-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 17 Jan 2026 17:51:45 +0100
Source: gpsd
Binary: gpsd gpsd-clients gpsd-clients-dbgsym gpsd-dbgsym gpsd-tools gpsd-tools-dbgsym libgps-dev libgps30t64 libgps30t64-dbgsym libqgpsmm-dev libqgpsmm30t64 libqgpsmm30t64-dbgsym python3-gps python3-gps-dbgsym
Architecture: armhf
Version: 3.25-5+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: arm Build Daemon (arm-ubc-06) <buildd_arm64-arm-ubc-06@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 gpsd       - Global Positioning System - daemon
 gpsd-clients - Global Positioning System - clients
 gpsd-tools - Global Positioning System - tools
 libgps-dev - Global Positioning System - development files
 libgps30t64 - Global Positioning System - library
 libqgpsmm-dev - Global Positioning System - Qt wrapper for libgps (development)
 libqgpsmm30t64 - Global Positioning System - Qt wrapper for libgps
 python3-gps - Global Positioning System - Python 3 libraries
Closes: 1124799 1124800
Changes:
 gpsd (3.25-5+deb13u1) trixie; urgency=medium
 .
   * Non-Maintainer Upload by LTS team
   * Add salsa CI for trixie
   * Fix CVE-2025-67268 (Closes: #1124800).
     gpsd contains a heap-based out-of-bounds write
     vulnerability in the drivers/driver_nmea2000.c file.
     The hnd_129540 function, which handles NMEA2000 PGN 129540
     (GNSS Satellites in View) packets, fails to validate the
     user-supplied satellite count against the size of the skyview
     array (184 elements). This allows an attacker to write beyond
     the bounds of the array by providing a satellite count up
     to 255, leading to memory corruption, Denial of Service (DoS),
     and potentially arbitrary code execution.
   * Fix CVE-2025-67269 (Closes: #1124799).
     An integer underflow vulnerability exists in the `nextstate()`
     function in `gpsd/packet.c`.
     When parsing a NAVCOM packet, the payload length is calculated
     using `lexer->length = (size_t)c - 4` without checking if
     the input byte `c` is less than 4. This results in an unsigned
     integer underflow, setting `lexer->length` to a very large value
     (near `SIZE_MAX`). The parser then enters a loop attempting to
     consume this massive number of bytes, causing 100% CPU utilization
     and a Denial of Service (DoS) condition.
Checksums-Sha1:
 e8e62d41dfbeff60ce8b46d5e2eebd36b1e29b1d 1930764 gpsd-clients-dbgsym_3.25-5+deb13u1_armhf.deb
 00abc19c0334254892cfcfaebab6e859bc1dfc66 470528 gpsd-clients_3.25-5+deb13u1_armhf.deb
