[ubuntu/groovy-security] bluez 5.55-0ubuntu1.2 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Wed Jun 16 12:08:37 UTC 2021


bluez (5.55-0ubuntu1.2) groovy-security; urgency=medium

  * SECURITY UPDATE: secure pairing passkey brute force
    - debian/patches/CVE-2020-26558.patch: fix not properly checking for
      secure flags in src/shared/att-types.h, src/shared/gatt-server.c.
    - CVE-2020-26558
  * SECURITY UPDATE: info disclosure via out of bounds read
    - debian/patches/CVE-2021-3588.patch: when client features is read
      check if the offset is within the cli_feat bounds in
      src/gatt-database.c.
    - CVE-2021-3588

Date: 2021-06-09 15:42:09.828740+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Maintainer: Bluetooth <ubuntu-bluetooth at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/bluez/5.55-0ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the Groovy-changes mailing list