This bug was fixed in the package bluez - 5.53-0ubuntu3.6

---------------
bluez (5.53-0ubuntu3.6) focal-security; urgency=medium

  * SECURITY UPDATE: various security improvements (LP: #1977968)
    - debian/patches/avdtp-security.patch: check if capabilities are valid
      before attempting to copy them in profiles/audio/avdtp.c.
    - debian/patches/avdtp-security-2.patch: fix size comparison and
      variable misassignment in profiles/audio/avdtp.c.
    - debian/patches/avrcp-security.patch: make sure the number of bytes in
      the params_len matches the remaining bytes received so the code don't
      end up accessing invalid memory in profiles/audio/avrcp.c.
    - No CVE numbers

 -- Marc Deslauriers <marc.deslauri...@ubuntu.com>  Wed, 08 Jun 2022
07:09:00 -0400

** Changed in: bluez (Ubuntu)
       Status: New => Fix Released

** Changed in: bluez (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bluez in Ubuntu.
https://bugs.launchpad.net/bugs/1977968

Title:
  Security update tracking bug

Status in bluez package in Ubuntu:
  Fix Released

Bug description:
  This bug is to track the security update that will contain these
  possibly security-relevant commits:

  
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e2b0f0d8d63e1223bb714a9efb37e2257818268b

  
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=7a80d2096f1b7125085e21448112aa02f49f5e9a

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to