-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 17 Jan 2026 17:51:45 +0100
Source: gpsd
Binary: gpsd gpsd-clients gpsd-clients-dbgsym gpsd-dbgsym gpsd-tools gpsd-tools-dbgsym libgps-dev libgps30t64 libgps30t64-dbgsym libqgpsmm-dev libqgpsmm30t64 libqgpsmm30t64-dbgsym python3-gps python3-gps-dbgsym
Architecture: amd64
Version: 3.25-5+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 gpsd       - Global Positioning System - daemon
 gpsd-clients - Global Positioning System - clients
 gpsd-tools - Global Positioning System - tools
 libgps-dev - Global Positioning System - development files
 libgps30t64 - Global Positioning System - library
 libqgpsmm-dev - Global Positioning System - Qt wrapper for libgps (development)
 libqgpsmm30t64 - Global Positioning System - Qt wrapper for libgps
 python3-gps - Global Positioning System - Python 3 libraries
Closes: 1124799 1124800
Changes:
 gpsd (3.25-5+deb13u1) trixie; urgency=medium
 .
   * Non-Maintainer Upload by LTS team
   * Add salsa CI for trixie
   * Fix CVE-2025-67268 (Closes: #1124800).
     gpsd contains a heap-based out-of-bounds write
     vulnerability in the drivers/driver_nmea2000.c file.
     The hnd_129540 function, which handles NMEA2000 PGN 129540
     (GNSS Satellites in View) packets, fails to validate the
     user-supplied satellite count against the size of the skyview
     array (184 elements). This allows an attacker to write beyond
     the bounds of the array by providing a satellite count up
     to 255, leading to memory corruption, Denial of Service (DoS),
     and potentially arbitrary code execution.
   * Fix CVE-2025-67269 (Closes: #1124799).
     An integer underflow vulnerability exists in the `nextstate()`
     function in `gpsd/packet.c`.
     When parsing a NAVCOM packet, the payload length is calculated
     using `lexer->length = (size_t)c - 4` without checking if
     the input byte `c` is less than 4. This results in an unsigned
     integer underflow, setting `lexer->length` to a very large value
     (near `SIZE_MAX`). The parser then enters a loop attempting to
     consume this massive number of bytes, causing 100% CPU utilization
     and a Denial of Service (DoS) condition.
Checksums-Sha1:
 4170ab839b3832746bbaba042bee103ba50353ce 1947884 gpsd-clients-dbgsym_3.25-5+deb13u1_amd64.deb
 8e6cf48baf0ebb9879bca5bf4f31e347989fcc3a 507756 gpsd-clients_3.25-5+deb13u1_amd64.deb
 e89cdb97ed1ef7b31f1596bb4088ec307343466c 2296268 gpsd-dbgsym_3.25-5+deb13u1_amd64.deb
