-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 17 Jan 2026 17:51:45 +0100 Source: gpsd Architecture: source Version: 3.25-5+deb13u1 Distribution: trixie Urgency: medium Maintainer: Boian Bonev Changed-By: Bastien Roucariès Closes: 1124799 1124800 Changes: gpsd (3.25-5+deb13u1) trixie; urgency=medium . * Non-Maintainer Upload by LTS team * Add salsa CI for trixie * Fix CVE-2025-67268 (Closes: #1124800). gpsd contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution. * Fix CVE-2025-67269 (Closes: #1124799). An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition. Checksums-Sha1: 2ff589f6a6ef9b45da24ad11b8107db77a823fde 3206 gpsd_3.25-5+deb13u1.dsc 81965943f81484da80d8adb0547572fe9f0e8ebc 5225194 gpsd_3.25.orig.tar.gz b0398b73ea36dddd9a73f4502f3e2e3b04ef8ac8 833 gpsd_3.25.orig.tar.gz.asc a55c92dd807a1576c0b8d25a1156e000cf29a794 51764 gpsd_3.25-5+deb13u1.debian.tar.xz 4c8cc685785b94f05db19f3deff68d161f4af966 11087 gpsd_3.25-5+deb13u1_source.buildinfo Checksums-Sha256: ebc139511d7ab1b61e83533242f50914420f0c33ecd6101229a057f6a2219d0b 3206 gpsd_3.25-5+deb13u1.dsc b368b6a305e3f7a6382d23a0cbfc1d78923060b6b7f54cf7987a73c7b4a9afc2 5225194 gpsd_3.25.orig.tar.gz 86d20ad8c283a40c728d404f43ce4d9bb037435ab0f87fa48e6b692ada48f162 833 gpsd_3.25.orig.tar.gz.asc 89db31671ce1aa14bd00f787fc97934f5bcc67704c0aa0ab7257b680d4300254 51764 gpsd_3.25-5+deb13u1.debian.tar.xz 9b7cb8832866b6c0088f61a05d5e596fe93b0997db01eecc9256de979bff42dc 11087 gpsd_3.25-5+deb13u1_source.buildinfo Files: 871eb10c026fae2c3719f14c9eaf3d3a 3206 misc optional gpsd_3.25-5+deb13u1.dsc e8903e7af2d56445b82a4c3be6ec8e26 5225194 misc optional gpsd_3.25.orig.tar.gz d9a34bee2b824eb9840b8893a947f134 833 misc optional gpsd_3.25.orig.tar.gz.asc 53a9cb49ff9873399ae9874029f9c631 51764 misc optional gpsd_3.25-5+deb13u1.debian.tar.xz 0c13ba26bd44e089eaa23f475953d876 11087 misc optional gpsd_3.25-5+deb13u1_source.buildinfo -----BEGIN PGP SIGNATURE----- wsG7BAEBCgBvBYJppCGhCRAAOhotqkEIX0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmfARQq9UEY+39QsQaFtSjtLOoMN1KywCxf/8gWx2IAn LxYhBF0Bh7lAokW617D1agA6Gi2qQQhfAACSZQ/+JtpqM0Yz2EZ/K+38MmCj5f5+ LqgAMy/0oPY+x/QqSrCDjyOOUOyNVJULx16VhXVz6LN71x3khCw9XZb92KKKRUKW pXrax1AayEipVisK+1ppgfbDq7MxKUe7ryH7OVAhQlksEfc/J4j+MTv/ECo/oBuT B1oUGXn98kUUUtuupnIR6d3ef6a7yuLnx0MQB4FrnY5Aal17ww8ZWk9gQshReG2x SqDKTJ8gJuTvxRVabLrQ76yHyXIKEsFFcaJVlgmFmUPGJOu3NcLMb6oZkzm3umNK GTUSdqnqBy9G+YKvHvR92XXdVuVeu3DABxbh4YuT3hS+SY53h59eoE4NL+Eh+Frj a0dlEzoetBKHxHgQIjbGI67PoGDcmjL3GijXTYak+MhWT1CRIloMm5tETSjsiOFD VH4fN9kaMjNjC8Rx1diGn7c10ThZsCYvga8ZwLpTcPugxq9OY0vHD+eZj/Vcgq8s j1RIASijd5AIhyQMA0hk9FGhzPnP9Y2imNRbCoemcxHoVxYc517Z8DOnFPDDQpAG 0LXiD2n9rknE8M3QBSswyf3hvuAYTrrt7969rRKUjwlrzmqtwVNFmns7DdBEAG8z IvsxdCRdFMbO5RPjP7y9aYGhpijxooTnP2grpJssOHdrFxSStAA+eozqqYXxVEEN Mlb7aCxlwkTcrQb11zQ= =bEfb -----END PGP SIGNATURE-----