Gentoo Full Text Bug Listing

Bug 122323 - net-wireless/bluez-hcidump - DoS

Bug#: 122323	Product: Gentoo Security	Version: unspecified	Platform: All
OS/Version: Linux	Status: RESOLVED	Severity: minor	Priority: P2
Resolution: FIXED	Assigned To: security@gentoo.org	Reported By: carlo@gentoo.org
Component: Vulnerabilities
URL: http://www.secuobs.com/news/05022006-bluetooth9.shtml#english
Summary: net-wireless/bluez-hcidump - DoS
Keywords:
Status Whiteboard: B3 [noglsa] DerCorny
Opened: 2006-02-09 17:06 0000

Description:

Opened: 2006-02-09 17:06 0000

http://www.secuobs.com/news/05022006-bluetooth9.shtml#english

------- Comment #1 From Stefan Cornelius (RETIRED) 2006-02-09 17:13:57 0000 -------

hmm well, i'm not really sure if this counts as a security bug, but lets get it
fixed anyways: mobile herd, please provide updated ebuild, thank you

------- Comment #2 From Henrik Brix Andersen 2006-02-10 01:46:05 0000 -------

I don't see a patch referenced on that page - nor has the bluez project
released a new version.

------- Comment #3 From Alastair Tse (RETIRED) 2006-02-10 03:32:37 0000 -------

http://cvs.sourceforge.net/viewcvs.py/bluez/hcidump/parser/l2cap.c?r1=1.51&r2=1.52&diff_format=u

only just added a couple of hours ago, i suppose the release will be imminent.

------- Comment #4 From Thierry Carrez (RETIRED) 2006-02-12 10:48:12 0000 -------

Let's wait for upstream, this one sounds lame anyway.

------- Comment #5 From Thierry Carrez (RETIRED) 2006-02-21 10:23:02 0000 -------

1.30 is out with the fix

------- Comment #6 From Alastair Tse (RETIRED) 2006-02-21 12:51:42 0000 -------

need a little time to test on stable machine before committing.

------- Comment #7 From Alastair Tse (RETIRED) 2006-02-25 10:58:07 0000 -------

in portage now. along with stable bump for required bluez-libs and bluez-utils
packages.

------- Comment #8 From Stefan Cornelius (RETIRED) 2006-02-25 11:05:23 0000 -------

arches pls stable (it seems like you need to stable bluez-libs and bluez-utils,
too - see comment #7) Thanks.

------- Comment #9 From Mark Loeser 2006-02-25 12:45:37 0000 -------

Looks like liquidx already handled x86. :)

------- Comment #10 From Tobias Scherbaum 2006-02-26 11:01:15 0000 -------

ppc stable

------- Comment #11 From Thierry Carrez (RETIRED) 2006-02-26 11:35:56 0000 -------

Ready for GLSA vote, I tend to vote no

------- Comment #12 From Alastair Tse (RETIRED) 2006-02-26 12:44:25 0000 -------

i think this is pretty minor tbh. i would vote no.

------- Comment #13 From Stefan Cornelius (RETIRED) 2006-02-27 03:02:26 0000 -------

Voting no and closing, as always: feel free to reopen.