[Buildroot] [PATCH] bluez5_utils: add upstream security fix for CVE-2017-1000250
Peter Korsgaard
peter at korsgaard.com
Sun Sep 17 19:46:36 UTC 2017
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls at t-online.de> writes:
> Am Wed, 13 Sep 2017 14:19:55 +0200 schrieb Peter Korsgaard:
>> Fixes CVE-2017-1000250 - All versions of the SDP server in BlueZ 5.46
>> and earlier are vulnerable to an information disclosure vulnerability
>> which allows remote attackers to obtain sensitive information from the
>> bluetoothd process memory. This vulnerability lies in the processing of
>> SDP search attribute requests.
> Hi,
> this patch was is included in upstream release 5.47 and can be marked as
> superseded by this patch: http://patchwork.ozlabs.org/patch/814482/
Yes, now that 5.47 is out, bumping the version makes more sense.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list