Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.changes > #13309
| Path | csiph.com!news.samoylyk.net!gothmog.csi.it!bofh.it!news.nic.it!robomod |
|---|---|
| From | Debian FTP Masters <ftpmaster@ftp-master.debian.org> |
| Newsgroups | linux.debian.changes |
| Subject | Accepted gpsd 3.25-5+deb13u1 (source) into proposed-updates |
| Date | Sun, 01 Mar 2026 16:20:01 +0100 |
| Message-ID | <MtQKl-4eUl-1@gated-at.bofh.it> (permalink) |
| X-Original-To | debian-changes@lists.debian.org |
| X-Mailbox-Line | From debian-changes-request@lists.debian.org Sun Mar 1 15:17:28 2026 |
| Old-Return-Path | <envelope@ftp-master.debian.org> |
| X-Spam-Flag | NO |
| X-Spam-Score | -110.29 |
| X-Dak | dak process-policy |
| X-Debian | DAK |
| X-Debian-Package | gpsd |
| Debian | DAK |
| Debian-Changes | gpsd_3.25-5+deb13u1_source.changes |
| Debian-Source | gpsd |
| Debian-Version | 3.25-5+deb13u1 |
| Debian-Architecture | source |
| Debian-Suite | proposed-updates |
| Debian-Archive-Action | accept |
| MIME-Version | 1.0 |
| Content-Type | multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============8681218399455392093==" |
| X-Debian-Message | from DAK |
| Reply-To | debian-devel@lists.debian.org |
| Mail-Followup-To | debian-devel@lists.debian.org |
| X-Mailing-List | <debian-changes@lists.debian.org> archive/latest/17926 |
| List-ID | <debian-changes.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-changes/> |
| List-Archive | https://lists.debian.org/msgid-search/E1vwiXa-00000007ujh-2A3p@fasolo.debian.org |
| Approved | robomod@news.nic.it |
| Lines | 102 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Date | Sun, 01 Mar 2026 15:17:06 +0000 |
| X-Original-Message-ID | <E1vwiXa-00000007ujh-2A3p@fasolo.debian.org> |
| Xref | csiph.com linux.debian.changes:13309 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 17 Jan 2026 17:51:45 +0100
Source: gpsd
Architecture: source
Version: 3.25-5+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Boian Bonev <bbonev@ipacct.com>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1124799 1124800
Changes:
gpsd (3.25-5+deb13u1) trixie; urgency=medium
.
* Non-Maintainer Upload by LTS team
* Add salsa CI for trixie
* Fix CVE-2025-67268 (Closes: #1124800).
gpsd contains a heap-based out-of-bounds write
vulnerability in the drivers/driver_nmea2000.c file.
The hnd_129540 function, which handles NMEA2000 PGN 129540
(GNSS Satellites in View) packets, fails to validate the
user-supplied satellite count against the size of the skyview
array (184 elements). This allows an attacker to write beyond
the bounds of the array by providing a satellite count up
to 255, leading to memory corruption, Denial of Service (DoS),
and potentially arbitrary code execution.
* Fix CVE-2025-67269 (Closes: #1124799).
An integer underflow vulnerability exists in the `nextstate()`
function in `gpsd/packet.c`.
When parsing a NAVCOM packet, the payload length is calculated
using `lexer->length = (size_t)c - 4` without checking if
the input byte `c` is less than 4. This results in an unsigned
integer underflow, setting `lexer->length` to a very large value
(near `SIZE_MAX`). The parser then enters a loop attempting to
consume this massive number of bytes, causing 100% CPU utilization
and a Denial of Service (DoS) condition.
