-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 18 Jan 2026 12:45:58 +0100 Source: gpsd Architecture: source Version: 3.22-4+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Bernd Zeimetz <bzed@debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Closes: 1124799 1124800 Changes: gpsd (3.22-4+deb11u1) bullseye-security; urgency=medium . * Non-Maintainer Upload by LTS team * Fix CVE-2025-67268 (Closes: #1124800). gpsd contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution. * Fix CVE-2025-67269 (Closes: #1124799). An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition. * Drop BD: makedev for debusine Checksums-Sha1: efc98173ac4af0004b4dfea1bc1dbc7750034143 2864 gpsd_3.22-4+deb11u1.dsc 546f1968d208c5d73cf65aa31ea6ee16b01fb445 3347364 gpsd_3.22.orig.tar.xz 3239fde45048787e5faed9b17eb544a5c51486df 59252 gpsd_3.22-4+deb11u1.debian.tar.xz affbc5a1a694309fefd535e72b762071c511aadd 10432 gpsd_3.22-4+deb11u1_source.buildinfo Checksums-Sha256: a9396b139f180bb453af6aea23ed97d378744f41031f625e90a68bcfeabe618e 2864 gpsd_3.22-4+deb11u1.dsc 68d2a04e237a02ce42158ceda462a24afe11eeaa2b13482e94ac7ef66693f3a0 3347364 gpsd_3.22.orig.tar.xz 0f7581deb5d2ce747f06633074fce483b4ba53bef55e1037041457b9d1d63f5b 59252 gpsd_3.22-4+deb11u1.debian.tar.xz 89ddb87d791163d55ebade32ccb39381af63a6c4167422af8c325c2834a690d0 10432 gpsd_3.22-4+deb11u1_source.buildinfo Files: bf064c43a558a2f4ea7538c5d6ec6388 2864 misc optional gpsd_3.22-4+deb11u1.dsc c4a284ddb482318e8fdccf2903fb22c2 3347364 misc optional gpsd_3.22.orig.tar.xz a69bd0ed94932046450d061dcb5136af 59252 misc optional gpsd_3.22-4+deb11u1.debian.tar.xz 553cd646d632d17c2f6c1e15cd1914ba 10432 misc optional gpsd_3.22-4+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmltI6MACgkQADoaLapB CF8Wog//dyRcb1DUGd42q2JPW6idOdOt74qyXEpxqizExe6a9CHMCzMO00yd7k3O tIeqdN+ywy8qYLvlCUc4+vVMRJNODBfn0mH7i/Uon1aOyJ5MpizaTx8FEFGLjVEU +4VoDsTR5cCxS75OZlqhXApa2DhYrfOi0psAN7shqhbqSk+MaacXp4tohT9DQi6K cH34mfZjTHtpeFwtpBIcd0cJM2R2Qr0vDBB+7WbmIbj2vadl5TmSFNuIkkI9YPZj GlW7q7azBI8EdSiMZf7agxIVFJbNyzdE6ePDLxwRh9S82D4DdtKVuS/BgogpF1Xr dv3Zd9xQKM8D5mxChX9LRHnNrNUAY2uGP0aB2fJfRx1dR+xCPM1OedQRZlkGwssO SOzlPd5W/e/guumZNGz+vCtz6fk/W6LOOqDR+IH3ZT7/SRkKjYXmL4H0gKGHClWK kYYfEcfWGQ50bShcogdrYIbXiIIcWeBu4MStX+K68/UI9MfHSegIJG97bVC2FWR7 74D1fObYuulbzGpncsc8GGmoNSpu3tx2bzEKBc503kXNxde5/foMIP0cb9SZuUdX qyOnMSgvc5eWHblBDKMneWO1Urywt3qb7IXlFJkHMawotNocGEWINPe6ScwUtawt +3i46puwqMOAoP0tXuKY0JI5JlIYYVB7EkPVzb8KRTCarhZ89ug= =YmPC -----END PGP SIGNATURE-----
