-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 18 Jan 2026 12:45:58 +0100
Source: gpsd
Binary: gpsd gpsd-clients gpsd-clients-dbgsym gpsd-dbgsym gpsd-tools gpsd-tools-dbgsym libgps-dev libgps28 libgps28-dbgsym libqgpsmm-dev libqgpsmm28 libqgpsmm28-dbgsym python3-gps python3-gps-dbgsym
Architecture: amd64
Version: 3.22-4.1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-csail-01) <buildd_amd64-x86-csail-01@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 gpsd       - Global Positioning System - daemon
 gpsd-clients - Global Positioning System - clients
 gpsd-tools - Global Positioning System - tools
 libgps-dev - Global Positioning System - development files
 libgps28   - Global Positioning System - library
 libqgpsmm-dev - Global Positioning System - Qt wrapper for libgps (development)
 libqgpsmm28 - Global Positioning System - Qt wrapper for libgps
 python3-gps - Global Positioning System - Python 3 libraries
Closes: 1124799 1124800
Changes:
 gpsd (3.22-4.1+deb12u1) bookworm; urgency=medium
 .
   * Non-Maintainer Upload by LTS team
   * Remove BD: makedev, breaks debusine
   * Fix CVE-2025-67268 (Closes: #1124800).
     gpsd contains a heap-based out-of-bounds write
     vulnerability in the drivers/driver_nmea2000.c file.
     The hnd_129540 function, which handles NMEA2000 PGN 129540
     (GNSS Satellites in View) packets, fails to validate the
     user-supplied satellite count against the size of the skyview
     array (184 elements). This allows an attacker to write beyond
     the bounds of the array by providing a satellite count up
     to 255, leading to memory corruption, Denial of Service (DoS),
     and potentially arbitrary code execution.
   * Fix CVE-2025-67269 (Closes: #1124799).
     An integer underflow vulnerability exists in the `nextstate()`
     function in `gpsd/packet.c`.
     When parsing a NAVCOM packet, the payload length is calculated
     using `lexer->length = (size_t)c - 4` without checking if
     the input byte `c` is less than 4. This results in an unsigned
     integer underflow, setting `lexer->length` to a very large value
     (near `SIZE_MAX`). The parser then enters a loop attempting to
     consume this massive number of bytes, causing 100% CPU utilization
     and a Denial of Service (DoS) condition.
Checksums-Sha1:
 ff0bef7164b47b598031967d1e941bf873439696 1695412 gpsd-clients-dbgsym_3.22-4.1+deb12u1_amd64.deb
 6521a1d7627372fbe7d2edb6f058ae0a42dcbd4f 451508 gpsd-clients_3.22-4.1+deb12u1_amd64.deb
 885d4503006beb0b2bd59225d87c2429dd98332a 1966244 gpsd-dbgsym_3.22-4.1+deb12u1_amd64.deb
