-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 18 Jan 2026 12:45:58 +0100
Source: gpsd
Binary: gpsd gpsd-clients gpsd-clients-dbgsym gpsd-dbgsym gpsd-tools gpsd-tools-dbgsym libgps-dev libgps28 libgps28-dbgsym libqgpsmm-dev libqgpsmm28 libqgpsmm28-dbgsym python3-gps python3-gps-dbgsym
Architecture: i386
Version: 3.22-4.1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) <buildd_amd64-x86-ubc-02@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 gpsd       - Global Positioning System - daemon
 gpsd-clients - Global Positioning System - clients
 gpsd-tools - Global Positioning System - tools
 libgps-dev - Global Positioning System - development files
 libgps28   - Global Positioning System - library
 libqgpsmm-dev - Global Positioning System - Qt wrapper for libgps (development)
 libqgpsmm28 - Global Positioning System - Qt wrapper for libgps
 python3-gps - Global Positioning System - Python 3 libraries
Closes: 1124799 1124800
Changes:
 gpsd (3.22-4.1+deb12u1) bookworm; urgency=medium
 .
   * Non-Maintainer Upload by LTS team
   * Remove BD: makedev, breaks debusine
   * Fix CVE-2025-67268 (Closes: #1124800).
     gpsd contains a heap-based out-of-bounds write
     vulnerability in the drivers/driver_nmea2000.c file.
     The hnd_129540 function, which handles NMEA2000 PGN 129540
     (GNSS Satellites in View) packets, fails to validate the
     user-supplied satellite count against the size of the skyview
     array (184 elements). This allows an attacker to write beyond
     the bounds of the array by providing a satellite count up
     to 255, leading to memory corruption, Denial of Service (DoS),
     and potentially arbitrary code execution.
   * Fix CVE-2025-67269 (Closes: #1124799).
     An integer underflow vulnerability exists in the `nextstate()`
     function in `gpsd/packet.c`.
     When parsing a NAVCOM packet, the payload length is calculated
     using `lexer->length = (size_t)c - 4` without checking if
     the input byte `c` is less than 4. This results in an unsigned
     integer underflow, setting `lexer->length` to a very large value
     (near `SIZE_MAX`). The parser then enters a loop attempting to
     consume this massive number of bytes, causing 100% CPU utilization
     and a Denial of Service (DoS) condition.
Checksums-Sha1:
 bda6c393f1b96f43e2a25844bb651fa94e33579e 1551532 gpsd-clients-dbgsym_3.22-4.1+deb12u1_i386.deb
 de778f1a3b91d58769708e70ee26041ab7c70919 461860 gpsd-clients_3.22-4.1+deb12u1_i386.deb
 ee50cd29264f21cd42646db768aa8ca12f817064 1812848 gpsd-dbgsym_3.22-4.1+deb12u1_i386.deb