 a47f26847270cf0552ecf4d6748863749c6e96b9 1587940 gpsd-tools-dbgsym_3.25-5+deb13u1_amd64.deb
 fd026ccc590748ec08b3ede586916df90bfa314c 342208 gpsd-tools_3.25-5+deb13u1_amd64.deb
 8d0bfe5fe3916b2c90bb3374a4cf97fc8246dbe6 20686 gpsd_3.25-5+deb13u1_amd64-buildd.buildinfo
 685e45282d3113c5a6dfad23fa68d9d73ca5a421 421992 gpsd_3.25-5+deb13u1_amd64.deb
 b35d299e3d1dde061ec7316b5bd9e275e7e3c6fc 144388 libgps-dev_3.25-5+deb13u1_amd64.deb
 da0a18efed3b96ff84f42bcdb3d5690cd253309f 172108 libgps30t64-dbgsym_3.25-5+deb13u1_amd64.deb
 dca4773e27abbeabdaf028a0ee14630a18547738 84928 libgps30t64_3.25-5+deb13u1_amd64.deb
 e7e79123e54e5c2bd20651316b8d7ea4060dc13d 34176 libqgpsmm-dev_3.25-5+deb13u1_amd64.deb
 f6f47548e6d73510a3c8c655889dc9d38989c74d 398116 libqgpsmm30t64-dbgsym_3.25-5+deb13u1_amd64.deb
 2c1ee5203544786c1308d14e375dd578056ab5ef 86824 libqgpsmm30t64_3.25-5+deb13u1_amd64.deb
 89a2bd23040a13b7edc9f95cafdcdd3b49956cbe 63672 python3-gps-dbgsym_3.25-5+deb13u1_amd64.deb
 2309a89e09a4a109525bec8e028f60d43566b117 152380 python3-gps_3.25-5+deb13u1_amd64.deb
Checksums-Sha256:
 8e8ca67de45c2e3d206d9f14254463f8ba1fb920aa62d310f643f81586212171 1947884 gpsd-clients-dbgsym_3.25-5+deb13u1_amd64.deb
 3cd2396881da4815a0e3f5ceea26dc61d5a7efc3f00778c4aba290df9aed56a2 507756 gpsd-clients_3.25-5+deb13u1_amd64.deb
 8e0f2ce08973c6a791916c3588593e1ac688366f29aec3fb22df0af9c5b9bcd9 2296268 gpsd-dbgsym_3.25-5+deb13u1_amd64.deb
 14b3e62446d4a45497b91cf2a7f200b27d601134fd8fa812c9d37d41964c0fba 1587940 gpsd-tools-dbgsym_3.25-5+deb13u1_amd64.deb
 e24cfee6499eb3cb345f03538159da0af870ef9d7c00d0e96adcb8b3e340ee26 342208 gpsd-tools_3.25-5+deb13u1_amd64.deb
 54c3caf890aa8959ae1b7e3316654819ba9efb06db6bd1615a2c945aed89486e 20686 gpsd_3.25-5+deb13u1_amd64-buildd.buildinfo
 31a170505e88062ae10a446927137683a9ba623260fb5892950cd699ab457901 421992 gpsd_3.25-5+deb13u1_amd64.deb
 9a4fdbcc24b8a54cc7e7da96f844c0ac27d90abb7cc0df1fcba8811c0f975be7 144388 libgps-dev_3.25-5+deb13u1_amd64.deb
 f0cac63a4f58c2e7c4b8f213344b5eab7d7a9bd5968a2f8678fe09ed269f4a71 172108 libgps30t64-dbgsym_3.25-5+deb13u1_amd64.deb
 76e296b650f7cfa1504c07d7e668673fd4bff7eaffef98001de0d226526bd111 84928 libgps30t64_3.25-5+deb13u1_amd64.deb
 a9e1779ed707a6df25737b2ba9466088223babb5c01a414eebd1dda68c62109b 34176 libqgpsmm-dev_3.25-5+deb13u1_amd64.deb
 44688466078c3eccdfea345d57e3b86db42f2781fc9671ec2ad4e13611e6e5e8 398116 libqgpsmm30t64-dbgsym_3.25-5+deb13u1_amd64.deb
 a880ec687fd16fa107d11eedf15415dfe420641e27d246eec0b7c19ca2a07b10 86824 libqgpsmm30t64_3.25-5+deb13u1_amd64.deb
