Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted geographiclib 1.51-1+deb11u1 (source) into oldoldstable-security
Date: Mon, 03 Nov 2025 20:20:22 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon,  3 Nov 2025 18:20:43 CET
Source: geographiclib
Architecture: source
Version: 1.51-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 0202ba4e184cb3c84c81ac62b5278d28b98c4c19 2644 geographiclib_1.51-1+deb11u1.dsc
 bec49beebc1b2094c352ece497ac2ef0688a1f6e 2470362 geographiclib_1.51.orig.tar.gz
 6e335984fa06ea7cb84c973b9ba3eb7e4c8ca116 17820 geographiclib_1.51-1+deb11u1.debian.tar.xz
 81ef43303fa782e2270d3753d2d855ad3894dad0 9566 geographiclib_1.51-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
 0c9ace1797fdacd752b9ccf923959158a904831a7ee3a2f419d9a062c2a56beb 2644 geographiclib_1.51-1+deb11u1.dsc
 34370949617df5105bd6961e0b91581aef758dc455fe8629eb5858516022d310 2470362 geographiclib_1.51.orig.tar.gz
 4b7c4192d0bf449ca2ea76b59b47f582f428520c6dea59e11f0244dedd9122bb 17820 geographiclib_1.51-1+deb11u1.debian.tar.xz
 204705436d61a6dc49babdc92ca42da52dbba8b039cd1b6610f5d1ab81766880 9566 geographiclib_1.51-1+deb11u1_amd64.buildinfo
Changes:
 geographiclib (1.51-1+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2025-60751:
     Geographiclib is a C++ library to solve geodesic problems.
     A stack buffer overflow occurs when the GeoConvert tool receives a crafted input.
     The overflow occurs because the program does not properly validate an
     internal index, allowing an out-of-bounds write on the stack.
     An attacker can exploit this vulnerability to hijack the program's control
     flow by overwriting a return address to point to a libc function and
     execute arbitrary code.
Files:
 34b0f6ca5502f8affb53236f97b93f96 2644 science optional geographiclib_1.51-1+deb11u1.dsc
 d782c8146945ab6bf5836747b2a4b37d 2470362 science optional geographiclib_1.51.orig.tar.gz
 6a00737079c4cd9cef41a1ac1859afb3 17820 science optional geographiclib_1.51-1+deb11u1.debian.tar.xz
 4aa4fe82bddc9341e04f5d9ed078ebfe 9566 science optional geographiclib_1.51-1+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmkJCrFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkJpsP/0zSEy2COI0klnFLh497haEwggIeRlehTuto
xbs1lhiBmEQVISOMm1VQWjwBroBUfUFuEl+jwhR2yJiXSs9sKsyOdE6JBfTBKdAd
lCqmkIFUF9XxDgUZQ8UVhqPWH2l/YH0e1ZNDEIzBpYG4pwYCafR02ZIo35VzD7o7
H9W0/wX4wmQYhBjNgx7y1YsT238NplEHsCv3OBBLcmwi6LbVN6DagO4Jt3HWl69g
3I95znrV9yVGpqLTvooh91b6MgBLGkvH+DZvYZEI6JVATQfszzQrFxBe8abUUvbx
bG8yXBT6Sydqou8h/cHtOZHK3GM0u3s7y0TFD4gY21PWVM5IfErKxuCczH9tzTBy
x1APCt5ZlPnORqGwLBkv+CADt/PWO1QZDMNAI4/ZhCfTvI12zOwXDEmDj8donVDK
9Rmr2S/O/EXcbUab+siorGTy45FayPLgPzDJtftUsMZ3x2E92S8fdCs5NcMQ3PGD
a8Riub3uE52C2xgHD6ykT4kQekvIGuCck63NRQU2u2/NZYfq4hToUSeGoCqiVUOa
JACdyB+NKrXQ1g2ixWuM3ou6Pkr4/pM7MQRf9zMx05BPlU28Q0trIPj15MSUwcuU
en57Kx3gGukwR6KCXkr27SNrmYzd9/XZRNLXCy/lfOgWWEqVyAd5zNitA1RqeRQ2
VrlKrCLI
=aVB7
-----END PGP SIGNATURE-----

News for package geographiclib