Source: gpsd Version: 3.17-5 Severity: grave Tags: security upstream Control: found -1 3.16-4 Control: fixed -1 3.18.1-1
Hi, The following vulnerability was published for gpsd, not competely sure on severity and on if the referenced upstream commit is enough. Ideally though the fix seems ideal to go to buster. CVE-2018-17937[0]: | gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open | source project, allow a stack-based buffer overflow, which may allow | remote attackers to execute arbitrary code on embedded platforms via | traffic on Port 2947/TCP or crafted JSON inputs. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-17937 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17937 Regards, Salvatore
