2
Severity: important
Tags: security upstream
Forwarded: https://github.com/wolfSSL/wolfssl/pull/9117
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for wolfssl.
CVE-2025-11935[0]:
| With TLS 1.3 pre-shared key (PSK) a malicious or faulty server could
| ignore the request for PFS (perfect forward secrecy) and the client
| would continue on with the connection using PSK without PFS. This
| happened when a server responded to a ClientHello containing
| psk_dhe_ke without a key_share extension. The re-use of an
| authenticated PSK connection that on the clients side unexpectedly
| did not have PFS, reduces the security of the connection.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-11935
https://www.cve.org/CVERecord?id=CVE-2025-11935
[1] https://github.com/wolfSSL/wolfssl/pull/9117
[2]
https://github.com/wolfSSL/wolfssl/commit/b1cdf0b214f0e9c0d34e29d16325cbe9a8deb87d
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wolfssl
Source-Version: 5.8.4-1
Done: Jacob Barthelmeh <[email protected]>
We believe that the bug you reported is fixed in the latest version of
wolfssl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jacob Barthelmeh <[email protected]> (supplier of updated wolfssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 01 Dec 2025 00:23:54 -0700
Source: wolfssl
Architecture: source
Version: 5.8.4-1
Distribution: unstable
Urgency: medium
Maintainer: Jacob Barthelmeh <[email protected]>
Changed-By: Jacob Barthelmeh <[email protected]>
Closes: 1121196 1121197 1121198 1121199 1121200 1121202 1121204 1121205
Changes:
wolfssl (5.8.4-1) unstable; urgency=medium
.
* New upstream release
* Fix for CVE-2025-12888, CVE-2025-11936, CVE-2025-11935, CVE-2025-11934,
CVE-2025-11933, CVE-2025-11932, CVE-2025-11931, CVE-2025-12889
(Closes: #1121196, #1121197, #1121198, #1121199, #1121200, #1121202,
#1121204, #1121205)
.
[ Bastian Germann ]
* Eliminate unnecessary disable-jobserver.patch
Checksums-Sha1:
fb39e690c1760a81833ea056db2e1b4b38c87b5d 1994 wolfssl_5.8.4-1.dsc
dc12f700b7819d64e00272170b84873d99b9db3b 25689716 wolfssl_5.8.4.orig.tar.gz
3e5980320371dbc507ba2e35d3d287adb65fca31 488 wolfssl_5.8.4.orig.tar.gz.asc
25597481cfe367d74797e35147bb056cd989ca34 36040 wolfssl_5.8.4-1.debian.tar.xz
dfc031de5c8c0f16f47791e5b893e9470220436a 5965 wolfssl_5.8.4-1_source.buildinfo
Checksums-Sha256:
6f4dbdc4e983dcba0798b11bac68b9fca8da6a643462a840fa8cc260b4af5531 1994
wolfssl_5.8.4-1.dsc
2b702b7a66b0067bfd284408827b1e59288b357b0dd758d0089c062395f2a522 25689716
wolfssl_5.8.4.orig.tar.gz
53b1431a15aa1218052c724a28b74ce25533d77799d4c9f31d6573905553740f 488
wolfssl_5.8.4.orig.tar.gz.asc
b75f959f11536ebe75ebc74e95d6ce6f95ae44211f470788283e97ba8ff70244 36040
wolfssl_5.8.4-1.debian.tar.xz
c14fa5472db5d022354164c2c14a1c8d6542e92fa05593d0237d5b9ca19d5317 5965
wolfssl_5.8.4-1_source.buildinfo
Files:
01743ad3d5affd93be8adcc12238f6bb 1994 libs optional wolfssl_5.8.4-1.dsc
b2ac139ad5bb8f14514a54b86bcafe5a 25689716 libs optional
wolfssl_5.8.4.orig.tar.gz
f9bca27fb13b566aa1a0ccd10e5e2b9e 488 libs optional
wolfssl_5.8.4.orig.tar.gz.asc
0607544ee5d1f1de43bf9fde9170910b 36040 libs optional
wolfssl_5.8.4-1.debian.tar.xz
73d8c0fc3a4e8169fd29f2e4b2338916 5965 libs optional
wolfssl_5.8.4-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmkyCCgQHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFIGHC/952LH4DrqzfcA0j7daIoZwbJwT+jskAjl8
hOMd45feOLQUP/j4LTJoP7R5GAPHeDzsHBYu5bu5XnpS0Mz8gIJGoHkI/sb8yPmt
cOcC8wVvjLgliHqbIaNR4KzSpxOrAM9QS3jIPndyHNPVbslVxwhj+Z1Q5EobL3Ya
30LavhzQk9HBhS0eqa4IBk2hnT0k3qjqZ96GnE0Yg1R76VWWqI3oxiZwLq2JPKfr
7nAkiQTF0ThY9h2ASF9d6nen97Mw0tHIOnZ3nm9PP2eBTI4/6DMj5McW25dQ6mD/
YFWRvHEZAY9bZKMoT5+YHrsnjz0ozCncQ6cn/44npC2yjVrbyEgiHRryKYyf5eO3
n0d5fBxYlLO7XDwsILUHZ1U0dRmbfl3RGRWBYCuPO+YY+9La3qLnkgUxN5XqGnau
+aafPp08seMbpcNpyT5ziVGSGW3oOvXC/bKLkOkNRl9s0/kqTp55kfDmItjiQ8vR
PmhVKXUKWr7FWAYCGWUvh2sXd/erNdU=
=qJIY
-----END PGP SIGNATURE-----
pgpEyV6odbJ4y.pgp
Description: PGP signature
--- End Message ---
