-
bluez (5.60-0ubuntu2.2) impish-security; urgency=medium
* SECURITY UPDATE: Integer overflow in gatt server protocol could lead to
a heap overflow, resulting in denial of service or potential code
execution.
- debian/patches/CVE-2022-0204.patch: add length and offset validation in
write_cb function in src/shared/gatt-server.c.
- CVE-2022-0204
-- Ray Veldkamp <email address hidden> Tue, 01 Feb 2022 11:49:45 +1100
-
bluez (5.60-0ubuntu2.1) impish-security; urgency=medium
* SECURITY UPDATE: incorrect discoverable status
- debian/patches/CVE-2021-3658.patch: fix storing discoverable setting
in src/adapter.c.
- CVE-2021-3658
* SECURITY UPDATE: DoS via memory leak in sdp_cstate_alloc_buf
- debian/patches/CVE-2021-41229.patch: fix leaking buffers stored in
cstates cache in src/sdpd-request.c, src/sdpd-server.c, src/sdpd.h,
unit/test-sdp.c.
- CVE-2021-41229
* SECURITY UPDATE: use-after-free when client disconnects
- debian/patches/CVE-2021-43400.patch: fix not cleaning up when
disconnected in src/gatt-database.c.
- CVE-2021-43400
-- Marc Deslauriers <email address hidden> Wed, 17 Nov 2021 10:08:28 -0500
-
bluez (5.60-0ubuntu2) impish; urgency=medium
* debian/patches/git_glibc234_buildfix.patch:
- Fix build with glibc >= 2.34
-- Sebastien Bacher <email address hidden> Mon, 20 Sep 2021 13:48:13 +0200
-
bluez (5.60-0ubuntu1) impish; urgency=medium
* New upstream release 5.60 (LP: #1935794):
- Fix issue with reading from RFKILL device node.
- Fix issue with AVDTP and parsing capabilities.
- Fix issue with UnregisterApplication handling.
- Fix issue with RegisterProfile if UUID already exists.
- Fix issue with GATT client attribute read with offset.
- Fix issue with non-discoverable device and advertising monitor.
* Drop upstreamed patch: Fix-reading-from-rfkill-socket.patch
-- Daniel van Vugt <email address hidden> Mon, 12 Jul 2021 16:36:13 +0800
-
bluez (5.59-0ubuntu1) impish; urgency=medium
* New upstream release 5.59 (LP: #1933078):
- Fix issue with string to UUID-32 conversion.
- Fix issue with connect request if SDP search failed.
- Fix issue with accepting invalid AVDTP capabilities.
- Fix issue with unregister handling of AVRCP player.
* Add new build-dep 'python3-docutils' required for rst2man.
* Add new package 'bluez-meshd' and --enable-mesh (LP: #1929833).
- Requires new build-dep 'libjson-c-dev'.
* Cleanups from upstream debian:
- Remove empty packages 'libbluetooth3-dbg' and 'bluez-dbg'.
- Lots of benign formatting changes in debian/control to shrink the diff.
* Add binaries 'b1ee', 'btvirt', 'hfp' to 'bluez-tests' (LP: #1932022).
* Add binary 'avinfo' to 'bluez' (LP: #1907886).
* Add patch Fix-reading-from-rfkill-socket.patch to resolve Bluetooth
on/off toggle issues with newer kernel versions (LP: #1926062).
-- Daniel van Vugt <email address hidden> Mon, 21 Jun 2021 17:02:38 +0800
-
bluez (5.58-0ubuntu1) impish; urgency=medium
* New upstream release 5.58 (LP: #1923564):
- Fix issue with usage of deprecated GLib functions.
* New upstream release 5.57:
- Fix issue with handling GATT notification PDU parsing.
- Fix issue with registering DIS without a valid source.
- Fix issue with removing remote SEPs when loading from cache.
* Drop hog-lib-Fix-crash-when-receiving-UHID_GET_REPORT.patch because
it is upstreamed in version 5.57.
* Drop a couple of nonexistent symbols (in sixaxis.so) from
libbluetooth3.symbols to quieten lintian.
-- Daniel van Vugt <email address hidden> Tue, 04 May 2021 15:23:46 +0800
-
bluez (5.56-0ubuntu4) hirsute; urgency=medium
* Add hog-lib-Fix-crash-when-receiving-UHID_GET_REPORT.patch to fix crashes
when connecting Bluetooth keyboards (LP: #1924217)
-- Daniel van Vugt <email address hidden> Thu, 15 Apr 2021 14:47:04 +0800
