bluez (5.64-0ubuntu1.4) jammy-security; urgency=medium
* SECURITY UPDATE: code exec via Phone Book Access Profile
- debian/patches/CVE-2023-502xx.patch: fix not checking counter length
in obexd/client/pbap.c.
- CVE-2023-50229
- CVE-2023-50230
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 21 Jan 2025 08:12:00 -0500
bluez (5.64-0ubuntu1.3) jammy-security; urgency=medium
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2022-3563.patch: Fix null dereference in
mgmt-tester.c.
- CVE-2022-3563
* SECURITY UPDATE: out-of-bounds write
- debian/patches/CVE-2023-27349.patch: Fix crash while handling
unsupported events in avrcp.c.
- CVE-2023-27349
-- Fabian Toepfer <fabian.toepfer@canonical.com> Wed, 05 Jun 2024 12:10:29 +0200
bluez (5.64-0ubuntu1.1) jammy-security; urgency=medium
* SECURITY UPDATE: make conf compliant to HID specification
- debian/patches/CVE-2023-45866.patch: input.conf: Change default of
ClassicBondedOnly
- CVE-2023-45866
-- Nishit Majithia <nishit.majithia@canonical.com> Wed, 29 Nov 2023 17:01:28 +0530
bluez (5.64-0ubuntu1) jammy; urgency=medium
* New upstream release 5.64 (LP: #1965740):
- Fix issue with handling A2DP discover procedure.
- Fix issue with media endpoint replies and SetConfiguration.
- Fix issue with HoG queuing events before report map is read.
- Fix issue with HoG and read order of GATT attributes.
- Fix issue with HoG and not using UHID_CREATE2 interface.
- Fix issue with failed scanning for 5 minutes after reboot.
* Drop upstreamed patches:
- hog-Fix-read-order-of-attributes.patch
- media-Fix-crash-when-endpoint-replies-with-an-error-to-Se.patch
- gdbus-Emit-InterfacesAdded-of-parents-objects-first.patch
* Refreshed patches:
- ubuntu_error_restart.patch
-- Daniel van Vugt <daniel.van.vugt@canonical.com> Thu, 24 Mar 2022 14:30:38 +0800
bluez (5.63-0ubuntu2) jammy; urgency=medium
* Cherry-pick 3 patches to fix some crash & reconnect issues
(LP: #1962542)
-- Jeremy Bicha <jeremy.bicha@canonical.com> Wed, 02 Mar 2022 10:26:23 +0100
bluez (5.63-0ubuntu1) jammy; urgency=medium
* New upstream release 5.63 (LP: #1957160):
- Fix issue with storing IRK causing invalid read access.
- Fix issue with disconnecting due to GattCharacteristic1.MTU.
- Add support for Device{Found,Lost} of advertising monitoring.
* Drop upstreamed patches:
- 0001-obexd-plugins-import-PBAP-ebook-support-from-upstrea.patch
- 0001-obexd-plugins-port-ebook-support-to-the-latest-EDS.patch
- CVE-2021-41229.patch
* Refreshed patches:
- allow-using-obexd-without-systemd-in-the-user-sessio.patch
-- Daniel van Vugt <daniel.van.vugt@canonical.com> Wed, 12 Jan 2022 18:28:06 +0800
bluez (5.62-0ubuntu2) jammy; urgency=medium
* SECURITY UPDATE: DoS via memory leak in sdp_cstate_alloc_buf
- debian/patches/CVE-2021-41229.patch: fix leaking buffers stored in
cstates cache in src/sdpd-request.c, src/sdpd-server.c, src/sdpd.h,
unit/test-sdp.c.
- CVE-2021-41229
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 17 Nov 2021 10:06:07 -0500
bluez (5.62-0ubuntu1) jammy; urgency=medium
* New upstream release 5.62 (LP: #1941708):
- Fix issue with handling truncation when loading LTKs.
- Fix issue with accepting Exchange MTU on EATT bearer.
- Fix issue with clearing DeviceLost timers on power down.
- Fix issue with AVCTP browsing channel and missing ERTM.
- Fix issue with AVDTP and local SEID pool for each adapter.
- Add support for BR/EDR and LE connection failure reasons.
* Drop patch git_glibc234_buildfix.patch as it is included in 5.62.
* New upstream release 5.61:
- Fix issue with A2DP while waiting for command response.
- Fix issue with A2DP when SetConfiguration fails.
- Fix issue with device removal handling.
- Fix issue with storing discoverable setting.
- Add support for Central Address Resolution characteristic.
- Add support for admin policy plugin.
* Merges from Debian 5.61-1:
- Change debian/watch to use HTTPS.
- Add to debian/README.Debian
- Replace 0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch
with allow-using-obexd-without-systemd-in-the-user-sessio.patch which
also fixes LP: #1945887.
- Rename 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch
to obex-Use-GLib-helper-function-to-manipulate-paths.patch
- Rename 0001-work-around-Logitech-diNovo-Edge-keyboard-firmware-i.patch
to work-around-Logitech-diNovo-Edge-keyboard-firmware-i.patch although
Ubuntu still carries an additional fix that's not in the Debian branch.
-- Daniel van Vugt <daniel.van.vugt@canonical.com> Fri, 15 Oct 2021 15:18:43 +0800
bluez (5.60-0ubuntu2) impish; urgency=medium
* debian/patches/git_glibc234_buildfix.patch:
- Fix build with glibc >= 2.34
-- Sebastien Bacher <seb128@ubuntu.com> Mon, 20 Sep 2021 13:48:13 +0200
bluez (5.60-0ubuntu1) impish; urgency=medium
* New upstream release 5.60 (LP: #1935794):
- Fix issue with reading from RFKILL device node.
- Fix issue with AVDTP and parsing capabilities.
- Fix issue with UnregisterApplication handling.
- Fix issue with RegisterProfile if UUID already exists.
- Fix issue with GATT client attribute read with offset.
- Fix issue with non-discoverable device and advertising monitor.
* Drop upstreamed patch: Fix-reading-from-rfkill-socket.patch
-- Daniel van Vugt <daniel.van.vugt@canonical.com> Mon, 12 Jul 2021 16:36:13 +0800
# For older changelog entries, run 'apt-get changelog bluez'
Generated by dwww version 1.14 on Sun Feb 2 13:38:54 CET 2025.