From ${URL} : A denial of service flaw was found in the way AIS driver packet parser of gpsd, a service daemon for mediating access to a GPS, processed certain malformed packets. A remote attacker could provide a specially-crafted device input that, when processed would lead to gpsd's packet parser crash (gpsd daemon termination). References: [1] http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html Candidate upstream patches [*]: [2] http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=08edc49d8f63c75bfdfb480b083b0d960310f94f [3] http://git.savannah.gnu.org/cgit/gpsd.git/commit/?id=dd9c3c2830cb8f8fd8491ce68c82698dc5538f50 -- [*] Candidate because they haven't been confirmed by GPSD upstream (yet) to be the correct ones to fix this problem. @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not
Appears to have been fixed as of 3.9, maintainers please ack a stable of 3.9
Whoops, didn't read that closely enough. Maintainer timeout. Arches, please test and stabilize =sci-geosciences/gpsd, target arches: amd64 arm ppc ppc64 x86. Thanks!
amd64 stable
x86 stable
arm stable
ppc64 stable
ppc stable
Thanks for your work GLSA vote: no
GLSA vote: no. Closing as [noglsa]
