-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 05 Jan 2025 13:38:11 +0100 Source: ofono Architecture: source Version: 2.14-1 Distribution: unstable Urgency: medium Maintainer: Debian Telepathy maintainers <pkg-telepathy-maintainers@lists.alioth.debian.org> Changed-By: Mike Gabriel <sunweaver@debian.org> Closes: 1070371 Changes: ofono (2.14-1) unstable; urgency=medium . [ Sicelo A. Mhlongo ] * New upstream version 2.14. (Closes: #1070371). - CVE-2023-4232: Fix stack overflow bug triggered within the decode_status_report() function during the SMS decoding. - CVE-2023-4235: Fix stack overflow bug triggered within the decode_deliver_report() function during the SMS decoding. - CVE-2024-7543, CVE-2024-7544, CVE-2024-7545, CVE-2024-7546: Fix flaws within the parsing of STK command PDUs. (lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer) - CVE-2024-7547: Fix flaw within the parsing of SMS PDUs (lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer). * debian/patches: Add upstream patches 0003-util-ensure-decode_hex_own_buf-is- passed-a-valid-buf.patch, 0004-atmodem-sms-ensure-buffer-is-initialized- before-use.patch, 0005-ussd-ensure-ussd-content-fits-in-buffers.patch: + CVE-2024-7539: Fix flaw within the parsing of responses from AT+CUSD commands (lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer). + CVE-2024-7540: Fix flaw within the parsing of responses from AT+CMGL commands (lack of proper initialization of memory prior to accessing it). + CVE-2024-7541: Fix flaw within the parsing of responses from AT+CMT commands (lack of proper initialization of memory prior to accessing it). + CVE-2024-7542: Fix flaw within the parsing of responses from AT+CMGR commands (lack of proper initialization of memory prior to accessing it). . [ Mike Gabriel ] * debian/copyright: + Update copyright attributions. + Update auto-generated copyright.in file. * debian/changelog: + White-space cleanup in previous entries. Checksums-Sha1: 349e4590b93d24e146fb5ed7599241e5f062a24c 2466 ofono_2.14-1.dsc 850015477724288e0ecd2915ee101da2db41c15f 1311452 ofono_2.14.orig.tar.xz f9dfb9bcd675b10f078db5267c172e61206e1b97 801 ofono_2.14.orig.tar.xz.asc e3e6efb264ebbbc7b14363b12ef72a394e06e410 18696 ofono_2.14-1.debian.tar.xz 76796b9f1b47f348f2a65969c58b375fffc9deeb 7688 ofono_2.14-1_source.buildinfo Checksums-Sha256: 995d70f75755ee97c96c2897a98da1c7124513a89cf07da35789e26eb1bd3592 2466 ofono_2.14-1.dsc 983cbfd5e1e1a410ba7ad2db7f50fadc91e50b29f1ede40cdc73f941da7ba95f 1311452 ofono_2.14.orig.tar.xz 8c0de733ea3fa37c88154b00297001cb1a7862ec4d5becd2aeea0af9884c7121 801 ofono_2.14.orig.tar.xz.asc 1e0018d09abe9a03ad2eaec8aa65eb8dbde2ee764a4fdaa2ed44f4a28c421865 18696 ofono_2.14-1.debian.tar.xz 064705c43baf5146d594cef670483c27c8027103fdb39ce0f760aa4010a630f7 7688 ofono_2.14-1_source.buildinfo Files: 8efb39134c37407c3034007d964d8b52 2466 admin optional ofono_2.14-1.dsc 7c3d5f18eea9aee630cc6fb347fba684 1311452 admin optional ofono_2.14.orig.tar.xz 181b5ce6b5b45a262103afff725eeeb3 801 admin optional ofono_2.14.orig.tar.xz.asc 2268af81ee653ddb3019e25c3a06a143 18696 admin optional ofono_2.14-1.debian.tar.xz 0ffbf8d431c9b7dc7f63e4621de5016a 7688 admin optional ofono_2.14-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmd69xsVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxTOYP/RQBsdq3vc+H5E5+pHaa01euVgLt Rc7Jz2wEt788lXj6EwJF4KGMeFYMb/wKrUIKhpGgKQ8NIyTgCILZ2aYT84gDD+Ud Sa7lx+KVGCek73lawldAEp3uAGoId1eg1AW1VwYG3AP/9bMvq5pxH1/G+z2hqmJZ liKRma+oTKBvDKrFUL/GjzIXXfpPvfyXzFVFhB/7EQVrmYEmYUUn8Yvelj1bx7Fk akW8KmN0oGm/AwtHEHH1VJaQFzEevPw8HovOTFVlBSYB8Ivq7FS1z1YUo4SvaZwF WRvcngseVK/o78NQiqNc8CCGE6yIYj76GLK5HNcE1PxhN1s5Vb20ZriMwWg/dDea QTHWgFHDzp0uYFCo9vQAhJnsxc1FPOyjbY5hjO+aBLt7haIE/RibNY9kDe3b36Vd lyenoD+Xbu6GxzGfja5OipukeGZdbszPmI0BEZNlWs4Xu7L/+iTVyMzlW/+Gk/bm 4Qv8ZfdGswox/EwKafcF3QPQe8GIXfx8Y4JjPNBFCrCR0booPzl+3w+25syd46vT yrOQMU0LbH4cFbW9LsrQ3b1dHhiyUzeEscFQrxbRbxg4RgIOPN53UwZ3Gk0erP9Z yCavmRDFbz0D0slta0x4w++wV9EnwmLjWbbz/fZTolzVDhnq985weaMwvHGYWnPU Xt2aI6oVB/DfoNhy =d8be -----END PGP SIGNATURE-----
