[Pkg-telepathy-maintainers] ofono_2.14-1_source.changes ACCEPTED into unstable

Debian FTP Masters ftpmaster at ftp-master.debian.org
Sun Jan 5 23:04:53 GMT 2025 

Thank you for your contribution to Debian.



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 05 Jan 2025 13:38:11 +0100
Source: ofono
Architecture: source
Version: 2.14-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Telepathy maintainers <pkg-telepathy-maintainers at lists.alioth.debian.org>
Changed-By: Mike Gabriel <sunweaver at debian.org>
Closes: 1070371
Changes:
 ofono (2.14-1) unstable; urgency=medium
 .
   [ Sicelo A. Mhlongo ]
   * New upstream version 2.14. (Closes: #1070371).
     - CVE-2023-4232: Fix stack overflow bug triggered within the
       decode_status_report() function during the SMS decoding.
     - CVE-2023-4235: Fix stack overflow bug triggered within the
       decode_deliver_report() function during the SMS decoding.
     - CVE-2024-7543,
       CVE-2024-7544,
       CVE-2024-7545,
       CVE-2024-7546: Fix flaws within the parsing of STK command PDUs.
       (lack of proper validation of the length of user-supplied data
       prior to copying it to a heap-based buffer)
     - CVE-2024-7547: Fix flaw within the parsing of SMS PDUs
       (lack of proper validation of the length of user-supplied data
       prior to copying it to a stack-based buffer).
   * debian/patches: Add upstream patches 0003-util-ensure-decode_hex_own_buf-is-
       passed-a-valid-buf.patch, 0004-atmodem-sms-ensure-buffer-is-initialized-
       before-use.patch, 0005-ussd-ensure-ussd-content-fits-in-buffers.patch:
     + CVE-2024-7539: Fix flaw within the parsing of responses from AT+CUSD
       commands (lack of proper validation of the length of user-supplied
       data prior to copying it to a stack-based buffer).
     + CVE-2024-7540: Fix flaw within the parsing of responses from AT+CMGL
       commands (lack of proper initialization of memory prior to accessing
       it).
     + CVE-2024-7541: Fix flaw within the parsing of responses from AT+CMT
       commands (lack of proper initialization of memory prior to accessing
       it).
     + CVE-2024-7542: Fix flaw within the parsing of responses from AT+CMGR
       commands (lack of proper initialization of memory prior to accessing
       it).
 .
   [ Mike Gabriel ]
   * debian/copyright:
     + Update copyright attributions.
     + Update auto-generated copyright.in file.
   * debian/changelog:
     + White-space cleanup in previous entries.
Checksums-Sha1:
 349e4590b93d24e146fb5ed7599241e5f062a24c 2466 ofono_2.14-1.dsc
 850015477724288e0ecd2915ee101da2db41c15f 1311452 ofono_2.14.orig.tar.xz
 f9dfb9bcd675b10f078db5267c172e61206e1b97 801 ofono_2.14.orig.tar.xz.asc
 e3e6efb264ebbbc7b14363b12ef72a394e06e410 18696 ofono_2.14-1.debian.tar.xz
 76796b9f1b47f348f2a65969c58b375fffc9deeb 7688 ofono_2.14-1_source.buildinfo
Checksums-Sha256:
 995d70f75755ee97c96c2897a98da1c7124513a89cf07da35789e26eb1bd3592 2466 ofono_2.14-1.dsc
 983cbfd5e1e1a410ba7ad2db7f50fadc91e50b29f1ede40cdc73f941da7ba95f 1311452 ofono_2.14.orig.tar.xz
 8c0de733ea3fa37c88154b00297001cb1a7862ec4d5becd2aeea0af9884c7121 801 ofono_2.14.orig.tar.xz.asc
 1e0018d09abe9a03ad2eaec8aa65eb8dbde2ee764a4fdaa2ed44f4a28c421865 18696 ofono_2.14-1.debian.tar.xz
 064705c43baf5146d594cef670483c27c8027103fdb39ce0f760aa4010a630f7 7688 ofono_2.14-1_source.buildinfo
Files:
 8efb39134c37407c3034007d964d8b52 2466 admin optional ofono_2.14-1.dsc
 7c3d5f18eea9aee630cc6fb347fba684 1311452 admin optional ofono_2.14.orig.tar.xz
 181b5ce6b5b45a262103afff725eeeb3 801 admin optional ofono_2.14.orig.tar.xz.asc
 2268af81ee653ddb3019e25c3a06a143 18696 admin optional ofono_2.14-1.debian.tar.xz
 0ffbf8d431c9b7dc7f63e4621de5016a 7688 admin optional ofono_2.14-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmd69xsVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxTOYP/RQBsdq3vc+H5E5+pHaa01euVgLt
Rc7Jz2wEt788lXj6EwJF4KGMeFYMb/wKrUIKhpGgKQ8NIyTgCILZ2aYT84gDD+Ud
Sa7lx+KVGCek73lawldAEp3uAGoId1eg1AW1VwYG3AP/9bMvq5pxH1/G+z2hqmJZ
liKRma+oTKBvDKrFUL/GjzIXXfpPvfyXzFVFhB/7EQVrmYEmYUUn8Yvelj1bx7Fk
akW8KmN0oGm/AwtHEHH1VJaQFzEevPw8HovOTFVlBSYB8Ivq7FS1z1YUo4SvaZwF
WRvcngseVK/o78NQiqNc8CCGE6yIYj76GLK5HNcE1PxhN1s5Vb20ZriMwWg/dDea
QTHWgFHDzp0uYFCo9vQAhJnsxc1FPOyjbY5hjO+aBLt7haIE/RibNY9kDe3b36Vd
lyenoD+Xbu6GxzGfja5OipukeGZdbszPmI0BEZNlWs4Xu7L/+iTVyMzlW/+Gk/bm
4Qv8ZfdGswox/EwKafcF3QPQe8GIXfx8Y4JjPNBFCrCR0booPzl+3w+25syd46vT
yrOQMU0LbH4cFbW9LsrQ3b1dHhiyUzeEscFQrxbRbxg4RgIOPN53UwZ3Gk0erP9Z
yCavmRDFbz0D0slta0x4w++wV9EnwmLjWbbz/fZTolzVDhnq985weaMwvHGYWnPU
Xt2aI6oVB/DfoNhy
=d8be
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-telepathy-maintainers/attachments/20250105/2f7d5396/attachment.sig>

More information about the Pkg-telepathy-maintainers mailing list