-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 19 Apr 2026 10:23:22 +0200
Source: libcoap3
Architecture: source
Version: 4.3.4-1.1+deb13u3
Distribution: trixie
Urgency: medium
Maintainer: Debian IoT Maintainers <debian-iot-maintainers@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Closes: 1124407 1134340
Changes:
 libcoap3 (4.3.4-1.1+deb13u3) trixie; urgency=medium
 .
   * CVE-2026-29013 (Closes: #1134340)
     fix out-of-bounds read
   * CVE-2025-34468 (Closes: #1124407)
     fix stack-based buffer overflow
Checksums-Sha1:
 2979f23db91099c1bda99e7de5cd943288e1f351 2421 libcoap3_4.3.4-1.1+deb13u3.dsc
 b013aae51d438d6c79773a324dd6c66bc8fa8614 528071 libcoap3_4.3.4.orig.tar.bz2
 7323763e407158f27101efdf3b23116539237070 14272 libcoap3_4.3.4-1.1+deb13u3.debian.tar.xz
 a9f421287ee4cec56d57e404091188af364adae0 11249 libcoap3_4.3.4-1.1+deb13u3_amd64.buildinfo
Checksums-Sha256:
 621cfbb0acbc343c621c62565d74cbbd12c53d1c839a6cb0acf5fe225a73d7de 2421 libcoap3_4.3.4-1.1+deb13u3.dsc
 a5abadd4b1e9a97c46197451326aa206c035362f0f15e7f4bb8846d7b8fcfb65 528071 libcoap3_4.3.4.orig.tar.bz2
 4c225353780fe616013c67bd65307c08aa0d423111520cbad1f89596b32ba471 14272 libcoap3_4.3.4-1.1+deb13u3.debian.tar.xz
 231182a7bef460bd7a38aa4e110d49a75f3601fe153761c47c2f7a47683ab408 11249 libcoap3_4.3.4-1.1+deb13u3_amd64.buildinfo
Files:
 1520b6a2ec58b919f836db702177aebd 2421 libs optional libcoap3_4.3.4-1.1+deb13u3.dsc
 69a0afa3a2af381a45af7ea379220468 528071 libs optional libcoap3_4.3.4.orig.tar.bz2
 86e0994cbce4e058dcdece3ce54c8d4b 14272 libs optional libcoap3_4.3.4-1.1+deb13u3.debian.tar.xz
 b65ac245cad6a85a64295636249d323e 11249 libs optional libcoap3_4.3.4-1.1+deb13u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmn3ilBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRx8XD/0d/43UlyV4o/1rkOSuUNC6M4XIPybM
YEePzSmEqGJLfcdqpeCWskvBkZNIkA70JOYrP7xqpmxJVhZ28r/L7o2V6pwudeBy
0zTk23N16ELtiYVzdSvfbQ5QgnWob75Ky7E/K5MNQvDI+bsydzWd4lAtxoHDAJqZ
Gk2j0mIGCc1ezEvjSXsRQhN1bk6SBXmNUEtk0x+18xp0yJB/THGHmtCmx7ddS7fK
CJyt/YDZuekM3XvxHRva21pwshA4ipHN5INiQugdkiAJvfziWtBzMAbH88mygWqq
1IQFAkgQTT8VCQr/Lj0gs4uuyapyhOq5XGF/R0CmPLMeTaMCCt5DmHzEt63JTKTf
0ZPiC1NXV22gSS5hHHiZakuJkF5DiB5YZO7GmPltIMtf7rcv9ehcEJe/khyPw0XE
T3AzB5Usnq7UL7+dzYZqQ2OXi1YxIr3Nilg6Q0M8+KbmQjq0k4uYQPk6b+xnzWCB
+erW/Ok/aXUBpwaz+to0KuE52ReUg9I/SbzNr27RM6sdJgvFy0+IZCbJ7EfovuuG
G9jkkgY729+YoBI9oRacTtmPUDegLbhg0CfLch/AXZ6FoIViAiK3yhFanV8b1oZ8
9G2+IbMQa2SrsUOU/voAefZk42anR5j6jpg0s1fvJzGJ6tC3GKifrcMV6XeMdFuQ
WOI7yzwXquobKg==
=ohU8
-----END PGP SIGNATURE-----