Debian Quality Assurance

ofono (2.14-1) [PTS] [DDPO]

OK: VCS matches the version in the archive

• Git: https://salsa.debian.org/telepathy-team/ofono.git
• JSON
  Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
  For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
  The next upload will reset the information from the source package headers.
• Branch: debian
• Path: debian/changelog
• Repo size: 774144
• Browser: https://salsa.debian.org/telepathy-team/ofono
• Last scan: 2025-03-19 20:20:04+00
• Next scan: 2025-03-26 18:47:00+00
• Merge requests: 2
• Debian changelog in Git:

  ofono (2.14-1) unstable; urgency=medium
  
    [ Sicelo A. Mhlongo ]
    * New upstream version 2.14. (Closes: #1070371).
      - CVE-2023-4232: Fix stack overflow bug triggered within the
        decode_status_report() function during the SMS decoding.
      - CVE-2023-4235: Fix stack overflow bug triggered within the
        decode_deliver_report() function during the SMS decoding.
      - CVE-2024-7543,
        CVE-2024-7544,
        CVE-2024-7545,
        CVE-2024-7546: Fix flaws within the parsing of STK command PDUs.
        (lack of proper validation of the length of user-supplied data
        prior to copying it to a heap-based buffer)
      - CVE-2024-7547: Fix flaw within the parsing of SMS PDUs
        (lack of proper validation of the length of user-supplied data
        prior to copying it to a stack-based buffer).
    * debian/patches: Add upstream patches 0003-util-ensure-decode_hex_own_buf-is-
        passed-a-valid-buf.patch, 0004-atmodem-sms-ensure-buffer-is-initialized-
        before-use.patch, 0005-ussd-ensure-ussd-content-fits-in-buffers.patch:
      + CVE-2024-7539: Fix flaw within the parsing of responses from AT+CUSD
        commands (lack of proper validation of the length of user-supplied
        data prior to copying it to a stack-based buffer).
      + CVE-2024-7540: Fix flaw within the parsing of responses from AT+CMGL
        commands (lack of proper initialization of memory prior to accessing
        it).
      + CVE-2024-7541: Fix flaw within the parsing of responses from AT+CMT
        commands (lack of proper initialization of memory prior to accessing
        it).
      + CVE-2024-7542: Fix flaw within the parsing of responses from AT+CMGR
        commands (lack of proper initialization of memory prior to accessing
        it).
  
    [ Mike Gabriel ]
    * debian/copyright:
      + Update copyright attributions.
      + Update auto-generated copyright.in file.
    * debian/changelog:
      + White-space cleanup in previous entries.
  
   -- Mike Gabriel <sunweaver@debian.org>  Sun, 05 Jan 2025 13:38:11 +0100

• This branch is even with tag debian/2.14-1

Package: JSON [Main page]

---

Back to the Debian Project homepage.

---