 1de762ad0b01c60f3685cbb31720c4278571c1b3 2301788 gpsd-dbgsym_3.25-5+deb13u1_armhf.deb
 16453aa9e11e5707abdafe10cc6061152bf2116e 1575948 gpsd-tools-dbgsym_3.25-5+deb13u1_armhf.deb
 57418cf8e304ee865451c886bbdb8b9c308f315b 315140 gpsd-tools_3.25-5+deb13u1_armhf.deb
 5ac872eccfad5c098d604b4ce2cd37262c0a15ab 20443 gpsd_3.25-5+deb13u1_armhf-buildd.buildinfo
 c80ce610ed6ac7afa3a0a7f6f957833c2e684ff6 385872 gpsd_3.25-5+deb13u1_armhf.deb
 1b32588509b03cff7c70d01785b51b63f0ec5b85 141596 libgps-dev_3.25-5+deb13u1_armhf.deb
 d66f9caf2b61ca9a009bf91dd961b3d78d8a5206 167840 libgps30t64-dbgsym_3.25-5+deb13u1_armhf.deb
 a7f5884a0a15fc8a9161819d291f453531e3a03e 81236 libgps30t64_3.25-5+deb13u1_armhf.deb
 3d426a6379fb90c2b9e10098bdeb63943c1100ff 34172 libqgpsmm-dev_3.25-5+deb13u1_armhf.deb
 fcbbfc6b04e132aeaeb28fe63f564c0857b73657 398820 libqgpsmm30t64-dbgsym_3.25-5+deb13u1_armhf.deb
 048410fb233ab9425e91b15fac61a252aa49ca73 83376 libqgpsmm30t64_3.25-5+deb13u1_armhf.deb
 affca838b03bb272ec2974eda5a94b952c3d711f 63336 python3-gps-dbgsym_3.25-5+deb13u1_armhf.deb
 996209364841b3a1c5beec1490a151c8d62c94f1 150524 python3-gps_3.25-5+deb13u1_armhf.deb
Checksums-Sha256:
 0594500c6e2b0c4ab7aef205baf9ab9b5f6f3f56ed243e6f6a03c270be30810e 1930764 gpsd-clients-dbgsym_3.25-5+deb13u1_armhf.deb
 be3d1c6cf745d388b38c8fbf79ca5f031b0934bc8964e910614ecb70f7da060b 470528 gpsd-clients_3.25-5+deb13u1_armhf.deb
 91bf961d03bfed64bd825fae9d4d6797bf0f39efc861f883d0d6913fe5e537df 2301788 gpsd-dbgsym_3.25-5+deb13u1_armhf.deb
 6114800e939412cd54d6c95bbefb74f66a14318b4aa52c904693276ac8236e54 1575948 gpsd-tools-dbgsym_3.25-5+deb13u1_armhf.deb
 4ca6c7ac1dbe3870d1135c2907e49b674fff5d4414c1a857e4f7757ba53b9907 315140 gpsd-tools_3.25-5+deb13u1_armhf.deb
 cda7eab8cc116ca7374f49c1e61b57aed1266d3c54576f3c09cddd06139ecac5 20443 gpsd_3.25-5+deb13u1_armhf-buildd.buildinfo
 c6bfe881c7c45c1aac1f76cbb09fee20ec626f8f0e7366953292ad5a48496b50 385872 gpsd_3.25-5+deb13u1_armhf.deb
 d371d879b20a75f3d76895447024b3d2e6dbc899c1fa51e46b6ab62d170c9b46 141596 libgps-dev_3.25-5+deb13u1_armhf.deb
 bbcbcdbaea72d5aed0fd56fbb4715c57de3df023d9fcad5169e7afe18a3caa7d 167840 libgps30t64-dbgsym_3.25-5+deb13u1_armhf.deb
 0c14a71517f4c232bea90f44c7500538439930a6d124bee7e646ff6312e2a956 81236 libgps30t64_3.25-5+deb13u1_armhf.deb
 d2d1f51a7dd85b00e3edfdf3727d6aca91474631e193c9bf3b1bbf43baa60f1a 34172 libqgpsmm-dev_3.25-5+deb13u1_armhf.deb
 d5d8ede7f06aa2832137fe21f945f9c22641a4efc22739204853f8be8201d291 398820 libqgpsmm30t64-dbgsym_3.25-5+deb13u1_armhf.deb
 f73cda434a401bd67556481c328455c861e3b191c2fcce224912b606421839b7 83376 libqgpsmm30t64_3.25-5+deb13u1_armhf.deb