 5c4240eb946052d1427bb7689e863cb350ec7856 1121852 gpsd-tools-dbgsym_3.22-4.1+deb12u1_i386.deb
 72512f0c01d01daee84136b670a6bb9670fe7909 300908 gpsd-tools_3.22-4.1+deb12u1_i386.deb
 242aec6f275b0a751e30d8dca0babe1ba308e26c 21157 gpsd_3.22-4.1+deb12u1_i386-buildd.buildinfo
 6f19bd06e141948626e274a5300987c25ef1a040 384552 gpsd_3.22-4.1+deb12u1_i386.deb
 5e3bfe917129f79f0cdbfdf06b897e7be4309d2c 135036 libgps-dev_3.22-4.1+deb12u1_i386.deb
 50a4e2069bb13e065ac2b1a343ba44bbad85e976 137948 libgps28-dbgsym_3.22-4.1+deb12u1_i386.deb
 75dc9a6e5ad01d96e88d02db2ebf4ab8b61bde72 81188 libgps28_3.22-4.1+deb12u1_i386.deb
 ffe81d351eecaeb657afb87f87ac0e35dd2406f2 30284 libqgpsmm-dev_3.22-4.1+deb12u1_i386.deb
 5d8a22604f9d7227ba87ff361543fd12b60e5d94 362988 libqgpsmm28-dbgsym_3.22-4.1+deb12u1_i386.deb
 888b8f82dd192a2eda22d5bebe39c6759f9bd39f 83832 libqgpsmm28_3.22-4.1+deb12u1_i386.deb
 52c1d876936ac078a771a782803808e1afaa2a68 61228 python3-gps-dbgsym_3.22-4.1+deb12u1_i386.deb
 9b0a9f8518b374dd3f250f227a3b1b041e25a6a0 136492 python3-gps_3.22-4.1+deb12u1_i386.deb
Checksums-Sha256:
 882f684b4e9b6345d72d671864346474cc600ca9f47b415f47b4b9d09de4821d 1551532 gpsd-clients-dbgsym_3.22-4.1+deb12u1_i386.deb
 92ee8df071ccdf7585352f00d6cb0d32e0a9a615cd67f02e551107efac33d71d 461860 gpsd-clients_3.22-4.1+deb12u1_i386.deb
 0dfe11c7871580288f62a2605b30634773c8189a8ad8ad534a7e68f71e6a13d4 1812848 gpsd-dbgsym_3.22-4.1+deb12u1_i386.deb
 e88ed4a158d0ea73544f7be1f50b922317138743968955da8764c6af7a45dec0 1121852 gpsd-tools-dbgsym_3.22-4.1+deb12u1_i386.deb
 1ba390567726ba4e550b369f257023b83b199929ee37aa8fd7323e172374afe3 300908 gpsd-tools_3.22-4.1+deb12u1_i386.deb
 8103d2004c0b74b870142acf7d5de1daae0030454af1be1ac432383d08d579d4 21157 gpsd_3.22-4.1+deb12u1_i386-buildd.buildinfo
 f7f9e24d1e882e9998ec5c3ad8121b6e7eaadc4d9826b8223c33029a2c3fe102 384552 gpsd_3.22-4.1+deb12u1_i386.deb
 66cb4559c314d018367ccf84647cc99b9e1ae0ee6f3c6ed8a449d838d948f038 135036 libgps-dev_3.22-4.1+deb12u1_i386.deb
 b53afb4957254a47d413b3918133d92cecbfce7113e167a3253c29e34e4c2879 137948 libgps28-dbgsym_3.22-4.1+deb12u1_i386.deb
 a8928a77df405dddd286e6bd3dde51a82e8c55549433b23a47c09d090344bb3a 81188 libgps28_3.22-4.1+deb12u1_i386.deb
 0b291c130bfef657db1f1fbc088df560f4a8dd015ea9ca7846a935ae6216622d 30284 libqgpsmm-dev_3.22-4.1+deb12u1_i386.deb
 eeb89b78cfdc5d4f1243df480fe20619e06f8669033f5dc2f3fe0987c9b69e31 362988 libqgpsmm28-dbgsym_3.22-4.1+deb12u1_i386.deb
 a79c1313bebe4397a4c85f367ee84dec385c69e0850dc5ec59afa509755f6a31 83832 libqgpsmm28_3.22-4.1+deb12u1_i386.deb
