-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 17 Jan 2026 17:51:45 +0100
Source: gpsd
Binary: gpsd gpsd-clients gpsd-clients-dbgsym gpsd-dbgsym gpsd-tools gpsd-tools-dbgsym libgps-dev libgps30t64 libgps30t64-dbgsym libqgpsmm-dev libqgpsmm30t64 libqgpsmm30t64-dbgsym python3-gps python3-gps-dbgsym
Architecture: i386
Version: 3.25-5+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) <buildd_amd64-x86-conova-02@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 gpsd       - Global Positioning System - daemon
 gpsd-clients - Global Positioning System - clients
 gpsd-tools - Global Positioning System - tools
 libgps-dev - Global Positioning System - development files
 libgps30t64 - Global Positioning System - library
 libqgpsmm-dev - Global Positioning System - Qt wrapper for libgps (development)
 libqgpsmm30t64 - Global Positioning System - Qt wrapper for libgps
 python3-gps - Global Positioning System - Python 3 libraries
Closes: 1124799 1124800
Changes:
 gpsd (3.25-5+deb13u1) trixie; urgency=medium
 .
   * Non-Maintainer Upload by LTS team
   * Add salsa CI for trixie
   * Fix CVE-2025-67268 (Closes: #1124800).
     gpsd contains a heap-based out-of-bounds write
     vulnerability in the drivers/driver_nmea2000.c file.
     The hnd_129540 function, which handles NMEA2000 PGN 129540
     (GNSS Satellites in View) packets, fails to validate the
     user-supplied satellite count against the size of the skyview
     array (184 elements). This allows an attacker to write beyond
     the bounds of the array by providing a satellite count up
     to 255, leading to memory corruption, Denial of Service (DoS),
     and potentially arbitrary code execution.
   * Fix CVE-2025-67269 (Closes: #1124799).
     An integer underflow vulnerability exists in the `nextstate()`
     function in `gpsd/packet.c`.
     When parsing a NAVCOM packet, the payload length is calculated
     using `lexer->length = (size_t)c - 4` without checking if
     the input byte `c` is less than 4. This results in an unsigned
     integer underflow, setting `lexer->length` to a very large value
     (near `SIZE_MAX`). The parser then enters a loop attempting to
     consume this massive number of bytes, causing 100% CPU utilization
     and a Denial of Service (DoS) condition.
Checksums-Sha1:
 0280c4f4dc108064cd90822ea89f8081075e016f 1808308 gpsd-clients-dbgsym_3.25-5+deb13u1_i386.deb
 9f62ed00394d731a3b7bdc1ea60a4abfde656ad5 517164 gpsd-clients_3.25-5+deb13u1_i386.deb
 a2eca61754f490564d35091dedf36413ae93c7bc 2146748 gpsd-dbgsym_3.25-5+deb13u1_i386.deb
 cf72c5a7d76f977128a5f5cdc57e6e99a49dd558 1468096 gpsd-tools-dbgsym_3.25-5+deb13u1_i386.deb
 44e5cbcf2e611c0b680f788b70c5dd5e1778e6bd 357252 gpsd-tools_3.25-5+deb13u1_i386.deb
 6853be81e79fccf8a2f742addd017b2614aa9eca 20548 gpsd_3.25-5+deb13u1_i386-buildd.buildinfo
 21f977690e11a49859903cce18e46a09378a96bb 437796 gpsd_3.25-5+deb13u1_i386.deb
 d699c1ce9b5f4659dc1645733495342ce7a2da02 148988 libgps-dev_3.25-5+deb13u1_i386.deb
 b45e6b1109d66a8a90275592c5a9e8e22ec56a70 159152 libgps30t64-dbgsym_3.25-5+deb13u1_i386.deb
 32abe801003dfefa0710e4e0f81e8cee3bd4e6c8 88224 libgps30t64_3.25-5+deb13u1_i386.deb
 cc275b8ce92fc57244215dc94f53665f1bdf2239 34160 libqgpsmm-dev_3.25-5+deb13u1_i386.deb
 4ca02adb9c0d34442966c2278dbcc910c0021b30 386812 libqgpsmm30t64-dbgsym_3.25-5+deb13u1_i386.deb
 23b3c6853ae40226449de3550abecb98fa7e618d 90180 libqgpsmm30t64_3.25-5+deb13u1_i386.deb
 d81a1a4c04cf0a5096ba90278d1c622008135a27 63496 python3-gps-dbgsym_3.25-5+deb13u1_i386.deb
 fa136045a62e8071c13eda3fc05303a9af80fb70 152824 python3-gps_3.25-5+deb13u1_i386.deb
Checksums-Sha256:
 a69d65e3b5d4e15d40f7631f861395476cd2ebc79578693ca10894cbdd27e78e 1808308 gpsd-clients-dbgsym_3.25-5+deb13u1_i386.deb
