File _patchinfo of Package patchinfo.5742

<patchinfo incident="5742">
  <issue id="1057342" tracker="bnc">VUL-0: CVE-2017-1000250: bluez: information disclosure vulnerability in service_search_attr_req</issue>
  <issue id="1026652" tracker="bnc">VUL-1: CVE-2016-7837: bluez: Buffer overflow in parse_line function</issue>
  <issue id="1013877" tracker="bnc">VUL-0: CVE-2016-9804: bluez,bluez-hcidump:  buffer overflow in commands_dump()</issue>
  <issue tracker="bnc" id="1013732">VUL-0: CVE-2016-9801: bluez: buffer overflow in set_ext_ctrl()</issue>
  <issue tracker="bnc" id="1013721">VUL-0: CVE-2016-9800: bluez,bluez-hcidump: buffer overflow in pin_code_reply_dump()</issue>
  <issue id="1015173" tracker="bnc">VUL-1: CVE-2016-9918: bluez,bluez-hcidump:  Out of bounds stack read in packet_hexdump()</issue>
  <issue id="2016-7837" tracker="cve" />
  <issue id="2016-9918" tracker="cve" />
  <issue id="2017-1000250" tracker="cve" />
  <issue id="2016-9804" tracker="cve" />
  <issue tracker="cve" id="2016-9800"/>
  <issue tracker="cve" id="2016-9801"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>acho</packager>
  <description>This update for bluez fixes the following issues:

Security issues fixed:

- CVE-2016-7837: Fixed possible buffer overflow, make sure we don't write past the end of the array.(bsc#1026652)
- CVE-2016-9800: Fix hcidump memory leak in pin_code_reply_dump() (bsc#1013721).
- CVE-2016-9801: Fixed a buffer overflow in set_ext_ctrl function (bsc#1013732)
- CVE-2016-9804: Fix hcidump buffer overflow in commands_dump() (bsc#1013877).
- CVE-2016-9918: Fixed an out-of-bounds read in packet_hexdump() (bsc#1015173)
- CVE-2017-1000250: Fixed a information leak in SDP (part of the recently published BlueBorne vulnerabilities) (bsc#1057342)
</description>
  <summary>Security update for bluez</summary>
</patchinfo>