[ubuntu/focal-updates] bluez 5.53-0ubuntu3.4 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Tue Nov 23 19:28:23 UTC 2021

bluez (5.53-0ubuntu3.4) focal-security; urgency=medium

  * SECURITY UPDATE: incorrect discoverable status
    - debian/patches/CVE-2021-3658.patch: fix storing discoverable setting
      in src/adapter.c.
    - CVE-2021-3658
  * SECURITY UPDATE: DoS via memory leak in sdp_cstate_alloc_buf
    - debian/patches/CVE-2021-41229.patch: fix leaking buffers stored in
      cstates cache in src/sdpd-request.c, src/sdpd-server.c, src/sdpd.h,
    - CVE-2021-41229
  * SECURITY UPDATE: use-after-free when client disconnects
    - debian/patches/CVE-2021-43400-pre1.patch: fix Acquire* reply handling
      in src/gatt-database.c.
    - debian/patches/CVE-2021-43400-pre2.patch: no multiple calls to
      AcquireWrite in src/gatt-database.c.
    - debian/patches/CVE-2021-43400.patch: fix not cleaning up when
      disconnected in src/gatt-database.c.
    - CVE-2021-43400

Date: 2021-11-17 18:37:09.892490+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Maintainer: Bluetooth <ubuntu-bluetooth at lists.ubuntu.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list