bluez (5.53-0ubuntu3.2) focal-security; urgency=medium
* SECURITY UPDATE: secure pairing passkey brute force
- debian/patches/CVE-2020-26558.patch: fix not properly checking for
secure flags in src/shared/att-types.h, src/shared/gatt-server.c.
- CVE-2020-26558
* SECURITY UPDATE:
bluez (5.55-0ubuntu1.2) groovy-security; urgency=medium
* SECURITY UPDATE: secure pairing passkey brute force
- debian/patches/CVE-2020-26558.patch: fix not properly checking for
secure flags in src/shared/att-types.h, src/shared/gatt-server.c.
- CVE-2020-26558
* SECURITY
Wonderful, thanks Daniel!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bluez in Ubuntu.
https://bugs.launchpad.net/bugs/1926548
Title:
The gatt protocol has out-of-bounds read that leads to information
leakage
Status
(checks again) Yes, fixed in 5.56 looks right.
commit 3a40bef49305f8327635b81ac8be52a3ca063d5a
Author: Luiz Augusto von Dentz
AuthorDate: Mon Jan 4 10:38:31 2021 -0800
Commit: Luiz Augusto von Dentz
CommitDate: Tue Jan 5 10:41:27 2021 -0800
landed on master before the next tag, which
Daniel, are you sure about that fixed-in-5.56 bug tag? I can't spot the
referenced commit in the tarballs 5.55, 5.56, 5.57, 5.58 from:
http://www.bluez.org/
nor in the github sources:
https://github.com/bluez/bluez/blob/master/src/gatt-database.c#L1054
nor the kernel.org sources:
** Changed in: bluez
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bluez in Ubuntu.
https://bugs.launchpad.net/bugs/1926548
Title:
The gatt protocol has out-of-bounds read that
** Also affects: bluez via
https://github.com/bluez/bluez/issues/70
Importance: Unknown
Status: Unknown
** Tags added: fixed-in-5.56 fixed-upstream
** Also affects: bluez (Ubuntu Hirsute)
Importance: Undecided
Status: New
** Also affects: bluez (Ubuntu Impish)
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bluez in Ubuntu.
https://bugs.launchpad.net/bugs/1926548
Title:
The gatt protocol has out-of-bounds read
8 matches
Mail list logo