Version in base suite: 25.02-1 Base version: rtl-433_25.02-1 Target version: rtl-433_25.02-1+deb13u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/r/rtl-433/rtl-433_25.02-1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/r/rtl-433/rtl-433_25.02-1+deb13u1.dsc changelog | 8 ++ patches/0001-Fix-overflow-in-rfraw-test-data-parsing-closes-3375.patch | 31 ++++++++++ patches/series | 1 3 files changed, 40 insertions(+) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp9mjenkm8/rtl-433_25.02-1.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp9mjenkm8/rtl-433_25.02-1+deb13u1.dsc: no acceptable signature found diff -Nru rtl-433-25.02/debian/changelog rtl-433-25.02/debian/changelog --- rtl-433-25.02/debian/changelog 2025-02-19 16:52:07.000000000 +0000 +++ rtl-433-25.02/debian/changelog 2026-06-30 18:51:39.000000000 +0000 @@ -1,3 +1,11 @@ +rtl-433 (25.02-1+deb13u1) trixie; urgency=medium + + * Non-maintainer upload. + * CVE-2025-34450: Buffer overflow in parse_rfraw() + (Closes: #1126178) + + -- Adrian Bunk Tue, 30 Jun 2026 21:51:39 +0300 + rtl-433 (25.02-1) unstable; urgency=medium * New upstream version. diff -Nru rtl-433-25.02/debian/patches/0001-Fix-overflow-in-rfraw-test-data-parsing-closes-3375.patch rtl-433-25.02/debian/patches/0001-Fix-overflow-in-rfraw-test-data-parsing-closes-3375.patch --- rtl-433-25.02/debian/patches/0001-Fix-overflow-in-rfraw-test-data-parsing-closes-3375.patch 1970-01-01 00:00:00.000000000 +0000 +++ rtl-433-25.02/debian/patches/0001-Fix-overflow-in-rfraw-test-data-parsing-closes-3375.patch 2026-06-30 18:50:58.000000000 +0000 @@ -0,0 +1,31 @@ +From b27bd050d6c74c900e9471338c63bcd96b5c1b08 Mon Sep 17 00:00:00 2001 +From: "Christian W. Zuckschwerdt" +Date: Wed, 8 Oct 2025 10:11:15 +0200 +Subject: Fix overflow in rfraw test data parsing (closes #3375) + +--- + src/rfraw.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/rfraw.c b/src/rfraw.c +index 9f4c9780..71a1c365 100644 +--- a/src/rfraw.c ++++ b/src/rfraw.c +@@ -159,9 +159,14 @@ static bool parse_rfraw(pulse_data_t *data, char const **p) + data->num_pulses++; + pulse_needed = true; + } ++ // abort reading if the pulse data array is full ++ if (data->num_pulses >= PD_MAX_PULSES) { ++ break; ++ } + } + //data->gap[data->num_pulses - 1] = 3000; // TODO: extend last gap? + ++ // expand reapeats as long as the pulse data array has enough space + unsigned pkt_pulses = data->num_pulses - prev_pulses; + for (int i = 1; i < repeats && data->num_pulses + pkt_pulses <= PD_MAX_PULSES; ++i) { + memcpy(&data->pulse[data->num_pulses], &data->pulse[prev_pulses], pkt_pulses * sizeof (*data->pulse)); +-- +2.47.3 + diff -Nru rtl-433-25.02/debian/patches/series rtl-433-25.02/debian/patches/series --- rtl-433-25.02/debian/patches/series 2020-02-17 13:05:28.000000000 +0000 +++ rtl-433-25.02/debian/patches/series 2026-06-30 18:51:30.000000000 +0000 @@ -1 +1,2 @@ cmake +0001-Fix-overflow-in-rfraw-test-data-parsing-closes-3375.patch