-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 17 Jan 2026 17:51:45 +0100
Source: gpsd
Binary: gpsd gpsd-clients gpsd-clients-dbgsym gpsd-dbgsym gpsd-tools gpsd-tools-dbgsym libgps-dev libgps30t64 libgps30t64-dbgsym libqgpsmm-dev libqgpsmm30t64 libqgpsmm30t64-dbgsym python3-gps python3-gps-dbgsym
Architecture: riscv64
Version: 3.25-5+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: riscv64 Build Daemon (rv-osuosl-05) <buildd_riscv64-rv-osuosl-05@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 gpsd       - Global Positioning System - daemon
 gpsd-clients - Global Positioning System - clients
 gpsd-tools - Global Positioning System - tools
 libgps-dev - Global Positioning System - development files
 libgps30t64 - Global Positioning System - library
 libqgpsmm-dev - Global Positioning System - Qt wrapper for libgps (development)
 libqgpsmm30t64 - Global Positioning System - Qt wrapper for libgps
 python3-gps - Global Positioning System - Python 3 libraries
Closes: 1124799 1124800
Changes:
 gpsd (3.25-5+deb13u1) trixie; urgency=medium
 .
   * Non-Maintainer Upload by LTS team
   * Add salsa CI for trixie
   * Fix CVE-2025-67268 (Closes: #1124800).
     gpsd contains a heap-based out-of-bounds write
     vulnerability in the drivers/driver_nmea2000.c file.
     The hnd_129540 function, which handles NMEA2000 PGN 129540
     (GNSS Satellites in View) packets, fails to validate the
     user-supplied satellite count against the size of the skyview
     array (184 elements). This allows an attacker to write beyond
     the bounds of the array by providing a satellite count up
     to 255, leading to memory corruption, Denial of Service (DoS),
     and potentially arbitrary code execution.
   * Fix CVE-2025-67269 (Closes: #1124799).
     An integer underflow vulnerability exists in the `nextstate()`
     function in `gpsd/packet.c`.
     When parsing a NAVCOM packet, the payload length is calculated
     using `lexer->length = (size_t)c - 4` without checking if
     the input byte `c` is less than 4. This results in an unsigned
     integer underflow, setting `lexer->length` to a very large value
     (near `SIZE_MAX`). The parser then enters a loop attempting to
     consume this massive number of bytes, causing 100% CPU utilization
     and a Denial of Service (DoS) condition.
Checksums-Sha1:
 5bc1dbb0b39413455a8d839bcffc4d8fa91cece4 1932972 gpsd-clients-dbgsym_3.25-5+deb13u1_riscv64.deb
 7c1d46e123d2ca98e9a7136682ca3a7158f28411 532844 gpsd-clients_3.25-5+deb13u1_riscv64.deb
 7a2547b5c2a4fc2a2ddc9c69d7f6e5ff274ebe20 2272876 gpsd-dbgsym_3.25-5+deb13u1_riscv64.deb
