[Secure-testing-team] Bug#706665: gpsd: CVE-2013-2038
Salvatore Bonaccorso
carnil at debian.org
Fri May 3 04:41:46 UTC 2013
Source: gpsd
Severity: important
Tags: security patch
Hi,
the following vulnerability was published for gpsd.
CVE-2013-2038[0]:
DoS (packet parser crash) in the AIS driver when processing malformed packet
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
Patches referenced by upstream developer and detailed explanation can be
found at [1,2,3].
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2038
http://security-tracker.debian.org/tracker/CVE-2013-2038
[1] http://marc.info/?l=oss-security&m=136753549732442&w=2
[2] http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50
[3] http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=08edc49d8f63c75bfdfb480b083b0d960310f94f
Please adjust the affected versions in the BTS as needed.
@Bernd: I have not (yet) further investigated, only looked at current
code to see if above match.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list