Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.changes > #13591
| Path | csiph.com!weretis.net!feeder9.news.weretis.net!feeder8.news.weretis.net!news.samoylyk.net!gothmog.csi.it!bofh.it!news.nic.it!robomod |
|---|---|
| From | Debian FTP Masters <ftpmaster@ftp-master.debian.org> |
| Newsgroups | linux.debian.changes |
| Subject | Accepted gpsd 3.22-4.1+deb12u1 (source) into oldstable-proposed-updates |
| Date | Sat, 02 May 2026 22:50:02 +0200 |
| Message-ID | <MQprI-273D-35@gated-at.bofh.it> (permalink) |
| X-Mailbox-Line | From debian-changes-request@lists.debian.org Sat May 2 20:49:17 2026 |
| Old-Return-Path | <envelope@ftp-master.debian.org> |
| X-Spam-Flag | NO |
| X-Spam-Score | -107.99 |
| X-Dak | dak process-policy |
| X-Debian | DAK |
| X-Debian-Package | gpsd |
| Debian | DAK |
| Debian-Changes | gpsd_3.22-4.1+deb12u1_source.changes |
| Debian-Source | gpsd |
| Debian-Version | 3.22-4.1+deb12u1 |
| Debian-Architecture | source |
| Debian-Suite | oldstable-proposed-updates |
| Debian-Archive-Action | accept |
| MIME-Version | 1.0 |
| Content-Type | multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============4174198222203459234==" |
| X-Debian-Message | from DAK |
| Reply-To | debian-devel@lists.debian.org |
| Mail-Followup-To | debian-devel@lists.debian.org |
| X-Mailing-List | <debian-changes@lists.debian.org> archive/latest/18217 |
| List-ID | <debian-changes.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-changes/> |
| List-Archive | https://lists.debian.org/msgid-search/E1wJHGH-0000000630k-2fp4@fasolo.debian.org |
| Approved | robomod@news.nic.it |
| Lines | 96 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Date | Sat, 02 May 2026 20:48:29 +0000 |
| X-Original-Message-ID | <E1wJHGH-0000000630k-2fp4@fasolo.debian.org> |
| Xref | csiph.com linux.debian.changes:13591 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 18 Jan 2026 12:45:58 +0100
Source: gpsd
Architecture: source
Version: 3.22-4.1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Bernd Zeimetz <bzed@debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1124799 1124800
Changes:
gpsd (3.22-4.1+deb12u1) bookworm; urgency=medium
.
* Non-Maintainer Upload by LTS team
* Remove BD: makedev, breaks debusine
* Fix CVE-2025-67268 (Closes: #1124800).
gpsd contains a heap-based out-of-bounds write
vulnerability in the drivers/driver_nmea2000.c file.
The hnd_129540 function, which handles NMEA2000 PGN 129540
(GNSS Satellites in View) packets, fails to validate the
user-supplied satellite count against the size of the skyview
array (184 elements). This allows an attacker to write beyond
the bounds of the array by providing a satellite count up
to 255, leading to memory corruption, Denial of Service (DoS),
and potentially arbitrary code execution.
* Fix CVE-2025-67269 (Closes: #1124799).
An integer underflow vulnerability exists in the `nextstate()`
function in `gpsd/packet.c`.
When parsing a NAVCOM packet, the payload length is calculated
using `lexer->length = (size_t)c - 4` without checking if
the input byte `c` is less than 4. This results in an unsigned
integer underflow, setting `lexer->length` to a very large value
(near `SIZE_MAX`). The parser then enters a loop attempting to
consume this massive number of bytes, causing 100% CPU utilization
and a Denial of Service (DoS) condition.
Checksums-Sha1:
582c6b9b24861ed66dc13bc6aa86793c043656fd 2872 gpsd_3.22-4.1+deb12u1.dsc
546f1968d208c5d73cf65aa31ea6ee16b01fb445 3347364 gpsd_3.22.orig.tar.xz
85ab7bc6af40473e12e213bdbd10f29cb1f5873a 59648 gpsd_3.22-4.1+deb12u1.debian.tar.xz
2091bbeaf1cf71c51075db64938419a275586664 10456 gpsd_3.22-4.1+deb12u1_source.buildinfo
Checksums-Sha256:
9c448de3d8e49bd974d309e3e190b5fc7c0a92c074cd49d9319921dfd3156c6a 2872 gpsd_3.22-4.1+deb12u1.dsc
68d2a04e237a02ce42158ceda462a24afe11eeaa2b13482e94ac7ef66693f3a0 3347364 gpsd_3.22.orig.tar.xz
ae4e649eed92f65a349dc341e07a04e605b50420cd93a114a041025dd8c4a896 59648 gpsd_3.22-4.1+deb12u1.debian.tar.xz
83e32c199c0a4d228d4e3934abc519bbd90dafca58cf9cb98e8e49d68e157b03 10456 gpsd_3.22-4.1+deb12u1_source.buildinfo
Files:
a0d0a2fe62004edb76933a2af2b4d624 2872 misc optional gpsd_3.22-4.1+deb12u1.dsc
c4a284ddb482318e8fdccf2903fb22c2 3347364 misc optional gpsd_3.22.orig.tar.xz
9bf5711e670f089284e4003e649d465b 59648 misc optional gpsd_3.22-4.1+deb12u1.debian.tar.xz
f435a6a19c76dd8657ed019442ef804f 10456 misc optional gpsd_3.22-4.1+deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmnTf2sACgkQADoaLapB
CF+/og/9EEZi9BAtFuvuSHnq+Hiy4YCF0IOuUxHtIs9R5mZRzwjQ+oWNPXRw/jIx
uQJXPzYXoTsgDIixUOvhoVgS494LcQUVu1KyhgQX6zAOZRzmKFH3KMyCUnMtUfSq
hmWHi9uLneK6K3CK4rWzQIEGHYLifcYkjkxbt5l5EMu78y9iq5XTGshD2/pt1Frb
6ehn5ZBxEFVLNotLGx8eceakcMESU7WA9+PoNp8Ue2qmNBc8SUfXY3uRTel7WQ5Q
FavecWITmR1zrb2ctHqVkqD+ZWAXwdxHk8B4RD7L+wAFDDbcJxYUKDNX9bciGAWD
K6W1Cr0glBqBwL6wcC3+03PcKHsJ7L0KF7DNjwIzjSWGHw1wNl+Eg06w3JsgslRt
OX8cd6ocKD0f/+8l5osMVpK8xnNoT/iZ2mXJ09B8hnPBWZFIp0JdTGrQy9bI4iPc
a0VWZYRC7hSAKi0jzb/nVOWgUlJCvZzQC8AYnUFwc+MdfVJ0bW2Gvwu8MjdnX373
6yvf41r887kJPjE2ytvlyWC7kuTo5tBtqqZJo4TpBcsai1QY1WXTlsUkMNMZp492
4f59m9HZrZH2PftAjSdI+j2SymxVlJ/umeacXxkbWiWl+undLpg9HPZ5xhCMw/SW
DKZbfD16QDJY2WwIjj9qp3JGk95sq6JYw+IPytMeC86c+rn0R5I=
=GAwA
-----END PGP SIGNATURE-----
Back to linux.debian.changes | Previous | Next | Find similar | Unroll thread
Accepted gpsd 3.22-4.1+deb12u1 (source) into oldstable-proposed-updates Debian FTP Masters <ftpmaster@ftp-master.debian.org> - 2026-05-02 22:50 +0200
csiph-web