-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 05 Apr 2019 23:31:30 +0200 Source: gpsd Architecture: source Version: 3.17-6 Distribution: unstable Urgency: medium Maintainer: Bernd Zeimetz <bzed@debian.org> Changed-By: Bernd Zeimetz <bzed@debian.org> Closes: 925327 Changes: gpsd (3.17-6) unstable; urgency=medium . * [0a8e4e18] Pull json fixes from upstream to fix a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs. CVE-2018-17937 / Closes: #925327 The update also fixes several other json parser bugs. - ECMA-404 says JSON \u must have 4 hex digits - Allow for \u escapes with fewer than 4 digits. - Fail on bad escape string. * [71020f4f] Update git-buildpackage config to build from the buster branch. Checksums-Sha1: 466356a004345d6f7c6dfa59c2dd05012c294143 2573 gpsd_3.17-6.dsc c4979dfe9588b0651396e464e5c3ed90224de188 36996 gpsd_3.17-6.debian.tar.xz 6165a5ab0e41b0f16e087a5fc549300c1bf1acad 13237 gpsd_3.17-6_source.buildinfo Checksums-Sha256: 393946eefc2ac406d508200ed721a480214db67bdbe09ab47e5edc22e539f7fd 2573 gpsd_3.17-6.dsc 0d852cee49266122d925493c0633b5ed1bf84e1ee8b646d4c0a1c94aed29c141 36996 gpsd_3.17-6.debian.tar.xz e3327243dba07dfe524bcd800bf06113fec894fe9802d87cd775e3940f7966b4 13237 gpsd_3.17-6_source.buildinfo Files: 0e3d936a38543f89fe0f5d196db9b221 2573 misc optional gpsd_3.17-6.dsc 4775f36adea7284bd76407c17fed2963 36996 misc optional gpsd_3.17-6.debian.tar.xz db7a1fd123ac7fb4f2af5fe190fbea1f 13237 misc optional gpsd_3.17-6_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE7KHj8o4RJDLUhd2V6zYXGm/5Q18FAlynzscACgkQ6zYXGm/5 Q18wdw//WqK0sXoGAHSACDOV+ELMsfpG99k7O95M2Ux0rx9Bm/mJYIr21sO1V5pR xktyojSHW7v1Jd/4CGxFtMEVq1BfTsLc0+mlmP4bEIbNqiUHuE1g3xRNZ6TYTdbx gu9YGtWnFPzijjj6Fj1UAo21XTTEfkj6jJfT3mj8Spb1uHH0uAKXtocg2wRAREXQ cxfTSjwlRZj3v2vxTKcDNI6N1aClfBEom570XFOt77ujsEjNCJiRoTgz3n0QHmwr bmaHD09f0mLD5ton69GCC2AjDnA3+ukXhEPom2HMg8hJcf919LlByTOh043xoGwi yxnhOY5UK8zHC70R2uYvQSk6VaMUxcz29r3C6kAxM9LVAWxuiRbqblVIuEAKpLi4 cIbuBPCxd/WAMqUg0kcbJVHi/BgOjssfcSuSPYtdCHtzCjyZx88Tp4rh4wRupZaN ksOKN1L4Fq1xDqv/9nVVsiCh6IwNHPUkWR2N9Ou+Yr6HHOqarWKkvUALCLFDiHU9 3uFOz8BESUF4+eCEVFz4PCe2jyh98xOH4MVRmABOweIvr+ziRcu3KnBE8zyBa2QS dQt89C8Ws1s0OMzeB1hFGWESK9M83zFa26xqWIki/5F/5hb1oR71MmhUxkKsNKJU B9HkP87Fc0MU3g1TMP3jip/hdCUJryml/g2DqcXHwut9r/Up7n8= =BdJV -----END PGP SIGNATURE-----