** Information type changed from Private Security to Public Security

You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pulseaudio in Ubuntu.

  Pulseaudio in Ubuntu 16.04 contains a potential double-free bug in
  Bluez 5 module

Status in pulseaudio package in Ubuntu:
  Fix Released

Bug description:
  I've found a potential double-free bug in Ubuntu's SCO-over-PCM patch
  in PA. It creates code paths in pa__init() that will free the modargs
  twice in its failure handler and in pa__done() called from that
  handler. However, I can't find a way to trigger this with the current
  version of the code, as the failure mode of the code is pretty small.

  The way this bug surface is when I tried to fix the "profile" option
  in Pulseaudio for UBports' Ubuntu Touch, where I made it failed if the
  requested profile isn't supported, thus creating a failure mode that
  can trigger this. Side note: are you interested in this patch? The
  profile option in Xenial is currently not working, but I guess nothing
  in Ubuntu uses it.

  I've attached the patch which should fix the bug. I'm not sure if it
  worths SRU or not, so it's up to you.

To manage notifications about this bug go to:

Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to