Ubuntu
bluez package

Security update tracking bug

Bug #1977968 reported by Marc Deslauriers
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bluez (Ubuntu)
Fix Released
Undecided
Unassigned
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

This is also required:

https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/audio/avdtp.c?id=0388794dc5fdb73a4ea88bcf148de0a12b4364d4

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bluez - 5.53-0ubuntu3.6

---------------
bluez (5.53-0ubuntu3.6) focal-security; urgency=medium

  * SECURITY UPDATE: various security improvements (LP: #1977968)
    - debian/patches/avdtp-security.patch: check if capabilities are valid
      before attempting to copy them in profiles/audio/avdtp.c.
    - debian/patches/avdtp-security-2.patch: fix size comparison and
      variable misassignment in profiles/audio/avdtp.c.
    - debian/patches/avrcp-security.patch: make sure the number of bytes in
      the params_len matches the remaining bytes received so the code don't
      end up accessing invalid memory in profiles/audio/avrcp.c.
    - No CVE numbers

 -- Marc Deslauriers <email address hidden> Wed, 08 Jun 2022 07:09:00 -0400

Changed in bluez (Ubuntu):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bluez - 5.48-0ubuntu3.9

---------------
bluez (5.48-0ubuntu3.9) bionic-security; urgency=medium

  * SECURITY UPDATE: various security improvements (LP: #1977968)
    - debian/patches/avdtp-security.patch: check if capabilities are valid
      before attempting to copy them in profiles/audio/avdtp.c.
    - debian/patches/avdtp-security-2.patch: fix size comparison and
      variable misassignment in profiles/audio/avdtp.c.
    - debian/patches/avrcp-security.patch: make sure the number of bytes in
      the params_len matches the remaining bytes received so the code don't
      end up accessing invalid memory in profiles/audio/avrcp.c.
    - No CVE numbers

 -- Marc Deslauriers <email address hidden> Wed, 08 Jun 2022 07:19:20 -0400

Changed in bluez (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.