Your message dated Wed, 13 Sep 2017 23:19:27 +0000 with message-id <e1dsgwj-000bvb...@fasolo.debian.org> and subject line Bug#875633: fixed in bluez 5.46-1 has caused the Debian Bug report #875633, regarding bluez: CVE-2017-1000250: information disclosure vulnerability in service_search_attr_req to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 875633: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875633 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: bluez Version: 5.23-2 Severity: grave Tags: patch upstream security Hi, the following vulnerability was published for bluez. CVE-2017-1000250[0]: | All versions of the SDP server in BlueZ 5.46 and earlier are | vulnerable to an information disclosure vulnerability which allows | remote attackers to obtain sensitive information from the bluetoothd | process memory. This vulnerability lies in the processing of SDP | search attribute requests. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-1000250 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250 [1] https://bugzilla.novell.com/show_bug.cgi?id=1057342 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1489446 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: bluez Source-Version: 5.46-1 We believe that the bug you reported is fixed in the latest version of bluez, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 875...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nobuhiro Iwamatsu <iwama...@debian.org> (supplier of updated bluez package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 29 Jul 2017 04:56:04 +0900 Source: bluez Binary: libbluetooth3 libbluetooth3-dbg libbluetooth-dev bluetooth bluez bluez-dbg bluez-cups bluez-obexd bluez-hcidump bluez-test-tools bluez-test-scripts Architecture: source all amd64 Version: 5.46-1 Distribution: unstable Urgency: medium Maintainer: Debian Bluetooth Maintainers <pkg-bluetooth-maintain...@lists.alioth.debian.org> Changed-By: Nobuhiro Iwamatsu <iwama...@debian.org> Description: bluetooth - Bluetooth support bluez - Bluetooth tools and daemons bluez-cups - Bluetooth printer driver for CUPS bluez-dbg - Bluetooth tools and daemons (with debugging symbols) bluez-hcidump - Analyses Bluetooth HCI packets bluez-obexd - bluez obex daemon bluez-test-scripts - test scripts of bluez bluez-test-tools - test tools of bluez libbluetooth-dev - Development files for using the BlueZ Linux Bluetooth library libbluetooth3 - Library to use the BlueZ Linux Bluetooth stack libbluetooth3-dbg - Library to use the BlueZ Linux Bluetooth stack with debugging sym Closes: 875633 Changes: bluez (5.46-1) unstable; urgency=medium . * Update to 5.46. * Update debian/control. - Bumped Standards-Version to 4.0.0. * CVE-2017-1000250: information disclosure vulnerability in service_search_attr_req (Closes: #875633) Add patches/CVE-2017-1000250.patch. Thanks to Salvatore Bonaccorso. Checksums-Sha1: 0001f0c58194a0c3a8267cdcdfe100be80159b77 2735 bluez_5.46-1.dsc 4c1573e938d8300cfd95a02492bf2ef6e89defc4 1428036 bluez_5.46.orig.tar.xz d7273aff514d41bb5ce37f834c3b019b1c6f02c4 27612 bluez_5.46-1.debian.tar.xz 3075a68c1bd653bedbdd2fb96786be9ebc96150a 41726 bluetooth_5.46-1_all.deb 64197feb1267ae1d5493b77adae66961e1007b18 144404 bluez-cups-dbgsym_5.46-1_amd64.deb 9b638869927125da2b7135fc52276ad8ac8b6df5 98020 bluez-cups_5.46-1_amd64.deb 50120670ea14b4d2e59119230a0b65905ee9200c 3730766 bluez-dbg_5.46-1_amd64.deb 464a0d773a7aa5eb6cdaded2129dc010661e92b9 444836 bluez-hcidump-dbgsym_5.46-1_amd64.deb ceade507e747c70ff5d232f347da830769e0aaff 172914 bluez-hcidump_5.46-1_amd64.deb e03ec2dfc6228c1d4ae2a9422598e0c2de9e262c 507486 bluez-obexd-dbgsym_5.46-1_amd64.deb 484b147fb4b1ef9e9fa999ed76762bbfaed73a9e 201336 bluez-obexd_5.46-1_amd64.deb a646e5aaac93a99e23e6b3a4b8ce4fa2188fbf06 83262 bluez-test-scripts_5.46-1_all.deb 1d6cc00dcc97bf9dd3b3d24c9224d13559282843 1773502 bluez-test-tools-dbgsym_5.46-1_amd64.deb 0b6fc189138e33c5dee25d6d5c81909606b9208f 255886 bluez-test-tools_5.46-1_amd64.deb 48e7453b571274bf876444c2fe060f4ca94f24d9 11080 bluez_5.46-1_amd64.buildinfo a0256ebd65d6acc3c59dcce5961ef88303b19812 973968 bluez_5.46-1_amd64.deb 3c0d0442dc927911f37f57266377ea15614d6548 283448 libbluetooth-dev_5.46-1_amd64.deb 84e082f6200477f2c146d166711f1e69aaee46bb 155850 libbluetooth3-dbg_5.46-1_amd64.deb 07ae1bc81258d0279d8a4a5eee266ac27b8935d8 98376 libbluetooth3_5.46-1_amd64.deb Checksums-Sha256: e3d1388436c0772b02dc3fd783f6ab8b4760e4c777015f9240713da782995dac 2735 bluez_5.46-1.dsc 7a0fe86950a1ba0fe2702286434f88f372bb3df461703cd5b8e94ba0c3f367a3 1428036 bluez_5.46.orig.tar.xz b768c29eb9799b08b2aa13cd7fbd21076431e8564aaf2ba6d91d2235adf1adc7 27612 bluez_5.46-1.debian.tar.xz 4081e0ddf3ac0d21806dc2832247a850e3ec1f9ba169c751db3289573987e65e 41726 bluetooth_5.46-1_all.deb 1f841d41cd5dfe563ae542891669869767af7f890f3423a9585120f9be6d3efd 144404 bluez-cups-dbgsym_5.46-1_amd64.deb cb66d70e66ed7dfec8b99e9c58cdf63001f123a6ace635f235f7c73543665099 98020 bluez-cups_5.46-1_amd64.deb 92a1660affc9c6d86333eb2f7d0bbf9529b38d27a5cfe9990b3d892f8da4a060 3730766 bluez-dbg_5.46-1_amd64.deb eb31a395fd9e165709f93ec09aa445ff1de729435863a76c1a3b8b3a8f1b4b4f 444836 bluez-hcidump-dbgsym_5.46-1_amd64.deb 4bfa5b7f2671c5172eb5fecf6b01cce6c139901d2a7d2bb4642d92476ff7ed9f 172914 bluez-hcidump_5.46-1_amd64.deb 0ebf39378b03805633eb7b550f817ded432e310890f7b7371efd3123789886c6 507486 bluez-obexd-dbgsym_5.46-1_amd64.deb 5040e1a067de0dbc0d0b009ffceae9621e04cc7e42166aef06cc2ba5f2de87cc 201336 bluez-obexd_5.46-1_amd64.deb 891eece67a572e3a62ad5f684f422e7caafde752a017ed3e2566ea4d819dd7a0 83262 bluez-test-scripts_5.46-1_all.deb 