bluez 5.37-0ubuntu5.3 source package in Ubuntu

Changelog

bluez (5.37-0ubuntu5.3) xenial-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in parse_line function
    - debian/patches/CVE-2016-7837.patch: make sure we don't write past the
      end of the array in tools/csr.c.
    - CVE-2016-7837
  * SECURITY UPDATE: privilege escalation via improper access control
    - debian/patches/CVE-2020-0556-pre1.patch: use .accept and .disconnect
      instead of attio in profiles/input/hog.c, src/device.c, src/device.h.
    - debian/patches/CVE-2020-0556-1.patch: HOGP must only accept data from
      bonded devices in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-2.patch: HID accepts bonded device
      connections only in profiles/input/device.c, profiles/input/device.h,
      profiles/input/input.conf, profiles/input/manager.c.
    - debian/patches/CVE-2020-0556-3.patch: attempt to set security level
      if not bonded in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-4.patch: add LEAutoSecurity setting to
      input.conf in profiles/input/device.h, profiles/input/hog.c,
      profiles/input/input.conf, profiles/input/manager.c.
    - CVE-2020-0556

 -- Marc Deslauriers <email address hidden>  Mon, 23 Mar 2020 08:39:08 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2020-03-30
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
linux-any all
Section:
admin
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Xenial updates on 2020-03-30 main admin
Xenial security on 2020-03-30 main admin

Downloads

File Size SHA-256 Checksum
bluez_5.37.orig.tar.xz 1.6 MiB c14ba9ddcb0055522073477b8fd8bf1ddf5d219e75fdfd4699b7e0ce5350d6b0
bluez_5.37-0ubuntu5.3.debian.tar.xz 42.4 KiB dd9f8d853bb1568bf7312747b948f6152384a953c43c03573f11c64f0127fd1e
bluez_5.37-0ubuntu5.3.dsc 2.7 KiB d8ea17a3df02a2c30874ede33eed17faab1263e43d10abb74a773e6a5df829c3

View changes file

Binary packages built by this source

bluetooth: Bluetooth support

 This package provides all of the different plugins supported
 by the Bluez bluetooth stack.

bluez: Bluetooth tools and daemons

 This package contains tools and system daemons for using Bluetooth devices.
 .
 BlueZ is the official Linux Bluetooth protocol stack. It is an Open Source
 project distributed under GNU General Public License (GPL).

bluez-cups: Bluetooth printer driver for CUPS

 This package contains a driver to let CUPS print to Bluetooth-connected
 printers.
 .
 BlueZ is the official Linux Bluetooth protocol stack. It is an Open Source
 project distributed under GNU General Public License (GPL).

bluez-cups-dbgsym: debug symbols for package bluez-cups

 This package contains a driver to let CUPS print to Bluetooth-connected
 printers.
 .
 BlueZ is the official Linux Bluetooth protocol stack. It is an Open Source
 project distributed under GNU General Public License (GPL).

bluez-dbg: Bluetooth tools and daemons (with debugging symbols)

 This package contains tools and system daemons for using Bluetooth devices.
 .
 BlueZ is the official Linux Bluetooth protocol stack. It is an Open Source
 project distributed under GNU General Public License (GPL).
 .
 This package contains the debugging symbols.

bluez-dbgsym: debug symbols for package bluez

 This package contains tools and system daemons for using Bluetooth devices.
 .
 BlueZ is the official Linux Bluetooth protocol stack. It is an Open Source
 project distributed under GNU General Public License (GPL).

bluez-hcidump: Analyses Bluetooth HCI packets

 The hcidump utility allows the monitoring of Bluetooth activity.
 It provides a disassembly of the Bluetooth traffic and can display
 packets from higher level protocols such as RFCOMM, SDP and BNEP.
 .
 This was the software that is independent as bluez-hcidump, but this has been
 integrated into BlueZ from BlueZ 5.0.
 .
 BlueZ is the official Linux Bluetooth protocol stack. It is an Open Source
 project distributed under GNU General Public License (GPL).

bluez-hcidump-dbgsym: debug symbols for package bluez-hcidump

 The hcidump utility allows the monitoring of Bluetooth activity.
 It provides a disassembly of the Bluetooth traffic and can display
 packets from higher level protocols such as RFCOMM, SDP and BNEP.
 .
 This was the software that is independent as bluez-hcidump, but this has been
 integrated into BlueZ from BlueZ 5.0.
 .
 BlueZ is the official Linux Bluetooth protocol stack. It is an Open Source
 project distributed under GNU General Public License (GPL).

bluez-obexd: bluez obex daemon

 This package contains a OBEX(OBject EXchange) daemon.
 .
 OBEX is communication protocol to facilitate the exchange of the binary
 object between the devices.
 .
 This was the software that is independent as obexd, but this has been
 integrated into BlueZ from BlueZ 5.0.
 .
 BlueZ is the official Linux Bluetooth protocol stack. It is an Open Source
 project distributed under GNU General Public License (GPL).

bluez-obexd-dbgsym: debug symbols for package bluez-obexd

 This package contains a OBEX(OBject EXchange) daemon.
 .
 OBEX is communication protocol to facilitate the exchange of the binary
 object between the devices.
 .
 This was the software that is independent as obexd, but this has been
 integrated into BlueZ from BlueZ 5.0.
 .
 BlueZ is the official Linux Bluetooth protocol stack. It is an Open Source
 project distributed under GNU General Public License (GPL).

bluez-tests: BlueZ test tools and scripts

 This package contains test tools and scripts used for testing BlueZ.
 .
 BlueZ is the official Linux Bluetooth protocol stack. It is an Open Source
 project distributed under GNU General Public License (GPL).

bluez-tests-dbgsym: debug symbols for package bluez-tests

 This package contains test tools and scripts used for testing BlueZ.
 .
 BlueZ is the official Linux Bluetooth protocol stack. It is an Open Source
 project distributed under GNU General Public License (GPL).

libbluetooth-dev: Development files for using the BlueZ Linux Bluetooth library

 BlueZ is the official Linux Bluetooth protocol stack. It is an Open Source
 project distributed under GNU General Public License (GPL).

libbluetooth-dev-dbgsym: debug symbols for package libbluetooth-dev

 BlueZ is the official Linux Bluetooth protocol stack. It is an Open Source
 project distributed under GNU General Public License (GPL).

libbluetooth3: Library to use the BlueZ Linux Bluetooth stack

 BlueZ is the official Linux Bluetooth protocol stack. It is an Open Source
 project distributed under GNU General Public License (GPL).

libbluetooth3-dbg: Library to use the BlueZ Linux Bluetooth stack with debugging symbols

 BlueZ is the official Linux Bluetooth protocol stack. It is an Open Source
 project distributed under GNU General Public License (GPL).
 .
 This package contains the debugging symbols.

libbluetooth3-dbgsym: debug symbols for package libbluetooth3

 BlueZ is the official Linux Bluetooth protocol stack. It is an Open Source
 project distributed under GNU General Public License (GPL).