 3c4ffbfc489d553a394b6a3a4f5cdc503184911c 1569524 gpsd-tools-dbgsym_3.25-5+deb13u1_riscv64.deb
 80b2db6673c77e8ae6f4b854b8b357060d4c9f6b 368948 gpsd-tools_3.25-5+deb13u1_riscv64.deb
 a3afe09a5eb45edf1c13d3652ad12eb01d6706fd 20671 gpsd_3.25-5+deb13u1_riscv64-buildd.buildinfo
 3cd72d21d3ffcbe965335a7ad2622aa45b8724fb 446996 gpsd_3.25-5+deb13u1_riscv64.deb
 2314cbcdbf4f1a1fd35bc7902cd5dbceef8ebd0d 200244 libgps-dev_3.25-5+deb13u1_riscv64.deb
 915cc0275b5fb0ded46505f8036ff2ae0aa10647 169556 libgps30t64-dbgsym_3.25-5+deb13u1_riscv64.deb
 fa071ec72431192a16dcf30ccb75a527e6c4d6b7 91228 libgps30t64_3.25-5+deb13u1_riscv64.deb
 30de551e5625987d51d376828c2803276b376731 34168 libqgpsmm-dev_3.25-5+deb13u1_riscv64.deb
 ef729ceeb5c92d62abe9fac2433e2e09d4fac1ad 392420 libqgpsmm30t64-dbgsym_3.25-5+deb13u1_riscv64.deb
 99a199ecaa51905979498624fc4e4e337f667ce6 93280 libqgpsmm30t64_3.25-5+deb13u1_riscv64.deb
 b74937e2832f08645c7dccf575a3c49b861d0c09 64068 python3-gps-dbgsym_3.25-5+deb13u1_riscv64.deb
 b01cd9f622aa9a6dd119f31d51bda0a6082fbf0e 152744 python3-gps_3.25-5+deb13u1_riscv64.deb
Checksums-Sha256:
 88ef18ef5cc07a4404fdabedbb38715c4e3dd84240d03aa7ec6acbc70d289e78 1932972 gpsd-clients-dbgsym_3.25-5+deb13u1_riscv64.deb
 3f3863dcf1216d304fba89ac21d9eef02b60e16eb437589ac3b3c38fbf694cbe 532844 gpsd-clients_3.25-5+deb13u1_riscv64.deb
 a9e3a5efa3a0d3ff8730589e51e493c20da94adb455adc7f4564360368bf5778 2272876 gpsd-dbgsym_3.25-5+deb13u1_riscv64.deb
 272a2e45dfb199ce94d94cdb26a0a31f385e9a4d0234a13160c0566920d69052 1569524 gpsd-tools-dbgsym_3.25-5+deb13u1_riscv64.deb
 244db7cef8c9a45c589710463806fbda020d734a2799ae13d9c4a6b15b62397b 368948 gpsd-tools_3.25-5+deb13u1_riscv64.deb
 ee9a34f7b58ee1dccecd26d78b726622d14b4b18579673d14479b18c640335c8 20671 gpsd_3.25-5+deb13u1_riscv64-buildd.buildinfo
 6ccc2a8644799fe6b02032b254309e5ba3f39cc6d9fdd24023fb040713b316ed 446996 gpsd_3.25-5+deb13u1_riscv64.deb
 b575443111b3da0eabb71ff1c96a6004857322252846970188b929a80b995d6e 200244 libgps-dev_3.25-5+deb13u1_riscv64.deb
 4102a82a6b038c4825edf506f034e67b702ec12491cdc028ec7421c5bc20d060 169556 libgps30t64-dbgsym_3.25-5+deb13u1_riscv64.deb
 c0da0c1b27720b8d1689c40ce5bacf55491c7b5db0e1fd1ef86eb56590b54252 91228 libgps30t64_3.25-5+deb13u1_riscv64.deb
 abcdc7600c5b2dbe2b3fc85d4791586cad86043bfa4841f7c710fd658e0c46e9 34168 libqgpsmm-dev_3.25-5+deb13u1_riscv64.deb
 58c9ea0dec9530b2a0588ab3a09a3c5bed4673793bfa901d375dea9aca96db3f 392420 libqgpsmm30t64-dbgsym_3.25-5+deb13u1_riscv64.deb
 41b77c2c56167c24ba5b64b0bf3810f8a61900cb0f88deabf7e3cf9da2bf87f8 93280 libqgpsmm30t64_3.25-5+deb13u1_riscv64.deb