 99168eaec3077aaf99c95da84dfdccc7363eea064061d3e2fd268731f53d5df9 517164 gpsd-clients_3.25-5+deb13u1_i386.deb
 7d481007aeaa29de23a3b52731f6cf2c5f9405be96ace84a10b97ee59d0d4a8c 2146748 gpsd-dbgsym_3.25-5+deb13u1_i386.deb
 54b8451677eb7db066e73f73e2f071389845f7fd601118c82fbe5f0cba37288b 1468096 gpsd-tools-dbgsym_3.25-5+deb13u1_i386.deb
 107dd50ff829bfe91fdbb56fb8c7db6f5107ca6bf6add0a205b806f27f768b8a 357252 gpsd-tools_3.25-5+deb13u1_i386.deb
 2277ac34185bfbd5e8489ee4f806518cbb860820852ed624a6306c8eacf1f313 20548 gpsd_3.25-5+deb13u1_i386-buildd.buildinfo
 9887eafadbb18badbe5482afeb5464531a7261232d22ccd8dd81a591c972199a 437796 gpsd_3.25-5+deb13u1_i386.deb
 e7604ccba7d2581f825537df2438068c1c95c73b789436bad01a92ababf279c1 148988 libgps-dev_3.25-5+deb13u1_i386.deb
 b27de6d639e9f9511526bd6a58a9bfbc832428813da22aace47e20d9d19af21e 159152 libgps30t64-dbgsym_3.25-5+deb13u1_i386.deb
 bde2a0be6777642b2a37c268ef0e6af26465b3339515189008e23010465c5e1f 88224 libgps30t64_3.25-5+deb13u1_i386.deb
 aeba6bc9cd77e0bdb0a19b4195474f0b538e890f446c84f138645f742a9fceb5 34160 libqgpsmm-dev_3.25-5+deb13u1_i386.deb
 5c6a228301fc1e16699cf6c5d13174ac1954e52b05f270f93cbae97afea363c1 386812 libqgpsmm30t64-dbgsym_3.25-5+deb13u1_i386.deb
 123f42e556dc49146f045951d92f9bc2cb40f729fdee3153298153a2d50a1d3c 90180 libqgpsmm30t64_3.25-5+deb13u1_i386.deb
 8005d30ed81c99b999c07c8913852dce9b8da57505f1dad21b548371fa40fc95 63496 python3-gps-dbgsym_3.25-5+deb13u1_i386.deb
 c29c36c25aeb9c6af4997c83190b8d7f0ef9e68aa1be432af7f5121e3f25172d 152824 python3-gps_3.25-5+deb13u1_i386.deb
Files:
 6694c687f8abc0e5f293155033c7dd5c 1808308 debug optional gpsd-clients-dbgsym_3.25-5+deb13u1_i386.deb
 4d6631228656611f23f08f7061500d58 517164 misc optional gpsd-clients_3.25-5+deb13u1_i386.deb
 785a119941890260d8d8ad95f3d103b4 2146748 debug optional gpsd-dbgsym_3.25-5+deb13u1_i386.deb
 8e1b480148cb7b337135a90242b4bb6c 1468096 debug optional gpsd-tools-dbgsym_3.25-5+deb13u1_i386.deb
 ba1572d6d32552506212e195b3c8760b 357252 misc optional gpsd-tools_3.25-5+deb13u1_i386.deb
 23e679009817ee5d01baf87a3d8dbb74 20548 misc optional gpsd_3.25-5+deb13u1_i386-buildd.buildinfo
 522bb63fdffdd181f9e21f23d9b8ffd2 437796 misc optional gpsd_3.25-5+deb13u1_i386.deb
 23681c006d0ec3a8b04e1f3e3107b5a3 148988 libdevel optional libgps-dev_3.25-5+deb13u1_i386.deb
 ee513c4ee9454e1459f5d2e1dd9d9b49 159152 debug optional libgps30t64-dbgsym_3.25-5+deb13u1_i386.deb
 180bcf90315a08a7c087efa08e71ec70 88224 libs optional libgps30t64_3.25-5+deb13u1_i386.deb
 df778027a271bbfbe744277a3b8f51c0 34160 libdevel optional libqgpsmm-dev_3.25-5+deb13u1_i386.deb
 86b7bbbc8811858fc6603ef22edddd74 386812 debug optional libqgpsmm30t64-dbgsym_3.25-5+deb13u1_i386.deb
 6fa2b2267a8de64dee0dee6cbb10ad8c 90180 libs optional libqgpsmm30t64_3.25-5+deb13u1_i386.deb
 a3d906540b4e13a7be2e9a730b59c65c 63496 debug optional python3-gps-dbgsym_3.25-5+deb13u1_i386.deb
 dd1aba484be99ea10d1ba5b0d2ff0e4b 152824 python optional python3-gps_3.25-5+deb13u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErwLLVsiCiGZggzpHJuP6X4A0XeIFAmmkXOwACgkQJuP6X4A0
XeK9eBAAnS8xD9GbOVQadPMBkTghmRinI3hr77WuA/oQY8NR5kZ4eGpQ3+mfMfU+
lKPaIxOSWDyPyRlf42rSA0JiXQvFS9E43EDJ++y2l6kXxPh59TX5Gtcw2KJLI5sy
JrXs1vdYsTXA9gn7KIMNGiM1JGW+SCQiKLn0FXLWauFTJOMlxhsMbKh7+3pQhZJ0
XT+ZWDWhzXx/EvbnI2GdcND850sLcScPvGWMbrWGjN7FSV2S1Yab1u/LDajPqARp
icPEsEOvykVDwcYSy3wmi2VFPNyHLrJfHPZvpHIrqpALxsei7mOCUhUBfLFpuZtL
tDaHFjNWHAi08W3r+KJwNXxGF4mDy+vTiZG68sId8RZzGXnzkYgHYc0qKfHy/4+M
ASh63LNv3OP2RV/ded8FCYgcDeIgfaJpbpGzvugyyf4wq5GXIFQzMeSR61DJQkQ7
2dgy2GL5szqpbWfzVlPJ+vXhEu6G46st0oa9ieVTo44JN03FLkl1WcjI+K3M6N1D
gECb/4F1rdZ1DluWncfN6stMEV+SHvDyS/SPfSc4WgFenrpDSh13HyEkqh7jBHD+
R7ord4NvjyAsyc+OxUaxEYYVoHSEfgWFqad1KwvMvcnUwRruqNyCmoxiWyih3uU9
OfQ3iUNhb/X5mrnnjKczlQv7Dz8POc84TNFzRs3QEGOMjcUERgI=
=m3Ej
-----END PGP SIGNATURE-----