-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 18 Jan 2026 12:45:58 +0100
Source: gpsd
Binary: gpsd gpsd-clients gpsd-clients-dbgsym gpsd-dbgsym gpsd-tools gpsd-tools-dbgsym libgps-dev libgps28 libgps28-dbgsym libqgpsmm-dev libqgpsmm28 libqgpsmm28-dbgsym python3-gps python3-gps-dbgsym
Architecture: mips64el
Version: 3.22-4.1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: mipsel Build Daemon (mipsel-osuosl-04) <buildd_mips64el-mipsel-osuosl-04@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 gpsd       - Global Positioning System - daemon
 gpsd-clients - Global Positioning System - clients
 gpsd-tools - Global Positioning System - tools
 libgps-dev - Global Positioning System - development files
 libgps28   - Global Positioning System - library
 libqgpsmm-dev - Global Positioning System - Qt wrapper for libgps (development)
 libqgpsmm28 - Global Positioning System - Qt wrapper for libgps
 python3-gps - Global Positioning System - Python 3 libraries
Closes: 1124799 1124800
Changes:
 gpsd (3.22-4.1+deb12u1) bookworm; urgency=medium
 .
   * Non-Maintainer Upload by LTS team
   * Remove BD: makedev, breaks debusine
   * Fix CVE-2025-67268 (Closes: #1124800).
     gpsd contains a heap-based out-of-bounds write
     vulnerability in the drivers/driver_nmea2000.c file.
     The hnd_129540 function, which handles NMEA2000 PGN 129540
     (GNSS Satellites in View) packets, fails to validate the
     user-supplied satellite count against the size of the skyview
     array (184 elements). This allows an attacker to write beyond
     the bounds of the array by providing a satellite count up
     to 255, leading to memory corruption, Denial of Service (DoS),
     and potentially arbitrary code execution.
   * Fix CVE-2025-67269 (Closes: #1124799).
     An integer underflow vulnerability exists in the `nextstate()`
     function in `gpsd/packet.c`.
     When parsing a NAVCOM packet, the payload length is calculated
     using `lexer->length = (size_t)c - 4` without checking if
     the input byte `c` is less than 4. This results in an unsigned
     integer underflow, setting `lexer->length` to a very large value
     (near `SIZE_MAX`). The parser then enters a loop attempting to
     consume this massive number of bytes, causing 100% CPU utilization
     and a Denial of Service (DoS) condition.
Checksums-Sha1:
 58391eade323f171b483681dc052acdc2e128c50 1743448 gpsd-clients-dbgsym_3.22-4.1+deb12u1_mips64el.deb
 34b70920fbd7bc11770da30d72ca6e1672c4a4ba 442636 gpsd-clients_3.22-4.1+deb12u1_mips64el.deb
 a5468453922567480247dd520a26efa0d7f88a5d 2016664 gpsd-dbgsym_3.22-4.1+deb12u1_mips64el.deb
