[Buildroot] [PATCH] bluez5_utils: add upstream security fix for CVE-2017-1000250

Peter Korsgaard peter at korsgaard.com
Sun Sep 17 19:46:36 UTC 2017


>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls at t-online.de> writes:

 > Am Wed, 13 Sep 2017 14:19:55 +0200 schrieb Peter Korsgaard:
 >> Fixes CVE-2017-1000250 - All versions of the SDP server in BlueZ 5.46
 >> and earlier are vulnerable to an information disclosure vulnerability
 >> which allows remote attackers to obtain sensitive information from the
 >> bluetoothd process memory.  This vulnerability lies in the processing of
 >> SDP search attribute requests.

 > Hi,

 > this patch was is included in upstream release 5.47 and can be marked as 
 > superseded by this patch: http://patchwork.ozlabs.org/patch/814482/

Yes, now that 5.47 is out, bumping the version makes more sense.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list