[ubuntu/plucky-proposed] ofono 2.14-1ubuntu1 (Accepted)

Gianfranco Costamagna locutusofborg at debian.org
Wed Feb 26 17:25:17 UTC 2025 

ofono (2.14-1ubuntu1) plucky; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Remove ofono and ofono-dundee init scripts.
    - Install ofono postinst script.
    - Install apport hook.
  * Dropped changes, obsolete:
    - Configure with --enable-android-wakelock:
      - dropped upstream in 1.21.
    - Enable parallel builds:
      - default in compat level 13.
    - Build-depend on libc-ares-dev
      - dropped in 1.21.
    - Build-depend on libsystemd-dev:
      - merged in Debian
    - Use the upstream systemd unit instead of an Ubuntu-specific one.
      - already done in 1.31-2ubuntu1

ofono (2.14-1) unstable; urgency=medium

  [ Sicelo A. Mhlongo ]
  * New upstream version 2.14. (Closes: #1070371).
    - CVE-2023-4232: Fix stack overflow bug triggered within the
      decode_status_report() function during the SMS decoding.
    - CVE-2023-4235: Fix stack overflow bug triggered within the
      decode_deliver_report() function during the SMS decoding.
    - CVE-2024-7543,
      CVE-2024-7544,
      CVE-2024-7545,
      CVE-2024-7546: Fix flaws within the parsing of STK command PDUs.
      (lack of proper validation of the length of user-supplied data
      prior to copying it to a heap-based buffer)
    - CVE-2024-7547: Fix flaw within the parsing of SMS PDUs
      (lack of proper validation of the length of user-supplied data
      prior to copying it to a stack-based buffer).
  * debian/patches: Add upstream patches 0003-util-ensure-decode_hex_own_buf-is-
      passed-a-valid-buf.patch, 0004-atmodem-sms-ensure-buffer-is-initialized-
      before-use.patch, 0005-ussd-ensure-ussd-content-fits-in-buffers.patch:
    + CVE-2024-7539: Fix flaw within the parsing of responses from AT+CUSD
      commands (lack of proper validation of the length of user-supplied
      data prior to copying it to a stack-based buffer).
    + CVE-2024-7540: Fix flaw within the parsing of responses from AT+CMGL
      commands (lack of proper initialization of memory prior to accessing
      it).
    + CVE-2024-7541: Fix flaw within the parsing of responses from AT+CMT
      commands (lack of proper initialization of memory prior to accessing
      it).
    + CVE-2024-7542: Fix flaw within the parsing of responses from AT+CMGR
      commands (lack of proper initialization of memory prior to accessing
      it).

  [ Mike Gabriel ]
  * debian/copyright:
    + Update copyright attributions.
    + Update auto-generated copyright.in file.
  * debian/changelog:
    + White-space cleanup in previous entries.

ofono (2.12-1) unstable; urgency=medium

  * New upstream release.
  * debian/copyright:
    + Use recent FSF address.

ofono (2.11-1) unstable; urgency=medium

  * New upstream release.

ofono (2.10-1) unstable; urgency=medium

  [ Sicelo A. Mhlongo ]
  * New upstream version 2.10. (Closes: #995669)
  * d/patches: drop no longer needed patches for CVE-2023-2794.
  * drop support for mobile-broadband-provider-info.
  * d/control: use correct dbus dependency. (Closes: #955850)
  * comply with usrmerge requirements. (Closes: #1073646)
  * d/control: drop deprecated lsb-base dependency.

  [ Mike Gabriel ]
  * debian/copyright:
    + Add auto-generated copyright.in file for later tracking of copyright
      changes.
    + Rewrite file entirely.

ofono (1.31-4) unstable; urgency=medium

  * debian/control:
    + Bump Standards-Version to 4.7.0. No changes needed.
    + Add myself to Uploaders:.
  * debian/control:
    + Add to B-D: systemd-dev [linux-any]. (Closes: #1060578).
  * CVE-2023-2794, debian/patches:
    + Add CVE-2023-2794_p{1,2,3,4}.patch. Fix SMS decoder stack-based buffer
      overflow (remote code execution vulnerability within the decode_deliver()
      function). (Closes: #1069679).

