[Touch-packages] [Bug 1977968] Re: Security update tracking bug
This bug was fixed in the package bluez - 5.48-0ubuntu3.9 --- bluez (5.48-0ubuntu3.9) bionic-security; urgency=medium * SECURITY UPDATE: various security improvements (LP: #1977968) - debian/patches/avdtp-security.patch: check if capabilities are valid before attempting to copy them in profiles/audio/avdtp.c. - debian/patches/avdtp-security-2.patch: fix size comparison and variable misassignment in profiles/audio/avdtp.c. - debian/patches/avrcp-security.patch: make sure the number of bytes in the params_len matches the remaining bytes received so the code don't end up accessing invalid memory in profiles/audio/avrcp.c. - No CVE numbers -- Marc Deslauriers Wed, 08 Jun 2022 07:19:20 -0400 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bluez in Ubuntu. https://bugs.launchpad.net/bugs/1977968 Title: Security update tracking bug Status in bluez package in Ubuntu: Fix Released Bug description: This bug is to track the security update that will contain these possibly security-relevant commits: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e2b0f0d8d63e1223bb714a9efb37e2257818268b https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=7a80d2096f1b7125085e21448112aa02f49f5e9a To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1977968] Re: Security update tracking bug
This bug was fixed in the package bluez - 5.53-0ubuntu3.6 --- bluez (5.53-0ubuntu3.6) focal-security; urgency=medium * SECURITY UPDATE: various security improvements (LP: #1977968) - debian/patches/avdtp-security.patch: check if capabilities are valid before attempting to copy them in profiles/audio/avdtp.c. - debian/patches/avdtp-security-2.patch: fix size comparison and variable misassignment in profiles/audio/avdtp.c. - debian/patches/avrcp-security.patch: make sure the number of bytes in the params_len matches the remaining bytes received so the code don't end up accessing invalid memory in profiles/audio/avrcp.c. - No CVE numbers -- Marc Deslauriers Wed, 08 Jun 2022 07:09:00 -0400 ** Changed in: bluez (Ubuntu) Status: New => Fix Released ** Changed in: bluez (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bluez in Ubuntu. https://bugs.launchpad.net/bugs/1977968 Title: Security update tracking bug Status in bluez package in Ubuntu: Fix Released Bug description: This bug is to track the security update that will contain these possibly security-relevant commits: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e2b0f0d8d63e1223bb714a9efb37e2257818268b https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=7a80d2096f1b7125085e21448112aa02f49f5e9a To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1977968] Re: Security update tracking bug
This is also required: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/audio/avdtp.c?id=0388794dc5fdb73a4ea88bcf148de0a12b4364d4 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bluez in Ubuntu. https://bugs.launchpad.net/bugs/1977968 Title: Security update tracking bug Status in bluez package in Ubuntu: New Bug description: This bug is to track the security update that will contain these possibly security-relevant commits: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e2b0f0d8d63e1223bb714a9efb37e2257818268b https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=7a80d2096f1b7125085e21448112aa02f49f5e9a To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
