Return-Path: <linux-bluetooth-owner@vger.kernel.org>
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Subject: Re: CVE's CVE-2016-9797 to 9804, CVE-2016-9918
From: gw rdk <gwcpesi@gmail.com>
In-Reply-To: <CAFZwcqVpwTvphhTFN15ttbZNj9m1e6wEqEh8g3BDCafkuYeSUQ@mail.gmail.com>
Date: Thu, 1 Jun 2017 12:31:48 -0700
Message-Id: <22E34ABC-A5CD-4F06-9453-F6B1A4BE8C66@gmail.com>
References: <CAFZwcqVpwTvphhTFN15ttbZNj9m1e6wEqEh8g3BDCafkuYeSUQ@mail.gmail.com>
To: linux-bluetooth@vger.kernel.org
Sender: linux-bluetooth-owner@vger.kernel.org
List-ID: <linux-bluetooth.vger.kernel.org>

Hi =E2=80=94

We'd like to update our bluez - can you tell me if these vulnerability =
reports were addressed?  They aren't specifically called out in the =
change log and a spot check doesn't show, for example, a fix for the =
issue in packet.c=20

Were they determined to be too low-risk? or invalid reports?



Any info appreciated, thanks in advance.
gw (on behalf of customer)


https:// nvd.nist.gov/ vuln/ search/ =
results?adv_search=3Dfalse&form_type=3Dbasic&results_type=3Doverview&searc=
h_type=3Dall&query=3Dbluez