 132a36831092afbf02a43101de55c4470c21164d310aa2c29ffa522e28e0d122 63672 python3-gps-dbgsym_3.25-5+deb13u1_amd64.deb
 aa6f4898aa3fb5735bc03dc9e27a2297001b091a22ac6bcbea7fefe370eb384f 152380 python3-gps_3.25-5+deb13u1_amd64.deb
Files:
 1cdbbaae7b62041557a4c2b79fe0bb8c 1947884 debug optional gpsd-clients-dbgsym_3.25-5+deb13u1_amd64.deb
 3f2ced93912d16b48d7d914c911e19c1 507756 misc optional gpsd-clients_3.25-5+deb13u1_amd64.deb
 adf29e0dece8e85330d2f2974780ed4a 2296268 debug optional gpsd-dbgsym_3.25-5+deb13u1_amd64.deb
 0bf6e7db56d2ff71e00d5051fb9f1631 1587940 debug optional gpsd-tools-dbgsym_3.25-5+deb13u1_amd64.deb
 98b1e94b49c203610f204a0febdfef6a 342208 misc optional gpsd-tools_3.25-5+deb13u1_amd64.deb
 7abcd4db4faa8b7c53cb4e9caddd470f 20686 misc optional gpsd_3.25-5+deb13u1_amd64-buildd.buildinfo
 3e46d3bca58113f66a1648d96a789fdb 421992 misc optional gpsd_3.25-5+deb13u1_amd64.deb
 d60d19c86289228a672ca05db5c8bc8c 144388 libdevel optional libgps-dev_3.25-5+deb13u1_amd64.deb
 c46b51c17f23ec5994d0a7062e4a5a55 172108 debug optional libgps30t64-dbgsym_3.25-5+deb13u1_amd64.deb
 7b3789e69e3fb50c746fe3ddaca803a5 84928 libs optional libgps30t64_3.25-5+deb13u1_amd64.deb
 acdcc23f388e07c591272cf14e4a5084 34176 libdevel optional libqgpsmm-dev_3.25-5+deb13u1_amd64.deb
 0087130e9e621981c6b5a2346731bd92 398116 debug optional libqgpsmm30t64-dbgsym_3.25-5+deb13u1_amd64.deb
 f1eb1b0c062f20f7fde0ba358cc01ce2 86824 libs optional libqgpsmm30t64_3.25-5+deb13u1_amd64.deb
 064a59d567ff46e51bba4e4cc3125e22 63672 debug optional python3-gps-dbgsym_3.25-5+deb13u1_amd64.deb
 3307f5a8ff4298f2c1341609d34aa85f 152380 python optional python3-gps_3.25-5+deb13u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEnw0rdzqckKx6dwRTEbCLukZn24oFAmmkW+8ACgkQEbCLukZn
24oJeg//cMRGUax9prSJVsQzPjzjiagp6aW2LMzekVCd5R8XZQkJ41adCdyQwfah
gcDFdMrqh2FROlouTNjj0Tckcxw7c9TBIA7/DcLyFvfCfs8dz4scHwTNp6ojHBmZ
4MKMDQjuKWlYPNP5wQGo+wRDV0B6muz2iTb7ii94edst+l6dOzTwba28DPBpiYzk
jZGOHnZ8lEHEVWHPoB0RBZjO24ztKTJeKHXmdYO/J0MAiBgpbsEWlvVsAcWGcwNq
ls+auAYk0/l8ILLsvYZsd3mWgBt9MemHA16rPE8HHLSQylJX3ldzFVKr8uMPkrBD
en+FPZoUNuw3HtFouzN2DEMz62NA1bNx0+SMLD2wtbOXnMutUpUZY9e9CgxDA0Ox
DfLpYJhJTqxVO6b5Wdnngfphs6yGvaf59WCTr2fh9uTsBliJmbjwimly0XckUVLv
gRdO8FrP2W7HFb716opK2JHhHkwF++EkCrbJDj6qlqrM0DgDZXeO49NpRPrPI5Ex
pt7bd08zLwoqsfOw9+WStJ/IFdfTdDRz6HKzcdek/YQKElfj5XB7T/iP8pbk8M5p
AAHKQoMK8eN6EB910YBSnaD17H+wKh7JcjqqZYpXjPtIwLYDsEnWGKiFxmPgFs2I
ZAfZWupj9j6uDKBzh+IbZbQwi56V7BBtsN6xC4A3Ays8+Gf5kXU=
=qObf
-----END PGP SIGNATURE-----