Merge ~alfonsosanchezbeato/snappy-hwe-snaps/+git/bluez:cve-snap into ~snappy-hwe-team/snappy-hwe-snaps/+git/bluez:master
Status: | Merged |
---|---|
Approved by: | Alfonso Sanchez-Beato |
Approved revision: | 79f13ba4837390418bf135eda39294e2a7263b41 |
Merged at revision: | b9f672a71a0063261fc3cc9cabdc0d119b4095d6 |
Proposed branch: | ~alfonsosanchezbeato/snappy-hwe-snaps/+git/bluez:cve-snap |
Merge into: | ~snappy-hwe-team/snappy-hwe-snaps/+git/bluez:master |
Diff against target: | 0 lines |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
System Enablement Bot | continuous-integration | Approve | |
Review via email: mp+415370@code.launchpad.net |
Commit message
Update to 5.48-0ubuntu3.8 sources:
bluez (5.48-0ubuntu3.8) bionic-security; urgency=medium
* SECURITY UPDATE: Integer overflow in gatt server protocol could lead to
a heap overflow, resulting in denial of service or potential code
execution.
- debian/
write_cb function in src/shared/
- CVE-2022-0204
-- Ray Veldkamp <email address hidden> Fri, 04 Feb 2022 10:25:37 +1100
bluez (5.48-0ubuntu3.7) bionic-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overflow
- debian/
lib/sdp.c.
- CVE-2019-8922
-- Marc Deslauriers <email address hidden> Wed, 08 Dec 2021 07:57:30 -0500
bluez (5.48-0ubuntu3.6) bionic-security; urgency=medium
* SECURITY UPDATE: DoS via memory leak in sdp_cstate_
- debian/
length in src/sdpd-request.c.
- debian/
cstates cache in src/sdpd-request.c, src/sdpd-server.c, src/sdpd.h,
unit/
- CVE-2021-41229
* SECURITY UPDATE: use-after-free when client disconnects
- debian/
options with AcquireNotify in src/gatt-
- debian/
in src/gatt-
- debian/
AcquireWrite in src/gatt-
- debian/
and WriteValue in src/gatt-
- debian/
disconnected in src/gatt-
- CVE-2021-43400
-- Marc Deslauriers <email address hidden> Wed, 17 Nov 2021 10:52:30 -0500
Description of the change
Update to 5.48-0ubuntu3.8 sources:
bluez (5.48-0ubuntu3.8) bionic-security; urgency=medium
* SECURITY UPDATE: Integer overflow in gatt server protocol could lead to
a heap overflow, resulting in denial of service or potential code
execution.
- debian/
write_cb function in src/shared/
- CVE-2022-0204
-- Ray Veldkamp <email address hidden> Fri, 04 Feb 2022 10:25:37 +1100
bluez (5.48-0ubuntu3.7) bionic-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overflow
- debian/
lib/sdp.c.
- CVE-2019-8922
-- Marc Deslauriers <email address hidden> Wed, 08 Dec 2021 07:57:30 -0500
bluez (5.48-0ubuntu3.6) bionic-security; urgency=medium
* SECURITY UPDATE: DoS via memory leak in sdp_cstate_
- debian/
length in src/sdpd-request.c.
- debian/
cstates cache in src/sdpd-request.c, src/sdpd-server.c, src/sdpd.h,
unit/
- CVE-2021-41229
* SECURITY UPDATE: use-after-free when client disconnects
- debian/
options with AcquireNotify in src/gatt-
- debian/
in src/gatt-
- debian/
AcquireWrite in src/gatt-
- debian/
and WriteValue in src/gatt-
- debian/
disconnected in src/gatt-
- CVE-2021-43400
-- Marc Deslauriers <email address hidden> Wed, 17 Nov 2021 10:52:30 -0500
PASSED: Successfully build documentation, rev: 79f13ba48373904 18bf135eda39294 e2a7263b41
Generated documentation is available at https:/ /jenkins. canonical. com/system- enablement/ job/snappy- hwe-snaps- snap-docs/ 1473/