[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#28447] [PATCH] gnu: bluez: Fix CVE-2017-1000250.
|
From: |
Marius Bakke |
|
Subject: |
[bug#28447] [PATCH] gnu: bluez: Fix CVE-2017-1000250. |
|
Date: |
Wed, 13 Sep 2017 17:44:25 +0200 |
* gnu/packages/linux.scm (%bluez-CVE-2017-1000250.patch): New variable.
(bluez)[replacement]: New field.
(bluez/fixed): New variable.
---
gnu/packages/linux.scm | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index bfa736c1c..9dc68a2b3 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -3009,10 +3009,24 @@ applications.")
Bluetooth audio output devices like headphones or loudspeakers.")
(license license:gpl2+)))
+;; Fix remote information disclosure in bluetoothd.
+;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250
+;; https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000250.html
+(define %bluez-CVE-2017-1000250.patch
+ (origin
+ (method url-fetch)
+ (uri "https://git.kernel.org/pub/scm/bluetooth/bluez.git/patch/?id=\
+9e009647b14e810e06626dde7f1bb9ea3c375d09")
+ (file-name "bluez-CVE-2017-1000250.patch")
+ (sha256
+ (base32
+ "0p6gblj775sv0xx4pvdll39j6spg8ihhshid5z6lgrjh0rmxi3sk"))))
+
(define-public bluez
(package
(name "bluez")
(version "5.45")
+ (replacement bluez/fixed)
(source (origin
(method url-fetch)
(uri (string-append
@@ -3074,6 +3088,13 @@ Bluetooth audio output devices like headphones or
loudspeakers.")
is flexible, efficient and uses a modular implementation.")
(license license:gpl2+)))
+(define bluez/fixed
+ (package
+ (inherit bluez)
+ (source (origin
+ (inherit (package-source bluez))
+ (patches (list %bluez-CVE-2017-1000250.patch))))))
+
(define-public fuse-exfat
(package
(name "fuse-exfat")
--
2.14.1
- [bug#28447] [PATCH] gnu: bluez: Fix CVE-2017-1000250.,
Marius Bakke <=