[Buildroot] [PATCH] bluez5_utils: add upstream security fix for CVE-2017-1000250

Peter Korsgaard peter at korsgaard.com
Thu Sep 21 14:59:51 UTC 2017


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes CVE-2017-1000250 - All versions of the SDP server in BlueZ 5.46 and
 > earlier are vulnerable to an information disclosure vulnerability which
 > allows remote attackers to obtain sensitive information from the bluetoothd
 > process memory.  This vulnerability lies in the processing of SDP search
 > attribute requests.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2017.02.x, thanks (seems safer than bumping to 5.47).

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list