snappy-hwe-snaps

Merge ~alfonsosanchezbeato/snappy-hwe-snaps/+git/bluez:cve-2020-0556 into ~snappy-hwe-team/snappy-hwe-snaps/+git/bluez:bluez/5.49

  1. Git
  2. lp:~alfonsosanchezbeato/snappy-hwe-snaps/+git/bluez
  3. cve-2020-0556
  4. Merge into bluez/5.49
Proposed by Alfonso Sanchez-Beato
Status: Merged
Approved by: Alfonso Sanchez-Beato
Approved revision: 8c340d972b1f03bda51b9d46dc07b5385c8046e0
Merged at revision: 9c39c49824f60febc02d9104e73e5633ce9dbf1b
Proposed branch: ~alfonsosanchezbeato/snappy-hwe-snaps/+git/bluez:cve-2020-0556
Merge into: ~snappy-hwe-team/snappy-hwe-snaps/+git/bluez:bluez/5.49
Diff against target: 181 lines (+80/-2)
5 files modified
profiles/input/device.c (+22/-1)
profiles/input/device.h (+2/-0)
profiles/input/hog.c (+22/-0)
profiles/input/input.conf (+13/-0)
profiles/input/manager.c (+21/-1)
Reviewer Review Type Date Requested Status
System Enablement Bot continuous-integration Approve
Review via email: mp+381428@code.staging.launchpad.net

Commit message

Security update taken from Ubuntu package. Patches included:

bluez (5.48-0ubuntu3.4) bionic-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via improper access control
    - debian/patches/CVE-2020-0556-1.patch: HOGP must only accept data from
      bonded devices in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-2.patch: HID accepts bonded device
      connections only in profiles/input/device.c, profiles/input/device.h,
      profiles/input/input.conf, profiles/input/manager.c.
    - debian/patches/CVE-2020-0556-3.patch: attempt to set security level
      if not bonded in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-4.patch: add LEAutoSecurity setting to
      input.conf in profiles/input/device.h, profiles/input/hog.c,
      profiles/input/input.conf, profiles/input/manager.c.
    - CVE-2020-0556

Description of the change

Security update taken from Ubuntu package. Patches included:

bluez (5.48-0ubuntu3.4) bionic-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via improper access control
    - debian/patches/CVE-2020-0556-1.patch: HOGP must only accept data from
      bonded devices in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-2.patch: HID accepts bonded device
      connections only in profiles/input/device.c, profiles/input/device.h,
      profiles/input/input.conf, profiles/input/manager.c.
    - debian/patches/CVE-2020-0556-3.patch: attempt to set security level
      if not bonded in profiles/input/hog.c.
    - debian/patches/CVE-2020-0556-4.patch: add LEAutoSecurity setting to
      input.conf in profiles/input/device.h, profiles/input/hog.c,
      profiles/input/input.conf, profiles/input/manager.c.
    - CVE-2020-0556

To post a comment you must log in.
Revision history for this message
System Enablement Bot (system-enablement-ci-bot) wrote :

PASSED: Continuous integration, rev:8c340d972b1f03bda51b9d46dc07b5385c8046e0
https://jenkins.canonical.com/system-enablement/job/snappy-hwe-snaps-snap-build-prepare/484/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/snappy-hwe-snaps-snap-build/ARCHITECTURE=amd64/515
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/snappy-hwe-snaps-snap-build/ARCHITECTURE=arm64/515
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/snappy-hwe-snaps-snap-build/ARCHITECTURE=armhf/515
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/snappy-hwe-snaps-snap-build/ARCHITECTURE=i386/515
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/snappy-hwe-snaps-snap-docs/1307
    SUCCESS: https://jenkins.canonical.com/system-enablement/job/snappy-hwe-snaps-snap-cleanup/1049
    None: https://jenkins.canonical.com/system-enablement/job/snappy-hwe-snaps-snap-update-mp/1097/console

Click here to trigger a rebuild:
https://jenkins.canonical.com/system-enablement/job/snappy-hwe-snaps-snap-build-prepare/484/rebuild

review: Approve (continuous-integration)

There was an error fetching revisions from git servers. Please try again in a few minutes. If the problem persists, contact Launchpad support.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches