ofono (2.14-1)
[PTS] [DDPO]
OK: VCS matches the version in the archive
- Git: https://salsa.debian.org/telepathy-team/ofono.git
-
- Branch: debian
- Path: debian/changelog
- Repo size: 774144
- Browser: https://salsa.debian.org/telepathy-team/ofono
- Last scan: 2025-03-26 18:47:10+00
- Next scan: 2025-04-03 07:03:00+00
- Merge requests: 2
- Debian changelog in Git:
ofono (2.14-1) unstable; urgency=medium
[ Sicelo A. Mhlongo ]
* New upstream version 2.14. (Closes: #1070371).
- CVE-2023-4232: Fix stack overflow bug triggered within the
decode_status_report() function during the SMS decoding.
- CVE-2023-4235: Fix stack overflow bug triggered within the
decode_deliver_report() function during the SMS decoding.
- CVE-2024-7543,
CVE-2024-7544,
CVE-2024-7545,
CVE-2024-7546: Fix flaws within the parsing of STK command PDUs.
(lack of proper validation of the length of user-supplied data
prior to copying it to a heap-based buffer)
- CVE-2024-7547: Fix flaw within the parsing of SMS PDUs
(lack of proper validation of the length of user-supplied data
prior to copying it to a stack-based buffer).
* debian/patches: Add upstream patches 0003-util-ensure-decode_hex_own_buf-is-
passed-a-valid-buf.patch, 0004-atmodem-sms-ensure-buffer-is-initialized-
before-use.patch, 0005-ussd-ensure-ussd-content-fits-in-buffers.patch:
+ CVE-2024-7539: Fix flaw within the parsing of responses from AT+CUSD
commands (lack of proper validation of the length of user-supplied
data prior to copying it to a stack-based buffer).
+ CVE-2024-7540: Fix flaw within the parsing of responses from AT+CMGL
commands (lack of proper initialization of memory prior to accessing
it).
+ CVE-2024-7541: Fix flaw within the parsing of responses from AT+CMT
commands (lack of proper initialization of memory prior to accessing
it).
+ CVE-2024-7542: Fix flaw within the parsing of responses from AT+CMGR
commands (lack of proper initialization of memory prior to accessing
it).
[ Mike Gabriel ]
* debian/copyright:
+ Update copyright attributions.
+ Update auto-generated copyright.in file.
* debian/changelog:
+ White-space cleanup in previous entries.
-- Mike Gabriel <sunweaver@debian.org> Sun, 05 Jan 2025 13:38:11 +0100
- This branch is even with tag debian/2.14-1