 c0de3f63d7815d1d11f064294d6756b534b596098ecfab8715d9f41ec8044602 64068 python3-gps-dbgsym_3.25-5+deb13u1_riscv64.deb
 59999b399ae6a322f86b1da3b258acbb650b34cd2c938d8bc60dbbcfd3a088ae 152744 python3-gps_3.25-5+deb13u1_riscv64.deb
Files:
 b5959369fac91291ee2d969cfa5e7ddc 1932972 debug optional gpsd-clients-dbgsym_3.25-5+deb13u1_riscv64.deb
 6bdad264e0ee738867c8ca40f01a3ab5 532844 misc optional gpsd-clients_3.25-5+deb13u1_riscv64.deb
 6cdf48e7ab4318f15a5dfafbfc165765 2272876 debug optional gpsd-dbgsym_3.25-5+deb13u1_riscv64.deb
 7dbf39183a870db11f3f7184ff8a8b75 1569524 debug optional gpsd-tools-dbgsym_3.25-5+deb13u1_riscv64.deb
 56994ed67a4d533a11516a34d91a758e 368948 misc optional gpsd-tools_3.25-5+deb13u1_riscv64.deb
 985ee1c20c1218952c10d1a4ba572a3b 20671 misc optional gpsd_3.25-5+deb13u1_riscv64-buildd.buildinfo
 12c223d647201881bf4d09f5457c732e 446996 misc optional gpsd_3.25-5+deb13u1_riscv64.deb
 056435745445013ff1fc3babb4576cf2 200244 libdevel optional libgps-dev_3.25-5+deb13u1_riscv64.deb
 dd6f7246aad7e1f6675b98f54b690366 169556 debug optional libgps30t64-dbgsym_3.25-5+deb13u1_riscv64.deb
 ebb8a53ba7f983a75daa78005222773e 91228 libs optional libgps30t64_3.25-5+deb13u1_riscv64.deb
 aa98e82d66e56b775054cfff27181225 34168 libdevel optional libqgpsmm-dev_3.25-5+deb13u1_riscv64.deb
 7da01965e51070dee13c6fcdf5bea578 392420 debug optional libqgpsmm30t64-dbgsym_3.25-5+deb13u1_riscv64.deb
 0e4d9afb132c1acee9eeaab133477a1a 93280 libs optional libqgpsmm30t64_3.25-5+deb13u1_riscv64.deb
 d428693b6bbd18e74f9db1aa5d2f8028 64068 debug optional python3-gps-dbgsym_3.25-5+deb13u1_riscv64.deb
 17e9d3433c05142a22383ddcc38c73f2 152744 python optional python3-gps_3.25-5+deb13u1_riscv64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBzL0NgzYDvoyHaFq4N3weDMPIr4FAmmkfkcACgkQ4N3weDMP
Ir7FAg/5AZD1MUs+rT2jchshS2+vm43po9Nm8SV+1Zt5X7I9yA9HjklX7RsYNtmC
ROy49qWsd4odWyoVaYeFySB5hxIACsyhcvmaqxjgHmL/BNR9kP+iLlu0HMxc7MsD
2KnGG1r8MAaURmxPj4GL+ZpsxGPjl0rnnxhtHFcgzHjwNtWYWQ9ITnwqU21s8y2O
V7nHk0fWa/H1ebr2awmdQICvyeNkZPRRiCUpzJspI1RL666DyPnmRp8uSUdkZEgR
TYgCC2Zcccp4YxAv6aLyO5VMOYEazNA+UHpibGyXtYVx+qvgBx/sYVql3hY9+2uJ
jXwjt5fLIsFEOBVmXTcWcv4dhfJx8W9Svz+zJtYP9yeHLLs2B/AazmGoJV+oL41m
W0NmuSb8gOXPcfsQCkdBuAs/zJBfesd/G2r4sCpfZ+dvnYQvV1NO5xx1MXijA6M5
/8ccPsE0p7aKwNj3yBamGGuiLJ9rG/XfGEv549/zer4jX8AOM1ey0+ylQH7dHhQ/
Lunq5OTJFnvyK58o+GrK/N6ipYtzGesZoY9Nqryo90wMBFNyMAFjqj43IaO6Q1HZ
TfDFi92zWvItt/QfVn0l/RmYSPpw1ckdGLqS6V7+Xzl9v/7T/VvQOROE1VBwZnBk
KNqmPh/NYaGr2zkG4P2DfFXJNn63/GmiHJ3/hFFaex18MiJBMvE=
=e1Ez
-----END PGP SIGNATURE-----