-
bluez (5.50-0ubuntu5.1) eoan-security; urgency=medium
* SECURITY UPDATE: privilege escalation via improper access control
- debian/patches/CVE-2020-0556-1.patch: HOGP must only accept data from
bonded devices in profiles/input/hog.c.
- debian/patches/CVE-2020-0556-2.patch: HID accepts bonded device
connections only in profiles/input/device.c, profiles/input/device.h,
profiles/input/input.conf, profiles/input/manager.c.
- debian/patches/CVE-2020-0556-3.patch: attempt to set security level
if not bonded in profiles/input/hog.c.
- debian/patches/CVE-2020-0556-4.patch: add LEAutoSecurity setting to
input.conf in profiles/input/device.h, profiles/input/hog.c,
profiles/input/input.conf, profiles/input/manager.c.
- CVE-2020-0556
-- Marc Deslauriers <email address hidden> Mon, 23 Mar 2020 08:25:48 -0400
-
bluez (5.50-0ubuntu5) eoan; urgency=medium
* Add lp1845046-policy-Add-logic-to-connect-a-Sink.patch to properly expose
A2DP high quality audio support on some headphones (LP: #1845046).
-- Daniel van Vugt <email address hidden> Mon, 06 Jan 2020 14:17:42 +0800
-
bluez (5.50-0ubuntu4) eoan; urgency=medium
* d/p/lp1759836.patch: avoid endless udev events from new bind uevents
(LP: #1759836)
-- Dan Streetman <email address hidden> Tue, 10 Sep 2019 17:22:37 -0400
-
bluez (5.50-0ubuntu3) eoan; urgency=medium
* d/p/tools-Fix-build-after-y2038-changes-in-glibc.patch: fix build
failure due to linux header changes for y2038 bug.
-- Dan Streetman <email address hidden> Wed, 28 Aug 2019 02:43:38 -0400
-
bluez (5.50-0ubuntu2) disco; urgency=medium
* No-change rebuild for readline soname change.
-- Matthias Klose <email address hidden> Mon, 14 Jan 2019 19:58:14 +0000