 5d791527d263ec7a959238251a49fa5a93d7ca4a 1252984 gpsd-tools-dbgsym_3.22-4.1+deb12u1_mips64el.deb
 8cf75473a84adb7a7bbd2b72c16073eaa645538a 280244 gpsd-tools_3.22-4.1+deb12u1_mips64el.deb
 17c8f4e32f16fc0d9a4dc4b54e38163b272f5049 21121 gpsd_3.22-4.1+deb12u1_mips64el-buildd.buildinfo
 9422d41780eec729de51d87b22a865349a89d334 365008 gpsd_3.22-4.1+deb12u1_mips64el.deb
 ebbb1c3e17177d4292b226a5ae83a6f440f3e084 138780 libgps-dev_3.22-4.1+deb12u1_mips64el.deb
 bafa81f7a5232eec4a490a1793454c5fe54fe397 153984 libgps28-dbgsym_3.22-4.1+deb12u1_mips64el.deb
 7ad11070eb937afc64bd619b3de2ef08201a1d0c 80356 libgps28_3.22-4.1+deb12u1_mips64el.deb
 e025ecd8ff984939f8526a13cf0f99357c69fe04 30296 libqgpsmm-dev_3.22-4.1+deb12u1_mips64el.deb
 d16bf5b65e511bb3158eda50adc0346f7c8044ba 377156 libqgpsmm28-dbgsym_3.22-4.1+deb12u1_mips64el.deb
 ebe1c77ca9a0c7d4c580c6acf0773594a97e85a8 84176 libqgpsmm28_3.22-4.1+deb12u1_mips64el.deb
 2588c322deb83f76bf195ba14c7cb6b1960e2d09 62444 python3-gps-dbgsym_3.22-4.1+deb12u1_mips64el.deb
 f6250623bf822bca761a2cb040787086075d3329 135136 python3-gps_3.22-4.1+deb12u1_mips64el.deb
Checksums-Sha256:
 db91792e6b2ed77da4ab5afb9071509d2e30613a4ee76b6524decc3bfa003240 1743448 gpsd-clients-dbgsym_3.22-4.1+deb12u1_mips64el.deb
 a751210af48e4c10bef5032dc4983793acbf3a84f645e18c81445e697427d908 442636 gpsd-clients_3.22-4.1+deb12u1_mips64el.deb
 7dbfa7be83d1efc7c24add63834590aea368ebed2157431acca6912710349ac2 2016664 gpsd-dbgsym_3.22-4.1+deb12u1_mips64el.deb
 ad5db4f4e5ee197db443a22532f4c267d8ad4ed692cd26e9c965f98c2565ea63 1252984 gpsd-tools-dbgsym_3.22-4.1+deb12u1_mips64el.deb
 8525dd92712bab52cc69f813b259a110a888a6702af82bf392573da60719c150 280244 gpsd-tools_3.22-4.1+deb12u1_mips64el.deb
 f589263f4738379f2da9462427b2658360fba076032224f016de3cc4f276f7b1 21121 gpsd_3.22-4.1+deb12u1_mips64el-buildd.buildinfo
 062ae8bbee4a16d6986f4b21db9e2d299838f63937ddd4f18202ad9d8bb3c74c 365008 gpsd_3.22-4.1+deb12u1_mips64el.deb
 abe01cd5be980f2484e023cdb7c8d0be43297e16ab2985baa883a2e3ac0e5146 138780 libgps-dev_3.22-4.1+deb12u1_mips64el.deb
 caa20f6af32f9686835b9eddb400fab5d936a0e19a9226fce91a481cd14c778b 153984 libgps28-dbgsym_3.22-4.1+deb12u1_mips64el.deb
 b1f99f45830402f84269ca93c17b9ffbfc8eb65b01bbe40580a64b9196602849 80356 libgps28_3.22-4.1+deb12u1_mips64el.deb
 3169a7b0efa2c7e001fcf6b81275caea06b1ae92572a09ec4b3a63226fda2f77 30296 libqgpsmm-dev_3.22-4.1+deb12u1_mips64el.deb
 7ca10aa588a5932e1465b20f8c3295c5eeac48475c687b5a9534ecb0105b32a4 377156 libqgpsmm28-dbgsym_3.22-4.1+deb12u1_mips64el.deb
 8abaf6b1858b7f386d293e569e6f87fc89c3cd95923063334e0b0f8c0cd5db1b 84176 libqgpsmm28_3.22-4.1+deb12u1_mips64el.deb
