[ubuntu/xenial-updates] bluez 5.37-0ubuntu5.3 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Mar 30 18:34:06 UTC 2020
bluez (5.37-0ubuntu5.3) xenial-security; urgency=medium
* SECURITY UPDATE: buffer overflow in parse_line function
- debian/patches/CVE-2016-7837.patch: make sure we don't write past the
end of the array in tools/csr.c.
- CVE-2016-7837
* SECURITY UPDATE: privilege escalation via improper access control
- debian/patches/CVE-2020-0556-pre1.patch: use .accept and .disconnect
instead of attio in profiles/input/hog.c, src/device.c, src/device.h.
- debian/patches/CVE-2020-0556-1.patch: HOGP must only accept data from
bonded devices in profiles/input/hog.c.
- debian/patches/CVE-2020-0556-2.patch: HID accepts bonded device
connections only in profiles/input/device.c, profiles/input/device.h,
profiles/input/input.conf, profiles/input/manager.c.
- debian/patches/CVE-2020-0556-3.patch: attempt to set security level
if not bonded in profiles/input/hog.c.
- debian/patches/CVE-2020-0556-4.patch: add LEAutoSecurity setting to
input.conf in profiles/input/device.h, profiles/input/hog.c,
profiles/input/input.conf, profiles/input/manager.c.
- CVE-2020-0556
Date: 2020-03-30 17:10:51.010196+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/bluez/5.37-0ubuntu5.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list