On Wednesday, 24 December 2025 20:29:44 Greenwich Mean Time Salvatore Bonaccorso wrote: > Hi, > > On Wed, Dec 24, 2025 at 05:55:27PM +0000, hibby wrote: > > On Wednesday, 24 December 2025 06:29:11 Greenwich Mean Time Salvatore > > those do not need a DSA but miht be fixed with the upcoming point > releases (a prerequisite for that is though that the fix is first in > unstable). Once that has happened, can you prepare fixes via the > upcoming point releases? I would agree they are not urgent to be > handled. >
Having looked in more detail today, I have determined that CVE-2025-34458 does not apply to < v1.8 of the package, so no stable/oldstable update will be required for that. The vulnerability was introduced with new functionality that was only shipped in the 1.8 release - How do I update the security tracker to reflect this? I have created the patch for CVE-2025-34457 and will ship that in the next day or so [1] [1] https://salsa.debian.org/debian-hamradio-team/direwolf/-/commits/debian/ trixie Cheers, -- Dave Hibberd <[email protected]> Debian Developer Packet Radioist MM0RFN