 d2d44a915ee4589f3c796a65e860ed71f0f391fc4d307d7ea0d2cf8a3600e0c6 61228 python3-gps-dbgsym_3.22-4.1+deb12u1_i386.deb
 9e6f354ec4f8fcee9a77e3de21b4196e934c51774e538bcdfbac99a98f2b713c 136492 python3-gps_3.22-4.1+deb12u1_i386.deb
Files:
 daa629385c8c547f05aa314ac4e72b8d 1551532 debug optional gpsd-clients-dbgsym_3.22-4.1+deb12u1_i386.deb
 b1cf857c993f774fce1f1ce1db27e17b 461860 misc optional gpsd-clients_3.22-4.1+deb12u1_i386.deb
 804293f631625c76e924b85840573905 1812848 debug optional gpsd-dbgsym_3.22-4.1+deb12u1_i386.deb
 3a839b6fcb1809a2392147afed5c9778 1121852 debug optional gpsd-tools-dbgsym_3.22-4.1+deb12u1_i386.deb
 9bed27c00e68ecfd8b345e5488f298b2 300908 misc optional gpsd-tools_3.22-4.1+deb12u1_i386.deb
 8fc97f392607121068ae231572fdb275 21157 misc optional gpsd_3.22-4.1+deb12u1_i386-buildd.buildinfo
 336376e5850dd15090d6d48da9c38501 384552 misc optional gpsd_3.22-4.1+deb12u1_i386.deb
 62bb03975f19f7333dba6548cc20d7c3 135036 libdevel optional libgps-dev_3.22-4.1+deb12u1_i386.deb
 03f147cf779ce0f850cfc52ebb47d52c 137948 debug optional libgps28-dbgsym_3.22-4.1+deb12u1_i386.deb
 53bf504351063c5edc333389e8edcee2 81188 libs optional libgps28_3.22-4.1+deb12u1_i386.deb
 df85bc849b0ab0ba814be1595c7140d6 30284 libdevel optional libqgpsmm-dev_3.22-4.1+deb12u1_i386.deb
 14552f0936d8b773de6e2a0a873586c5 362988 debug optional libqgpsmm28-dbgsym_3.22-4.1+deb12u1_i386.deb
 f97390117b27bbdcd96467168bc5f0fc 83832 libs optional libqgpsmm28_3.22-4.1+deb12u1_i386.deb
 b35ea32a477a872f61f7d864afde69c2 61228 debug optional python3-gps-dbgsym_3.22-4.1+deb12u1_i386.deb
 b1f5e4f5d2d6813efce6df76d0275ab2 136492 python optional python3-gps_3.22-4.1+deb12u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEb5EwsJvHBEjqIJYIbheoBegwXLIFAmn2eJIACgkQbheoBegw
XLI1rA/+N2zwdrQpFi5TFziGVyuHKIIjTQ6rtALXc9KyM+A8T8ZuM4AacgHftW9l
E7IIRClK8SQIHZWYqVpQnbCHu60bkHNI+LjFlSsIbvBpGbkA+gPgWwh8aVzAgyxI
/TI4Khz5kqTiAr5mE2hJAG5bnAQvWyLFsM5d0IAJEyefaA6GdBWlRGDkcH95VQLH
jkMuCQLVOsdNuQZL88vLVvQhYfPSyYLONzl0KFQ8fgMuTzEw0zzoxbovApuFHHcJ
QfGM4iM4PKmACbz0gmHuw00Gx7a1x2oi8NQVNsiwkAPOJ9ErlDbPxOROn0cQqSxq
QnSQLtltCJkM1iaK4uzA7iQaEnpyTx7mOmCwfNGNWxsAxcU6GdApePp/tjP8IUdT
dD1Ew2RAPB0lDkb6BzXsqMkDC1R5j6Z6zUhTgpG5U8BLu2k4qNMzX4uSflLpb7oA
KbQ+E1NqiiXGI880+DexaOiUvoQg33zkv3sdnn63kSK+Y4nRnGkO4j9FfH212RxQ
GnaYDc/ruPIv5zbsoekUbbExovvVz9Yxsg3S1D8mcBK7FwfgWiP695enW+Mz7Bme
svoITPdMNI1JChDkcQXXu5JpQO3PmAczi2OS0ZqYf2n+Tnm9XnllLlDp/Pq87iLI
qZavRnVfRBthvvFHCIA7zrH5DT52xDBFvbwO5lO3wFYtkUXN4jw=
=Fllt
-----END PGP SIGNATURE-----