 4d99a154e64ec355680b6126c01711629a130ff351233cfb3f53d89768e70970 62444 python3-gps-dbgsym_3.22-4.1+deb12u1_mips64el.deb
 13ec9a00ad221a614413999fb0e07b92701d781d5ad6949f7e9a9e3460ea23a9 135136 python3-gps_3.22-4.1+deb12u1_mips64el.deb
Files:
 639b2e474b59b28d6008460e35cd88cd 1743448 debug optional gpsd-clients-dbgsym_3.22-4.1+deb12u1_mips64el.deb
 86280c90465baa49c43f9b22a92f97f2 442636 misc optional gpsd-clients_3.22-4.1+deb12u1_mips64el.deb
 7ff9be11845db5778f2ce9843d0413ac 2016664 debug optional gpsd-dbgsym_3.22-4.1+deb12u1_mips64el.deb
 ad6eac18b18c8a44ccec9089c9b22b65 1252984 debug optional gpsd-tools-dbgsym_3.22-4.1+deb12u1_mips64el.deb
 51191823db3ae431a9846a5df7a4645f 280244 misc optional gpsd-tools_3.22-4.1+deb12u1_mips64el.deb
 71b6cd98fa144ec8068807ed111c5b15 21121 misc optional gpsd_3.22-4.1+deb12u1_mips64el-buildd.buildinfo
 5ee1a74c5fe4830ffab558b9c620c0bd 365008 misc optional gpsd_3.22-4.1+deb12u1_mips64el.deb
 46df062997382d0ad864e2b6a676500a 138780 libdevel optional libgps-dev_3.22-4.1+deb12u1_mips64el.deb
 0757747567e5c44f06aae6bd9b8fc4a1 153984 debug optional libgps28-dbgsym_3.22-4.1+deb12u1_mips64el.deb
 904d24dbf37bf12311cd08b638f9fce2 80356 libs optional libgps28_3.22-4.1+deb12u1_mips64el.deb
 8a3d167d97f4932abcf3706e58331ba5 30296 libdevel optional libqgpsmm-dev_3.22-4.1+deb12u1_mips64el.deb
 33ac63066168904866b95464e44dd270 377156 debug optional libqgpsmm28-dbgsym_3.22-4.1+deb12u1_mips64el.deb
 037c87a348202961cdb0f16f6ec63ee4 84176 libs optional libqgpsmm28_3.22-4.1+deb12u1_mips64el.deb
 96f74dd2588ee415de127d929b4f1647 62444 debug optional python3-gps-dbgsym_3.22-4.1+deb12u1_mips64el.deb
 52d571048c5a368103d80c04731764c0 135136 python optional python3-gps_3.22-4.1+deb12u1_mips64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEyYUQCyzsgu940OiVpwP2OD8jZaoFAmn2i08ACgkQpwP2OD8j
ZaqUDw//d1tqr0cBxw/4jahHswc/gG/uJeh3x9vY1p8SB1meedvHlbX87IjySQPN
IkE3M68AhiXdO2aFtrBatL4/2Fr7C09lbqK7sh8Jk7COg5ryna9EpaPyDHSSTR+Z
l4BGkkyiiFN11fefRJ128UC80lZzx02zIfxauJY1aj2i9cCrq1O9LiutSVUmen8e
r5MBqB2imi1rPQILhw2Jpsbj0pCS5IRQiuUdt92kXVP5PzvuqoJE/Sso/AlkHUMU
eWLL4hGjSbaJzt6aSRxprxOV+9ioToiU96OkokJS3Yo29grO/7AtHVPqBjx+nppw
+5JrSuXTmYtKIqgkOzqKRMkdZh/kORPwKBUNERNWQ967HwRPqydOke6MHGet9/qF
7P95Xgef0+haLNj2Mwo0eEnFuYcm5sodasYzmqavUECi0Pk9AoaNJwCg8JU6kYYa
YqEIQZNE4pPuTCGQDclFJf/EFUdwx/u54epoxZVhQ5Z07WSvCT49sywbnnv2rsu8
klB46USSD1vhfA+XJDTfl6zBefIOg8DQ8FvIxvNk/U+i97x5+p0Xc8YeOi1TlnsV
hMjf+Rc9P/SPZfC0S3Vqr7YDiVdAPg7K4q8+ND+8ulcJaQpLL81zDlOdDK5iN+pY
TH44OOQwCk1uZ1PsY7p7njDyXeAk/Lw4e4dnR8QmpTxOIzYh3kY=
=muH0
-----END PGP SIGNATURE-----