[Touch-packages] [Bug 1926548] Re: The gatt protocol has out-of-bounds read that leads to information leakage

2021-07-01 Thread Daniel van Vugt
bluez (5.53-0ubuntu3.2) focal-security; urgency=medium * SECURITY UPDATE: secure pairing passkey brute force - debian/patches/CVE-2020-26558.patch: fix not properly checking for secure flags in src/shared/att-types.h, src/shared/gatt-server.c. - CVE-2020-26558 * SECURITY UPDATE:

[Touch-packages] [Bug 1926548] Re: The gatt protocol has out-of-bounds read that leads to information leakage

2021-07-01 Thread Daniel van Vugt
bluez (5.55-0ubuntu1.2) groovy-security; urgency=medium * SECURITY UPDATE: secure pairing passkey brute force - debian/patches/CVE-2020-26558.patch: fix not properly checking for secure flags in src/shared/att-types.h, src/shared/gatt-server.c. - CVE-2020-26558 * SECURITY

[Touch-packages] [Bug 1926548] Re: The gatt protocol has out-of-bounds read that leads to information leakage

2021-06-09 Thread Seth Arnold
Wonderful, thanks Daniel! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bluez in Ubuntu. https://bugs.launchpad.net/bugs/1926548 Title: The gatt protocol has out-of-bounds read that leads to information leakage Status

[Touch-packages] [Bug 1926548] Re: The gatt protocol has out-of-bounds read that leads to information leakage

2021-06-09 Thread Daniel van Vugt
(checks again) Yes, fixed in 5.56 looks right. commit 3a40bef49305f8327635b81ac8be52a3ca063d5a Author: Luiz Augusto von Dentz AuthorDate: Mon Jan 4 10:38:31 2021 -0800 Commit: Luiz Augusto von Dentz CommitDate: Tue Jan 5 10:41:27 2021 -0800 landed on master before the next tag, which

[Touch-packages] [Bug 1926548] Re: The gatt protocol has out-of-bounds read that leads to information leakage

2021-06-09 Thread Seth Arnold
Daniel, are you sure about that fixed-in-5.56 bug tag? I can't spot the referenced commit in the tarballs 5.55, 5.56, 5.57, 5.58 from: http://www.bluez.org/ nor in the github sources: https://github.com/bluez/bluez/blob/master/src/gatt-database.c#L1054 nor the kernel.org sources:

[Touch-packages] [Bug 1926548] Re: The gatt protocol has out-of-bounds read that leads to information leakage

2021-06-09 Thread Bug Watch Updater
** Changed in: bluez Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bluez in Ubuntu. https://bugs.launchpad.net/bugs/1926548 Title: The gatt protocol has out-of-bounds read that

[Touch-packages] [Bug 1926548] Re: The gatt protocol has out-of-bounds read that leads to information leakage

2021-06-08 Thread Daniel van Vugt
** Also affects: bluez via https://github.com/bluez/bluez/issues/70 Importance: Unknown Status: Unknown ** Tags added: fixed-in-5.56 fixed-upstream ** Also affects: bluez (Ubuntu Hirsute) Importance: Undecided Status: New ** Also affects: bluez (Ubuntu Impish)

[Touch-packages] [Bug 1926548] Re: The gatt protocol has out-of-bounds read that leads to information leakage

2021-06-08 Thread Seth Arnold
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bluez in Ubuntu. https://bugs.launchpad.net/bugs/1926548 Title: The gatt protocol has out-of-bounds read