Checksums-Sha1:
2ff589f6a6ef9b45da24ad11b8107db77a823fde 3206 gpsd_3.25-5+deb13u1.dsc
81965943f81484da80d8adb0547572fe9f0e8ebc 5225194 gpsd_3.25.orig.tar.gz
b0398b73ea36dddd9a73f4502f3e2e3b04ef8ac8 833 gpsd_3.25.orig.tar.gz.asc
a55c92dd807a1576c0b8d25a1156e000cf29a794 51764 gpsd_3.25-5+deb13u1.debian.tar.xz
4c8cc685785b94f05db19f3deff68d161f4af966 11087 gpsd_3.25-5+deb13u1_source.buildinfo
Checksums-Sha256:
ebc139511d7ab1b61e83533242f50914420f0c33ecd6101229a057f6a2219d0b 3206 gpsd_3.25-5+deb13u1.dsc
b368b6a305e3f7a6382d23a0cbfc1d78923060b6b7f54cf7987a73c7b4a9afc2 5225194 gpsd_3.25.orig.tar.gz
86d20ad8c283a40c728d404f43ce4d9bb037435ab0f87fa48e6b692ada48f162 833 gpsd_3.25.orig.tar.gz.asc
89db31671ce1aa14bd00f787fc97934f5bcc67704c0aa0ab7257b680d4300254 51764 gpsd_3.25-5+deb13u1.debian.tar.xz
9b7cb8832866b6c0088f61a05d5e596fe93b0997db01eecc9256de979bff42dc 11087 gpsd_3.25-5+deb13u1_source.buildinfo
Files:
871eb10c026fae2c3719f14c9eaf3d3a 3206 misc optional gpsd_3.25-5+deb13u1.dsc
e8903e7af2d56445b82a4c3be6ec8e26 5225194 misc optional gpsd_3.25.orig.tar.gz
d9a34bee2b824eb9840b8893a947f134 833 misc optional gpsd_3.25.orig.tar.gz.asc
53a9cb49ff9873399ae9874029f9c631 51764 misc optional gpsd_3.25-5+deb13u1.debian.tar.xz
0c13ba26bd44e089eaa23f475953d876 11087 misc optional gpsd_3.25-5+deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJppCGhCRAAOhotqkEIX0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmfARQq9UEY+39QsQaFtSjtLOoMN1KywCxf/8gWx2IAn
LxYhBF0Bh7lAokW617D1agA6Gi2qQQhfAACSZQ/+JtpqM0Yz2EZ/K+38MmCj5f5+
LqgAMy/0oPY+x/QqSrCDjyOOUOyNVJULx16VhXVz6LN71x3khCw9XZb92KKKRUKW
pXrax1AayEipVisK+1ppgfbDq7MxKUe7ryH7OVAhQlksEfc/J4j+MTv/ECo/oBuT
B1oUGXn98kUUUtuupnIR6d3ef6a7yuLnx0MQB4FrnY5Aal17ww8ZWk9gQshReG2x
SqDKTJ8gJuTvxRVabLrQ76yHyXIKEsFFcaJVlgmFmUPGJOu3NcLMb6oZkzm3umNK
GTUSdqnqBy9G+YKvHvR92XXdVuVeu3DABxbh4YuT3hS+SY53h59eoE4NL+Eh+Frj
a0dlEzoetBKHxHgQIjbGI67PoGDcmjL3GijXTYak+MhWT1CRIloMm5tETSjsiOFD
VH4fN9kaMjNjC8Rx1diGn7c10ThZsCYvga8ZwLpTcPugxq9OY0vHD+eZj/Vcgq8s
j1RIASijd5AIhyQMA0hk9FGhzPnP9Y2imNRbCoemcxHoVxYc517Z8DOnFPDDQpAG
0LXiD2n9rknE8M3QBSswyf3hvuAYTrrt7969rRKUjwlrzmqtwVNFmns7DdBEAG8z
IvsxdCRdFMbO5RPjP7y9aYGhpijxooTnP2grpJssOHdrFxSStAA+eozqqYXxVEEN
Mlb7aCxlwkTcrQb11zQ=
=bEfb
-----END PGP SIGNATURE-----
Back to linux.debian.changes | Previous | Next | Find similar
Accepted gpsd 3.25-5+deb13u1 (source) into proposed-updates Debian FTP Masters <ftpmaster@ftp-master.debian.org> - 2026-03-01 16:20 +0100
csiph-web