Security update tracking bug

Bug #1977968 reported by Marc Deslauriers
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bluez (Ubuntu)
Fix Released
Undecided
Unassigned
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bluez - 5.53-0ubuntu3.6

---------------
bluez (5.53-0ubuntu3.6) focal-security; urgency=medium

  * SECURITY UPDATE: various security improvements (LP: #1977968)
    - debian/patches/avdtp-security.patch: check if capabilities are valid
      before attempting to copy them in profiles/audio/avdtp.c.
    - debian/patches/avdtp-security-2.patch: fix size comparison and
      variable misassignment in profiles/audio/avdtp.c.
    - debian/patches/avrcp-security.patch: make sure the number of bytes in
      the params_len matches the remaining bytes received so the code don't
      end up accessing invalid memory in profiles/audio/avrcp.c.
    - No CVE numbers

 -- Marc Deslauriers <email address hidden> Wed, 08 Jun 2022 07:09:00 -0400

Changed in bluez (Ubuntu):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bluez - 5.48-0ubuntu3.9

---------------
bluez (5.48-0ubuntu3.9) bionic-security; urgency=medium

  * SECURITY UPDATE: various security improvements (LP: #1977968)
    - debian/patches/avdtp-security.patch: check if capabilities are valid
      before attempting to copy them in profiles/audio/avdtp.c.
    - debian/patches/avdtp-security-2.patch: fix size comparison and
      variable misassignment in profiles/audio/avdtp.c.
    - debian/patches/avrcp-security.patch: make sure the number of bytes in
      the params_len matches the remaining bytes received so the code don't
      end up accessing invalid memory in profiles/audio/avrcp.c.
    - No CVE numbers

 -- Marc Deslauriers <email address hidden> Wed, 08 Jun 2022 07:19:20 -0400

Changed in bluez (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers