Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted libcoap3 4.3.5-3 (source) into unstable
Date: Sun, 19 Apr 2026 11:19:04 +0000
Signed by: Thorsten Alteholz <alteholz@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 19 Apr 2026 10:23:22 +0200
Source: libcoap3
Architecture: source
Version: 4.3.5-3
Distribution: unstable
Urgency: medium
Maintainer: Debian IoT Maintainers <debian-iot-maintainers@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Closes: 1124407 1134340
Changes:
 libcoap3 (4.3.5-3) unstable; urgency=medium
 .
   * CVE-2026-29013 (Closes: #1134340)
     fix out-of-bounds read
   * CVE-2025-34468 (Closes: #1124407)
     fix stack-based buffer overflow
   * debian/contol: bump standard to 4.7.4 (no changes)
Checksums-Sha1:
 e49873bbd6432cd7567084fa6d06eb8594f3d484 2392 libcoap3_4.3.5-3.dsc
 4f652109f730eb7494c0880fecd46b049fdabb47 588595 libcoap3_4.3.5.orig.tar.bz2
 6cbedf1383120c5738d6131f4c7aeaeafbe1d9d1 15220 libcoap3_4.3.5-3.debian.tar.xz
 91cbf47d6023e98f062c26861b6d7e288afeea83 10967 libcoap3_4.3.5-3_amd64.buildinfo
Checksums-Sha256:
 851c930acc0a020dcf221a1b131fbebdabdeb9d81fd770689d6f4cb08328b6ff 2392 libcoap3_4.3.5-3.dsc
 a332b682ceacef4c3130b2fb17851db02020c3f64b8a562c1ffd8d9b8a9320d4 588595 libcoap3_4.3.5.orig.tar.bz2
 7f7ec1b26f3e7a5e2c027d04e049f3eecb262a78b51f479ce16371b4beddcd05 15220 libcoap3_4.3.5-3.debian.tar.xz
 94c35864a91ffdbdb48999d377e86c33e578e54ce1cb914e3164da591d81e613 10967 libcoap3_4.3.5-3_amd64.buildinfo
Files:
 41f4dbb879d2407b09ddc6211a0d23e7 2392 libs optional libcoap3_4.3.5-3.dsc
 86c5364cd4c5a7d7eb94e560ec777969 588595 libs optional libcoap3_4.3.5.orig.tar.bz2
 080f553eb8a9fae2ae3ec5137c7e7baf 15220 libs optional libcoap3_4.3.5-3.debian.tar.xz
 9df4aa2f5c72fdd312ae28a09146df89 10967 libs optional libcoap3_4.3.5-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmnktYJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRwqyEAChXQz2h+R+cWXh/qBXvyITWZBwbqcQ
pR8Ogw/uNN7trwYsiNcHMgk40Cgmb4z9WEubF2SAhKNoQh+HzXrFguFamDDcse4K
Ziwfa+ifG8aUIBAeW2/JKoPiVkJX8im/1W26te6PPUg7U2ftKIynGLmYMMd8aWx/
ffNiz+fft/xZwenZNVNtQpmSXURdOHYrKVWYxk9MpeGFhQOLOMeWqrqq0igs+bUz
yy4dIWPZDLZK6COfpTgljnoG+BBJ/35lHFwo4rVT6Q1V5TOoGkL4saoOOoTcKhSz
NVF54bkbWzKKvL3wE9ektcleoxvTiYrk/74yGxOF8JeJR0hyU10lEYBzHWjd9PNG
VT0fTtxj71Ew/kCSh2pwQiP+2MzrVJNJt136239jVEp5EoVToJlvBOy8eqzzTuf3
gGshLDDODxkViVSdHdZJwndfp7S024SGGCyTz/nrevjtSa6zrKWFgQImBXeX6Jcm
JW3H8BbrphFF5p58dsIUZI55H4XwhnbT7mRg85rgXPna/tDkIAY+DS1QjskoKHqd
X7ciTQDahM/GpqFHHc19Kmoqx8K2SjK5vewVuuZTAlmvYc0nG16VbVsburE5zKak
DbC8MyDxWyChzgEzur6EaPoQZ8sjasT9E0iFu8Uq30n6xxYE8eMl7wEphYOGxh9b
hUJm/LfVMUesTQ==
=geax
-----END PGP SIGNATURE-----

News for package libcoap3