* SECURITY UPDATE: secure pairing passkey brute force
- debian/patches/CVE-2020-26558.patch: fix not properly checking for
secure flags in src/shared/att-types.h, src/shared/gatt-server.c.
- CVE-2020-26558
* SECURITY UPDATE: DoS or code execution via double-free
- debian/patches/CVE-2020-27153.patch: fix possible crash on disconnect
in src/shared/att.c.
- CVE-2020-27153
* SECURITY UPDATE: info disclosure via out of bounds read
- debian/patches/CVE-2021-3588.patch: when client features is read
check if the offset is within the cli_feat bounds in
src/gatt-database.c.
- CVE-2021-3588
-- Marc Deslauriers <email address hidden> Wed, 09 Jun 2021 11:06:38 -0400
bluez (5.53-0ubuntu3.2) focal-security; urgency=medium
* SECURITY UPDATE: secure pairing passkey brute force patches/ CVE-2020- 26558.patch: fix not properly checking for att-types. h, src/shared/ gatt-server. c. patches/ CVE-2020- 27153.patch: fix possible crash on disconnect patches/ CVE-2021- 3588.patch: when client features is read gatt-database. c.
- debian/
secure flags in src/shared/
- CVE-2020-26558
* SECURITY UPDATE: DoS or code execution via double-free
- debian/
in src/shared/att.c.
- CVE-2020-27153
* SECURITY UPDATE: info disclosure via out of bounds read
- debian/
check if the offset is within the cli_feat bounds in
src/
- CVE-2021-3588
-- Marc Deslauriers <email address hidden> Wed, 09 Jun 2021 11:06:38 -0400