Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.changes > #13309

Accepted gpsd 3.25-5+deb13u1 (source) into proposed-updates

From Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Newsgroups linux.debian.changes
Subject Accepted gpsd 3.25-5+deb13u1 (source) into proposed-updates
Date 2026-03-01 16:20 +0100
Message-ID <MtQKl-4eUl-1@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 17 Jan 2026 17:51:45 +0100
Source: gpsd
Architecture: source
Version: 3.25-5+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Boian Bonev <bbonev@ipacct.com>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1124799 1124800
Changes:
 gpsd (3.25-5+deb13u1) trixie; urgency=medium
 .
   * Non-Maintainer Upload by LTS team
   * Add salsa CI for trixie
   * Fix CVE-2025-67268 (Closes: #1124800).
     gpsd contains a heap-based out-of-bounds write
     vulnerability in the drivers/driver_nmea2000.c file.
     The hnd_129540 function, which handles NMEA2000 PGN 129540
     (GNSS Satellites in View) packets, fails to validate the
     user-supplied satellite count against the size of the skyview
     array (184 elements). This allows an attacker to write beyond
     the bounds of the array by providing a satellite count up
     to 255, leading to memory corruption, Denial of Service (DoS),
     and potentially arbitrary code execution.
   * Fix CVE-2025-67269 (Closes: #1124799).
     An integer underflow vulnerability exists in the `nextstate()`
     function in `gpsd/packet.c`.
     When parsing a NAVCOM packet, the payload length is calculated
     using `lexer->length = (size_t)c - 4` without checking if
     the input byte `c` is less than 4. This results in an unsigned
     integer underflow, setting `lexer->length` to a very large value
     (near `SIZE_MAX`). The parser then enters a loop attempting to
     consume this massive number of bytes, causing 100% CPU utilization
     and a Denial of Service (DoS) condition.
Checksums-Sha1:
 2ff589f6a6ef9b45da24ad11b8107db77a823fde 3206 gpsd_3.25-5+deb13u1.dsc
 81965943f81484da80d8adb0547572fe9f0e8ebc 5225194 gpsd_3.25.orig.tar.gz
 b0398b73ea36dddd9a73f4502f3e2e3b04ef8ac8 833 gpsd_3.25.orig.tar.gz.asc
 a55c92dd807a1576c0b8d25a1156e000cf29a794 51764 gpsd_3.25-5+deb13u1.debian.tar.xz
 4c8cc685785b94f05db19f3deff68d161f4af966 11087 gpsd_3.25-5+deb13u1_source.buildinfo
Checksums-Sha256:
 ebc139511d7ab1b61e83533242f50914420f0c33ecd6101229a057f6a2219d0b 3206 gpsd_3.25-5+deb13u1.dsc
 b368b6a305e3f7a6382d23a0cbfc1d78923060b6b7f54cf7987a73c7b4a9afc2 5225194 gpsd_3.25.orig.tar.gz
 86d20ad8c283a40c728d404f43ce4d9bb037435ab0f87fa48e6b692ada48f162 833 gpsd_3.25.orig.tar.gz.asc
 89db31671ce1aa14bd00f787fc97934f5bcc67704c0aa0ab7257b680d4300254 51764 gpsd_3.25-5+deb13u1.debian.tar.xz
 9b7cb8832866b6c0088f61a05d5e596fe93b0997db01eecc9256de979bff42dc 11087 gpsd_3.25-5+deb13u1_source.buildinfo
Files:
 871eb10c026fae2c3719f14c9eaf3d3a 3206 misc optional gpsd_3.25-5+deb13u1.dsc
 e8903e7af2d56445b82a4c3be6ec8e26 5225194 misc optional gpsd_3.25.orig.tar.gz
 d9a34bee2b824eb9840b8893a947f134 833 misc optional gpsd_3.25.orig.tar.gz.asc
 53a9cb49ff9873399ae9874029f9c631 51764 misc optional gpsd_3.25-5+deb13u1.debian.tar.xz
 0c13ba26bd44e089eaa23f475953d876 11087 misc optional gpsd_3.25-5+deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

wsG7BAEBCgBvBYJppCGhCRAAOhotqkEIX0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmfARQq9UEY+39QsQaFtSjtLOoMN1KywCxf/8gWx2IAn
LxYhBF0Bh7lAokW617D1agA6Gi2qQQhfAACSZQ/+JtpqM0Yz2EZ/K+38MmCj5f5+
LqgAMy/0oPY+x/QqSrCDjyOOUOyNVJULx16VhXVz6LN71x3khCw9XZb92KKKRUKW
pXrax1AayEipVisK+1ppgfbDq7MxKUe7ryH7OVAhQlksEfc/J4j+MTv/ECo/oBuT
B1oUGXn98kUUUtuupnIR6d3ef6a7yuLnx0MQB4FrnY5Aal17ww8ZWk9gQshReG2x
SqDKTJ8gJuTvxRVabLrQ76yHyXIKEsFFcaJVlgmFmUPGJOu3NcLMb6oZkzm3umNK
GTUSdqnqBy9G+YKvHvR92XXdVuVeu3DABxbh4YuT3hS+SY53h59eoE4NL+Eh+Frj
a0dlEzoetBKHxHgQIjbGI67PoGDcmjL3GijXTYak+MhWT1CRIloMm5tETSjsiOFD
VH4fN9kaMjNjC8Rx1diGn7c10ThZsCYvga8ZwLpTcPugxq9OY0vHD+eZj/Vcgq8s
j1RIASijd5AIhyQMA0hk9FGhzPnP9Y2imNRbCoemcxHoVxYc517Z8DOnFPDDQpAG
0LXiD2n9rknE8M3QBSswyf3hvuAYTrrt7969rRKUjwlrzmqtwVNFmns7DdBEAG8z
IvsxdCRdFMbO5RPjP7y9aYGhpijxooTnP2grpJssOHdrFxSStAA+eozqqYXxVEEN
Mlb7aCxlwkTcrQb11zQ=
=bEfb
-----END PGP SIGNATURE-----

Back to linux.debian.changes | Previous | Next | Find similar

Thread

Accepted gpsd 3.25-5+deb13u1 (source) into proposed-updates Debian FTP Masters <ftpmaster@ftp-master.debian.org> - 2026-03-01 16:20 +0100

csiph-web