 69db0d53e405f95584dbd01618dae11825ba358cf609bac2c5c9b8da9d4741e3 63336 python3-gps-dbgsym_3.25-5+deb13u1_armhf.deb
 74d26a0ab7f514f288f465df978295594137b0eefebf1349386051009e5fe9ea 150524 python3-gps_3.25-5+deb13u1_armhf.deb
Files:
 d28116a3e6dc879bade1ee3cb0c9a6a0 1930764 debug optional gpsd-clients-dbgsym_3.25-5+deb13u1_armhf.deb
 89258d803044b5473ecd9e349d81e4fe 470528 misc optional gpsd-clients_3.25-5+deb13u1_armhf.deb
 9332be32e07042eb20876d79d4d512c7 2301788 debug optional gpsd-dbgsym_3.25-5+deb13u1_armhf.deb
 aaa8074c2d2653cef752a79de9d99d89 1575948 debug optional gpsd-tools-dbgsym_3.25-5+deb13u1_armhf.deb
 5e2953b9edfa3aeacf5de8e3acbb5d6b 315140 misc optional gpsd-tools_3.25-5+deb13u1_armhf.deb
 2412071c561c08b48840bb09e8ae2877 20443 misc optional gpsd_3.25-5+deb13u1_armhf-buildd.buildinfo
 e908e9094b49be4809e168a78c80b91f 385872 misc optional gpsd_3.25-5+deb13u1_armhf.deb
 4ebb692765c773058cf46861e252cb9e 141596 libdevel optional libgps-dev_3.25-5+deb13u1_armhf.deb
 4aebc4713e38be91cb3901a5b859792f 167840 debug optional libgps30t64-dbgsym_3.25-5+deb13u1_armhf.deb
 814eab8452ec0b285a7a05049a1ba662 81236 libs optional libgps30t64_3.25-5+deb13u1_armhf.deb
 6581004a705a998c3150c3cef7292888 34172 libdevel optional libqgpsmm-dev_3.25-5+deb13u1_armhf.deb
 a7a7fa19140cf1a9a8baf90e852c8388 398820 debug optional libqgpsmm30t64-dbgsym_3.25-5+deb13u1_armhf.deb
 5a4b5541ae0995aca70da7275366d92f 83376 libs optional libqgpsmm30t64_3.25-5+deb13u1_armhf.deb
 ae82bb1157e92e8b935f64ee79f15901 63336 debug optional python3-gps-dbgsym_3.25-5+deb13u1_armhf.deb
 4fc2fa9d1fd0d0df400007ae38bb4542 150524 python optional python3-gps_3.25-5+deb13u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpxWVfktWxVoKRwGgJ7tNDw2WyRsFAmmkXE0ACgkQJ7tNDw2W
yRtjYw/+NTuvB1EMUD/I0rDtZzp2+ZlRbUsxfq2mOh2uJnVLBoji4+lTkpnik4l/
qLBHR43XDYESQEKudCE1+HE9sRBr6BxkgQ3JYFzwO9Pv/oflYXy1/GTD2IhsH5hr
9/USIuYgucfyTDthCOk2WbQ99WqpuF18l8Qa6tB+YgZJsZD0MvGPO50mQkGy3Dak
YrtGQjwW30Wr9EoqPZ8tLjr8QRn9MGM7yF7sUXTy95s1KHrfK4YxQ67l+7bpObmM
4BCzH+noEbd6Cb/IGNQDW1DEs6fqN6IjtexnxUiBU3kmIW0n7BzGKtU4XxNkbYp9
tHr+3/9FA4rdWONIZMPppo8eOTvmYg4ubS7C4iaA+H1KwnsivTOKjxzTTwE59oWE
bqrMbHJ5B9VwGAyoEKeWyMi8FMHuB3DQlz6CzWcUE35Xi4rty37hUG3GOETPDEMF
Q3i4hrwzTbtOb9LWt4C7inrjxql6bHTIa+x2Nr3xA0jHl5ltdJKh0mK9Gw8ydpE/
92KjzOJwBQd4kxYnrAtWAdk1Wnl5SyiDjdJE/KD9x4JqCFR3D0n9qMkpt7xUjeB0
SzgsoBVEBGrnxUbPFtt7SSRciMSDew5NtCMwmqsGMXrsCRcJ4pfMPCXFEWZIOrG9
clKtBX4vhJxkgAnJ0SS/pH+daMBp+lRWiNtLtp3BsfGyk7wWols=
=3Juz
-----END PGP SIGNATURE-----