Date: Wed, 26 Feb 2025 18:13:04 +0100
Changed-By: Gianfranco Costamagna <locutusofborg at debian.org>
Maintainer: Debian Telepathy maintainers <pkg-telepathy-maintainers at lists.alioth.debian.org>
https://launchpad.net/ubuntu/+source/ofono/2.14-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 26 Feb 2025 18:13:04 +0100
Source: ofono
Built-For-Profiles: noudeb
Architecture: source
Version: 2.14-1ubuntu1
Distribution: plucky
Urgency: medium
Maintainer: Debian Telepathy maintainers <pkg-telepathy-maintainers at lists.alioth.debian.org>
Changed-By: Gianfranco Costamagna <locutusofborg at debian.org>
Closes: 955850 995669 1060578 1069679 1070371 1073646
Changes:
 ofono (2.14-1ubuntu1) plucky; urgency=low
 .
   * Merge from Debian unstable. Remaining changes:
     - Remove ofono and ofono-dundee init scripts.
     - Install ofono postinst script.
     - Install apport hook.
   * Dropped changes, obsolete:
     - Configure with --enable-android-wakelock:
       - dropped upstream in 1.21.
     - Enable parallel builds:
       - default in compat level 13.
     - Build-depend on libc-ares-dev
       - dropped in 1.21.
     - Build-depend on libsystemd-dev:
       - merged in Debian
     - Use the upstream systemd unit instead of an Ubuntu-specific one.
       - already done in 1.31-2ubuntu1
 .
 ofono (2.14-1) unstable; urgency=medium
 .
   [ Sicelo A. Mhlongo ]
   * New upstream version 2.14. (Closes: #1070371).
     - CVE-2023-4232: Fix stack overflow bug triggered within the
       decode_status_report() function during the SMS decoding.
     - CVE-2023-4235: Fix stack overflow bug triggered within the
       decode_deliver_report() function during the SMS decoding.
     - CVE-2024-7543,
       CVE-2024-7544,
       CVE-2024-7545,
       CVE-2024-7546: Fix flaws within the parsing of STK command PDUs.
       (lack of proper validation of the length of user-supplied data
       prior to copying it to a heap-based buffer)
     - CVE-2024-7547: Fix flaw within the parsing of SMS PDUs
       (lack of proper validation of the length of user-supplied data
       prior to copying it to a stack-based buffer).
   * debian/patches: Add upstream patches 0003-util-ensure-decode_hex_own_buf-is-
       passed-a-valid-buf.patch, 0004-atmodem-sms-ensure-buffer-is-initialized-
       before-use.patch, 0005-ussd-ensure-ussd-content-fits-in-buffers.patch:
     + CVE-2024-7539: Fix flaw within the parsing of responses from AT+CUSD
       commands (lack of proper validation of the length of user-supplied
       data prior to copying it to a stack-based buffer).
     + CVE-2024-7540: Fix flaw within the parsing of responses from AT+CMGL
       commands (lack of proper initialization of memory prior to accessing
       it).
     + CVE-2024-7541: Fix flaw within the parsing of responses from AT+CMT
       commands (lack of proper initialization of memory prior to accessing
       it).
     + CVE-2024-7542: Fix flaw within the parsing of responses from AT+CMGR
       commands (lack of proper initialization of memory prior to accessing
       it).
 .
   [ Mike Gabriel ]
   * debian/copyright:
     + Update copyright attributions.
     + Update auto-generated copyright.in file.
   * debian/changelog:
     + White-space cleanup in previous entries.
 .
 ofono (2.12-1) unstable; urgency=medium
 .
   * New upstream release.
   * debian/copyright:
     + Use recent FSF address.
 .
 ofono (2.11-1) unstable; urgency=medium
 .
   * New upstream release.
 .
 ofono (2.10-1) unstable; urgency=medium
 .
   [ Sicelo A. Mhlongo ]
   * New upstream version 2.10. (Closes: #995669)
   * d/patches: drop no longer needed patches for CVE-2023-2794.
   * drop support for mobile-broadband-provider-info.
   * d/control: use correct dbus dependency. (Closes: #955850)
   * comply with usrmerge requirements. (Closes: #1073646)
   * d/control: drop deprecated lsb-base dependency.
 .
   [ Mike Gabriel ]
   * debian/copyright:
     + Add auto-generated copyright.in file for later tracking of copyright
       changes.
     + Rewrite file entirely.
 .
 ofono (1.31-4) unstable; urgency=medium
 .
   * debian/control:
     + Bump Standards-Version to 4.7.0. No changes needed.
     + Add myself to Uploaders:.
   * debian/control:
     + Add to B-D: systemd-dev [linux-any]. (Closes: #1060578).
   * CVE-2023-2794, debian/patches:
     + Add CVE-2023-2794_p{1,2,3,4}.patch. Fix SMS decoder stack-based buffer
       overflow (remote code execution vulnerability within the decode_deliver()
       function). (Closes: #1069679).
Checksums-Sha1:
 5af97a04a3dd51d381e0659b7d838d2acb804fd9 2465 ofono_2.14-1ubuntu1.dsc
 850015477724288e0ecd2915ee101da2db41c15f 1311452 ofono_2.14.orig.tar.xz
 f9dfb9bcd675b10f078db5267c172e61206e1b97 801 ofono_2.14.orig.tar.xz.asc
 c290de5e4468a926fcfcb5176847fa21e99d6176 30564 ofono_2.14-1ubuntu1.debian.tar.xz
 baf229ac68cb3d77640b97faae8dabd279ada52f 9152 ofono_2.14-1ubuntu1_source.buildinfo
Checksums-Sha256:
 5d25f3353e4c98c01fbaa27c7a318de929f09916fe2318bb703f2cd4170c8ad0 2465 ofono_2.14-1ubuntu1.dsc
 983cbfd5e1e1a410ba7ad2db7f50fadc91e50b29f1ede40cdc73f941da7ba95f 1311452 ofono_2.14.orig.tar.xz
 8c0de733ea3fa37c88154b00297001cb1a7862ec4d5becd2aeea0af9884c7121 801 ofono_2.14.orig.tar.xz.asc
 32eaea1ac341050dcc6801ecc542d65c3fc447f0566a7114ab5ac892725ee79f 30564 ofono_2.14-1ubuntu1.debian.tar.xz
 80f1a2fa31f39baab1d1f07d8c80a22cb16c3630d27926f64f5929bf5f2d1a81 9152 ofono_2.14-1ubuntu1_source.buildinfo
Files:
 b82a16f75e7185c5c8ead3647ee02e0a 2465 admin optional ofono_2.14-1ubuntu1.dsc
 7c3d5f18eea9aee630cc6fb347fba684 1311452 admin optional ofono_2.14.orig.tar.xz
 181b5ce6b5b45a262103afff725eeeb3 801 admin optional ofono_2.14.orig.tar.xz.asc
 2bdae728f5810e751d0fce8562233a9f 30564 admin optional ofono_2.14-1ubuntu1.debian.tar.xz
 8639fab68bbd68ebc922854386500209 9152 admin optional ofono_2.14-1ubuntu1_source.buildinfo

More information about the plucky-changes mailing list