summaryrefslogtreecommitdiffstats
path: root/meta/recipes-graphics/libepoxy/libepoxy_1.5.3.bb
diff options
context:
space:
mode:
authorAnuj Mittal <anuj.mittal@intel.com>2020-03-13 09:09:38 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-03-19 09:57:51 +0000
commitf9ef210967ab34168d4a24930987dc0731baf56f (patch)
treee3e3c2293b4bc777990827ccd37890fbc6c0f4a2 /meta/recipes-graphics/libepoxy/libepoxy_1.5.3.bb
parent9542f3282e9b25aaa97c24715a35c47923a07ecb (diff)
downloadpoky-f9ef210967ab34168d4a24930987dc0731baf56f.tar.gz
bluez: fix CVE-2020-0556
It was discovered that BlueZ's HID and HOGP profiles implementations don't specifically require bonding between the device and the host. This creates an opportunity for an malicious device to connect to a target host to either impersonate an existing HID device without security or to cause an SDP or GATT service discovery to take place which would allow HID reports to be injected to the input subsystem from a non-bonded source. (From OE-Core rev: d598f8eee0741148416e8660e10c716654205cb5) (From OE-Core rev: c940e4b858d6be28b198770768117ecc098fa0d3) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit bed169a07b04a7dc003958fa309e6ff761f85a72) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-graphics/libepoxy/libepoxy_1.5.3.bb')
0 files changed, 0 insertions, 0 deletions