File _patchinfo of Package patchinfo.30125
<patchinfo incident="30125">
<issue tracker="bnc" id="1218301">VUL-0: CVE-2023-50230: bluez: BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability</issue>
<issue tracker="bnc" id="1218300">VUL-0: CVE-2023-50229: bluez: BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability</issue>
<issue tracker="bnc" id="1192760">VUL-1: CVE-2021-41229: bluez: memory leak in the SDP protocol handling</issue>
<issue tracker="cve" id="2021-41229"/>
<issue tracker="cve" id="2023-50230"/>
<issue tracker="cve" id="2023-50229"/>
<packager>joeyli</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for bluez</summary>
<description>This update for bluez fixes the following issues:
- CVE-2021-41229: Fix leaking buffers stored in cstates cache
(bsc#1192760).
- CVE-2023-50229: Fixed an out of bounds write in the primary version
counter for the Phone Book Access Profile implementation
(bsc#1218300).
- CVE-2023-50230: Fixed an out of bounds write in the secondary
version counter for the Phone Book Access Profile implementation
(bsc#1218301).
</description>
</patchinfo>