i Dave, On Mon, Dec 29, 2025 at 04:17:43PM +0000, hibby wrote: > On Wednesday, 24 December 2025 20:29:44 Greenwich Mean Time Salvatore > Bonaccorso wrote: > > Hi, > > > > On Wed, Dec 24, 2025 at 05:55:27PM +0000, hibby wrote: > > > On Wednesday, 24 December 2025 06:29:11 Greenwich Mean Time Salvatore > > > > those do not need a DSA but miht be fixed with the upcoming point > > releases (a prerequisite for that is though that the fix is first in > > unstable). Once that has happened, can you prepare fixes via the > > upcoming point releases? I would agree they are not urgent to be > > handled. > > > > Having looked in more detail today, I have determined that CVE-2025-34458 > does > not apply to < v1.8 of the package, so no stable/oldstable update will be > required for that. The vulnerability was introduced with new functionality > that was only shipped in the 1.8 release - How do I update the security > tracker to reflect this?
Ok you are right, it looks that it was introduced with 1.8-beta1. I have updated the tracker. > I have created the patch for CVE-2025-34457 and will ship that in the next > day > or so [1] > > [1] https://salsa.debian.org/debian-hamradio-team/direwolf/-/commits/debian/ > trixie Thank you! Regars, Salvatore