 82e46f980fe411af825c68d53a87c68cf4b2063d 1218092 gpsd-tools-dbgsym_3.22-4.1+deb12u1_amd64.deb
 9af32c39d854be10dfe6bbb0096c830bbf2de09a 287824 gpsd-tools_3.22-4.1+deb12u1_amd64.deb
 0233a4b31186697d626c5993ca72ee05d88789f0 21272 gpsd_3.22-4.1+deb12u1_amd64-buildd.buildinfo
 9ee275f914e0ca84c08e12dd4edeb07a29d8411d 371948 gpsd_3.22-4.1+deb12u1_amd64.deb
 f6fd3ea3138199ff5d77af6b97930066be481c93 130940 libgps-dev_3.22-4.1+deb12u1_amd64.deb
 e39e382df185f94e1a6a22aca55ff746e0e86ab1 149724 libgps28-dbgsym_3.22-4.1+deb12u1_amd64.deb
 5023747e811fc7bdd9d1f7e0ce26caabe35c271a 78036 libgps28_3.22-4.1+deb12u1_amd64.deb
 e88b8e3f4abf593484f6928b67e31f39a1af5860 30292 libqgpsmm-dev_3.22-4.1+deb12u1_amd64.deb
 ed39610fff9c29e2a98ddfaa2c68b770c1909bbe 374660 libqgpsmm28-dbgsym_3.22-4.1+deb12u1_amd64.deb
 64c99d22418be7e95711ae2c643bc9a209590175 80636 libqgpsmm28_3.22-4.1+deb12u1_amd64.deb
 291a6ba970a38c49c76e47c8b92ed68f79535165 62312 python3-gps-dbgsym_3.22-4.1+deb12u1_amd64.deb
 6604a58f05206d64158110b719c5f1d06f17313c 135984 python3-gps_3.22-4.1+deb12u1_amd64.deb
Checksums-Sha256:
 efcf81bcb7437fab4376dd7657760038c431eede54db2e83f029e972e92219f0 1695412 gpsd-clients-dbgsym_3.22-4.1+deb12u1_amd64.deb
 1196d362dea45288bd4d2db30722e9db752a63087ba795c4c3ab57be3bc85de2 451508 gpsd-clients_3.22-4.1+deb12u1_amd64.deb
 9ac97077fee9febada1ffa209ada151ccfc102882cfcf803117c8d06cc3b8fb7 1966244 gpsd-dbgsym_3.22-4.1+deb12u1_amd64.deb
 eef29210863fe4223fc7cdbe46766691e0994f575c8db68d00670a4c095a1965 1218092 gpsd-tools-dbgsym_3.22-4.1+deb12u1_amd64.deb
 c0f127280afc0248af560191faf89d520e89b97ae42976fef75aaf408a4e7bf2 287824 gpsd-tools_3.22-4.1+deb12u1_amd64.deb
 4b4de0a40504d0a0c8b3d8e31847bdf9762892b1cb71d136f1ce150832c5dde2 21272 gpsd_3.22-4.1+deb12u1_amd64-buildd.buildinfo
 d87c6f835e8c4c90c2bd3a6a599d4d396d72692bb8036b89ebe25dcdea226131 371948 gpsd_3.22-4.1+deb12u1_amd64.deb
 e0fa01caedafc9669817aece384f000d170649134ccc32cae49fe4365c2bf4e5 130940 libgps-dev_3.22-4.1+deb12u1_amd64.deb
 b6c88cf1154823a14a39043dce982d6b02663b43868651af605b6052c5557f43 149724 libgps28-dbgsym_3.22-4.1+deb12u1_amd64.deb
 7a618f7b691983393435a868c8f9dd0a3bd494a551f03b5e777b3a4ebc1845a4 78036 libgps28_3.22-4.1+deb12u1_amd64.deb
 b3e3da1c3a4c37539a077fb3238319554a5e5a8d6e953a0f284bd95d48cb8139 30292 libqgpsmm-dev_3.22-4.1+deb12u1_amd64.deb
 1d603eb03dfc997c8e34a9424f8c3a30fb1f91bacee0a37f9d9af67bdc2b7234 374660 libqgpsmm28-dbgsym_3.22-4.1+deb12u1_amd64.deb
 da85611b1fb82b7b229591a9e10b845e0f8a8dad6eb93a771d76271b88773b16 80636 libqgpsmm28_3.22-4.1+deb12u1_amd64.deb
