Univention Bugzilla – Bug 52265
bluez: Multiple issues (4.4)
Last modified: 2020-10-28 12:49:26 CET
New Debian bluez 5.43-2+deb9u3 fixes: This update addresses the following issue: * double free in gatttool client disconnect callback handler in src/shared/att.c could lead to DoS or RCE (CVE-2020-27153)
--- mirror/ftp/4.4/unmaintained/4.4-5/source/bluez_5.43-2+deb9u2.dsc +++ apt/ucs_4.4-0-errata4.4-6/source/bluez_5.43-2+deb9u3.dsc @@ -1,3 +1,9 @@ +5.43-2+deb9u3 [Wed, 21 Oct 2020 16:43:00 +0100] Chris Lamb <lamby@debian.org>: + + * Non-maintainer upload by the Security Team. + * CVE-2020-27153: Prevent a double-free vulnerability during service + discovery. + 5.43-2+deb9u2 [Sun, 22 Mar 2020 10:42:49 +0100] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://10.200.17.11/4.4-6/#7073470715224575719>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-6] 6c13ad9fcd Bug #52265: bluez 5.43-2+deb9u3 doc/errata/staging/bluez.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.4-6] f1f406d0e2 Bug #52265: bluez 5.43-2+deb9u3 doc/errata/staging/bluez.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x781>