Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.changes > #13591
| From | Debian FTP Masters <ftpmaster@ftp-master.debian.org> |
|---|---|
| Newsgroups | linux.debian.changes |
| Subject | Accepted gpsd 3.22-4.1+deb12u1 (source) into oldstable-proposed-updates |
| Date | 2026-05-02 22:50 +0200 |
| Message-ID | <MQprI-273D-35@gated-at.bofh.it> (permalink) |
| Organization | linux.* mail to news gateway |
[Multipart message — attachments visible in raw view] - view raw
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 18 Jan 2026 12:45:58 +0100
Source: gpsd
Architecture: source
Version: 3.22-4.1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Bernd Zeimetz <bzed@debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1124799 1124800
Changes:
gpsd (3.22-4.1+deb12u1) bookworm; urgency=medium
.
* Non-Maintainer Upload by LTS team
* Remove BD: makedev, breaks debusine
* Fix CVE-2025-67268 (Closes: #1124800).
gpsd contains a heap-based out-of-bounds write
vulnerability in the drivers/driver_nmea2000.c file.
The hnd_129540 function, which handles NMEA2000 PGN 129540
(GNSS Satellites in View) packets, fails to validate the
user-supplied satellite count against the size of the skyview
array (184 elements). This allows an attacker to write beyond
the bounds of the array by providing a satellite count up
to 255, leading to memory corruption, Denial of Service (DoS),
and potentially arbitrary code execution.
* Fix CVE-2025-67269 (Closes: #1124799).
An integer underflow vulnerability exists in the `nextstate()`
function in `gpsd/packet.c`.
When parsing a NAVCOM packet, the payload length is calculated
using `lexer->length = (size_t)c - 4` without checking if
the input byte `c` is less than 4. This results in an unsigned
integer underflow, setting `lexer->length` to a very large value
(near `SIZE_MAX`). The parser then enters a loop attempting to
consume this massive number of bytes, causing 100% CPU utilization
and a Denial of Service (DoS) condition.
Checksums-Sha1:
582c6b9b24861ed66dc13bc6aa86793c043656fd 2872 gpsd_3.22-4.1+deb12u1.dsc
546f1968d208c5d73cf65aa31ea6ee16b01fb445 3347364 gpsd_3.22.orig.tar.xz
85ab7bc6af40473e12e213bdbd10f29cb1f5873a 59648 gpsd_3.22-4.1+deb12u1.debian.tar.xz
2091bbeaf1cf71c51075db64938419a275586664 10456 gpsd_3.22-4.1+deb12u1_source.buildinfo
Checksums-Sha256:
9c448de3d8e49bd974d309e3e190b5fc7c0a92c074cd49d9319921dfd3156c6a 2872 gpsd_3.22-4.1+deb12u1.dsc
68d2a04e237a02ce42158ceda462a24afe11eeaa2b13482e94ac7ef66693f3a0 3347364 gpsd_3.22.orig.tar.xz
ae4e649eed92f65a349dc341e07a04e605b50420cd93a114a041025dd8c4a896 59648 gpsd_3.22-4.1+deb12u1.debian.tar.xz
83e32c199c0a4d228d4e3934abc519bbd90dafca58cf9cb98e8e49d68e157b03 10456 gpsd_3.22-4.1+deb12u1_source.buildinfo
Files:
a0d0a2fe62004edb76933a2af2b4d624 2872 misc optional gpsd_3.22-4.1+deb12u1.dsc
c4a284ddb482318e8fdccf2903fb22c2 3347364 misc optional gpsd_3.22.orig.tar.xz
9bf5711e670f089284e4003e649d465b 59648 misc optional gpsd_3.22-4.1+deb12u1.debian.tar.xz
f435a6a19c76dd8657ed019442ef804f 10456 misc optional gpsd_3.22-4.1+deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmnTf2sACgkQADoaLapB
CF+/og/9EEZi9BAtFuvuSHnq+Hiy4YCF0IOuUxHtIs9R5mZRzwjQ+oWNPXRw/jIx
uQJXPzYXoTsgDIixUOvhoVgS494LcQUVu1KyhgQX6zAOZRzmKFH3KMyCUnMtUfSq
hmWHi9uLneK6K3CK4rWzQIEGHYLifcYkjkxbt5l5EMu78y9iq5XTGshD2/pt1Frb
6ehn5ZBxEFVLNotLGx8eceakcMESU7WA9+PoNp8Ue2qmNBc8SUfXY3uRTel7WQ5Q
FavecWITmR1zrb2ctHqVkqD+ZWAXwdxHk8B4RD7L+wAFDDbcJxYUKDNX9bciGAWD
K6W1Cr0glBqBwL6wcC3+03PcKHsJ7L0KF7DNjwIzjSWGHw1wNl+Eg06w3JsgslRt
OX8cd6ocKD0f/+8l5osMVpK8xnNoT/iZ2mXJ09B8hnPBWZFIp0JdTGrQy9bI4iPc
a0VWZYRC7hSAKi0jzb/nVOWgUlJCvZzQC8AYnUFwc+MdfVJ0bW2Gvwu8MjdnX373
6yvf41r887kJPjE2ytvlyWC7kuTo5tBtqqZJo4TpBcsai1QY1WXTlsUkMNMZp492
4f59m9HZrZH2PftAjSdI+j2SymxVlJ/umeacXxkbWiWl+undLpg9HPZ5xhCMw/SW
DKZbfD16QDJY2WwIjj9qp3JGk95sq6JYw+IPytMeC86c+rn0R5I=
=GAwA
-----END PGP SIGNATURE-----
Back to linux.debian.changes | Previous | Next | Find similar
Accepted gpsd 3.22-4.1+deb12u1 (source) into oldstable-proposed-updates Debian FTP Masters <ftpmaster@ftp-master.debian.org> - 2026-05-02 22:50 +0200
csiph-web