 57035d8ddbfe1a2441d4e82e9c8b0525f085d5b95c9bfa0e0c903acbe682d02f 62312 python3-gps-dbgsym_3.22-4.1+deb12u1_amd64.deb
 809196f52eca18377e1239f84e54d0e917afca9bacf7342e31a0e6888101f94e 135984 python3-gps_3.22-4.1+deb12u1_amd64.deb
Files:
 bfdcdc94545aab2a053c2eb4a381d80a 1695412 debug optional gpsd-clients-dbgsym_3.22-4.1+deb12u1_amd64.deb
 acc0238615b4644ff0fa040a237faaea 451508 misc optional gpsd-clients_3.22-4.1+deb12u1_amd64.deb
 3ffd1677b8e4616d9f4acbcef8fc8092 1966244 debug optional gpsd-dbgsym_3.22-4.1+deb12u1_amd64.deb
 5832288666fb2c769705421ab07cf4ff 1218092 debug optional gpsd-tools-dbgsym_3.22-4.1+deb12u1_amd64.deb
 4906780114d3b57adc7f4533b55c8554 287824 misc optional gpsd-tools_3.22-4.1+deb12u1_amd64.deb
 a9b5c03e0859a515321bc0648baa9165 21272 misc optional gpsd_3.22-4.1+deb12u1_amd64-buildd.buildinfo
 1697c2338f8f8797a290e96217ee73e2 371948 misc optional gpsd_3.22-4.1+deb12u1_amd64.deb
 6ee4b5ed31fc8b0cd89817901326e6ed 130940 libdevel optional libgps-dev_3.22-4.1+deb12u1_amd64.deb
 0cc590b835d8c39f4939e7c8f9c5b1ef 149724 debug optional libgps28-dbgsym_3.22-4.1+deb12u1_amd64.deb
 a561c83b843cc1b47c1809e2f6f69306 78036 libs optional libgps28_3.22-4.1+deb12u1_amd64.deb
 3353c36d92bab0ec59da4013510e9bab 30292 libdevel optional libqgpsmm-dev_3.22-4.1+deb12u1_amd64.deb
 feab833770e2b5ac3b57af670534fc51 374660 debug optional libqgpsmm28-dbgsym_3.22-4.1+deb12u1_amd64.deb
 86b238563d866531f934b21883a01261 80636 libs optional libqgpsmm28_3.22-4.1+deb12u1_amd64.deb
 2988eb1ae8b6183d7928bf92722afe36 62312 debug optional python3-gps-dbgsym_3.22-4.1+deb12u1_amd64.deb
 b2baad14a280d673f56a2895973ea6b8 135984 python optional python3-gps_3.22-4.1+deb12u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBDWXQb2umOtH4DRpYg9P9sm2dfEFAmn2d5QACgkQYg9P9sm2
dfEn0BAA3WyDzMEJRSFl2ZR5577UEbzuLfXxf9sYYEvfYejDTLbmvDp8t6263lML
yOTPVPb3v0VM6/jwLU8X+9hK3dR27agova/3ec1WIStoBo6DXoVz2yktIj7wnGP3
4kFtG3+CRH63f0rkVE5BeeM8Y8+Fes02j/G4H0c8lHvTx9XLoeaPUYPI3IiFHywd
il8kliRIGbOaIWE73W0kt3xeJMv7ZaxSFDcDGadpdVnl3hW66TDVxyCnqQpW6u0s
iU4URUVlf6n7h0QVy9QijzL759c6/RdnjMeBVN5FI1GAMLIe/t5RWQv9PHnSJyua
t5MNpAGMhTngA4fdkyIxkoWfg0LISSY1wFW8HWB4nLakuLMGUOkaMPBvA1YHG9IG
vOIYqDfuK0O91I0AzgEXjdg7YMoIDKMbiTuCQKdyVmNDafR4hW23KMzOzaB8SmH1
YtHvbRTdcI50nA2pC2nPmmqHhgPYmLWZ888w2ICf1/ykbK9oyAzUVCUtvXGIJq0V
KeeiKItLdd76FeXLyqww2sLRM+j2QxYP82Sn1EKxYQcpfgajMod/iko6R5JOfkPe
ZXX9TAM4dBC9E9s3FLfb8OKpAig0nvB/mRwla+XPjOSTOq1wrtuYZHENIxFI/bwW
cw8+npVJAR4vn6eaQ3C616Raf0jRoCTKqbNPy5539CrujXYeMFU=
=PLgo
-----END PGP SIGNATURE-----