-
bluez (5.37-0ubuntu5.3) xenial-security; urgency=medium
* SECURITY UPDATE: buffer overflow in parse_line function
- debian/patches/CVE-2016-7837.patch: make sure we don't write past the
end of the array in tools/csr.c.
- CVE-2016-7837
* SECURITY UPDATE: privilege escalation via improper access control
- debian/patches/CVE-2020-0556-pre1.patch: use .accept and .disconnect
instead of attio in profiles/input/hog.c, src/device.c, src/device.h.
- debian/patches/CVE-2020-0556-1.patch: HOGP must only accept data from
bonded devices in profiles/input/hog.c.
- debian/patches/CVE-2020-0556-2.patch: HID accepts bonded device
connections only in profiles/input/device.c, profiles/input/device.h,
profiles/input/input.conf, profiles/input/manager.c.
- debian/patches/CVE-2020-0556-3.patch: attempt to set security level
if not bonded in profiles/input/hog.c.
- debian/patches/CVE-2020-0556-4.patch: add LEAutoSecurity setting to
input.conf in profiles/input/device.h, profiles/input/hog.c,
profiles/input/input.conf, profiles/input/manager.c.
- CVE-2020-0556
-- Marc Deslauriers <email address hidden> Mon, 23 Mar 2020 08:39:08 -0400
-
bluez (5.37-0ubuntu5.2) xenial; urgency=medium
[Simon Fels]
[Guilhem Lettron]
[Cyrus Lien]
* debian/main.conf:
- Set AutoEnable parameter to true.
(LP: #1510570)
* debian/50-bluetooth-hci-auto-poweron.rules:
- Get rid of legacy udev rule to power on bluetooth controllers on
startup. Using hciconfig for that is the legacy way and will lead
to different problems as the kernel side stack wont initialize
all needed subsystems when used. BlueZ introduced a replacement
for this with 5.36 which basically tells the bluetoothd through
a config option to turn on all found Bluetooth controllers by
default. With changing this there should be no change in terms
of functionality.
(LP: #1510570)
-- Konrad ZapaĆowicz <email address hidden> Tue, 14 Nov 2017 14:07:37 +0100
-
bluez (5.37-0ubuntu5.1) xenial-security; urgency=medium
* SECURITY UPDATE: information disclosure in service discovery
protocol daemon.
- debian/patches/CVE-2017-1000250.patch: validate continuation
request size before sending response.
- CVE-2017-1000250
-- Steve Beattie <email address hidden> Mon, 11 Sep 2017 18:35:28 -0700
-
bluez (5.37-0ubuntu5) xenial; urgency=medium
[Tony Espy ]
* debian/control: fixup 'Architecture:' and 'Depends:' for bluez-
tests, as it now includes binary commands and thus can no
longer be 'Architecture: all'.
-- Simon Fels <email address hidden> Tue, 01 Mar 2016 16:17:24 +0100
-
bluez (5.36-0ubuntu1) xenial; urgency=medium
* New upstream version
* 0001-systemd-Check-if-bluetooth-is-supported-in-the-kerne.patch:
- the change is in the new version
-- Sebastien Bacher <email address hidden> Mon, 09 Nov 2015 13:57:48 +0100
-
bluez (5.35-0ubuntu2) wily; urgency=medium
* Add 0001-systemd-Check-if-bluetooth-is-supported-in-the-kerne.patch:
bluetooth.service: Check if bluetooth is supported in the kernel, to avoid
failing package installation on a kernel without bluetooth support.
(LP: #1506774)
-- Martin Pitt <email address hidden> Tue, 20 Oct 2015 12:27:06 +0200
