Univention Bugzilla – Bug 45551
bluez: Multiple issues (4.2)
Last modified: 2018-05-08 14:56:34 CEST
Upstream Debian package version 5.23-2+deb8u1 fixes: * All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests. (CVE-2017-1000250)
Mass-import from Debian-Security: python -m univention.repong.^Cbmirror -s jessie -r 4.2-3 --override=$HOME/REPOS/repo-ng/mirror/update_ucs42_mirror_from_debian.yml --errata=doc/errata --sql --process=ALL -vvvv --now=201801211553 YAML: git:bd6159834a..449aa5a7cf
--- mirror/ftp/4.2/unmaintained/4.2-0/source/bluez_5.23-2.dsc +++ apt/ucs_4.2-0-errata4.2-3/source/bluez_5.23-2+deb8u1.dsc @@ -1,3 +1,9 @@ +5.23-2+deb8u1 [Wed, 13 Sep 2017 09:43:03 +0200] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * CVE-2017-1000250: information disclosure vulnerability in + service_search_attr_req (Closes: #875633) + 5.23-2 [Tue, 16 Sep 2014 14:17:30 +0900] Nobuhiro Iwamatsu <iwamatsu@debian.org>: * debian/control.
* No UCS specific patches * Comparison to previously shipped version ok * Binary package update Ok * Advisory Ok
<http://errata.software-univention.de/ucs/4.2/369.html>