4b0c1b1efdae1a6ec2ffc9acead3a9bb6b48c64272b57217bae081c30e0fbb78 1773502 bluez-test-tools-dbgsym_5.46-1_amd64.deb 15064f8807b591e28458d6c3703626b1a3f82314d0a2db7120efd3abad2fe196 255886 bluez-test-tools_5.46-1_amd64.deb 5bb1e2084d42fbc0740fa2aec1910a7f314086c1f2a7ef4a172dbe228d0fcd7b 11080 bluez_5.46-1_amd64.buildinfo 16488483cca645213a5d0b74f103a5ad5e8b52c3968f20a3eb178dbb2152db63 973968 bluez_5.46-1_amd64.deb 22b53af0148c396cb3b6f0996709aab0c645e02223bef3c18698512f8b6b5f9a 283448 libbluetooth-dev_5.46-1_amd64.deb 10445545f45dfa4d678afcc74c601a7255b6b795e8090914fdf92850f67fb0b9 155850 libbluetooth3-dbg_5.46-1_amd64.deb 55b3c9eb330e24665efe95f036e1fd53d850d3cbd438e718167a844753311c74 98376 libbluetooth3_5.46-1_amd64.deb Files: 5c82aa71c90b525f3e3cbf221c3135f2 2735 admin optional bluez_5.46-1.dsc 8086590d2030c830ceb7712fde1ba2f6 1428036 admin optional bluez_5.46.orig.tar.xz e27d7fdbad20b08fd1ee009e794a701a 27612 admin optional bluez_5.46-1.debian.tar.xz 0a4eee0985aa6884d34b085d48e5065f 41726 admin optional bluetooth_5.46-1_all.deb 2e0a215966fbaddfe6041570a236d831 144404 debug optional bluez-cups-dbgsym_5.46-1_amd64.deb 18678accb8c1dcc44fb97b03f39fd03d 98020 admin optional bluez-cups_5.46-1_amd64.deb 8ad5e87fa760b50f0f0243f665daccd1 3730766 debug extra bluez-dbg_5.46-1_amd64.deb d67d6f71ad0a75869f59b9c871f7c5fc 444836 debug optional bluez-hcidump-dbgsym_5.46-1_amd64.deb 9c24428c96a5e02eb9252347429ee0d1 172914 admin optional bluez-hcidump_5.46-1_amd64.deb 4eb744a16dcb1e16bef923d8b9e93ca1 507486 debug optional bluez-obexd-dbgsym_5.46-1_amd64.deb 5363a55f8bed23848c3dc0db376b1669 201336 admin optional bluez-obexd_5.46-1_amd64.deb cc1a58c22b4ffe24fc294867a13214fb 83262 admin optional bluez-test-scripts_5.46-1_all.deb 06454404b6df55657d8a68c7ace9afdd 1773502 debug optional bluez-test-tools-dbgsym_5.46-1_amd64.deb 1669ab0e310844a98ac8a29eb1442adc 255886 admin optional bluez-test-tools_5.46-1_amd64.deb 09c884927cd02149200e5c2a61b7757d 11080 admin optional bluez_5.46-1_amd64.buildinfo 7442aeabfb3e200df381c15e2e35b973 973968 admin optional bluez_5.46-1_amd64.deb 56b2f194f9cb577e780b23e51f168549 283448 libdevel extra libbluetooth-dev_5.46-1_amd64.deb 338da18d7ab07921506dd1c969cf87d2 155850 debug extra libbluetooth3-dbg_5.46-1_amd64.deb e1ebe3c721a3625530d7b2c96587da1d 98376 libs optional libbluetooth3_5.46-1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEXmKe5SMhlzV7hM9DMiR/u0CtH6YFAlm5um0ACgkQMiR/u0Ct H6alqg/9EYFa5NJNF+bUOeVVCUBr8264HLCVBp9lwn/sTkgY0w1oFMXL5rR7hL/N ga5rwTjWa06cgqYEWF0i26UISNrhCd2RwYXksZlkmcWtejsqs+EHtRLePFM0izge Kqie0fqtvIPrYfVBG9o1voS4oOrRznc1CxE8rPNNuFoblQ9t7o+9SNKUTkh2GxQP Q+FuYfzza5Ti/eaNPlBRYkdV/0vUFc6oZa6EEJdEWrvmjJXoWAjbE1qlOG6IF5nD M52sZaxAe7ommxTkhWyYqd3KP8UanPoDUwuDBO0R0Vn83o/47PW34Lokt0SYiXz8 Iv/qzamtwqGjVaPXwxdd8M71CyivESUurlXK1l6RyVnpMinfdNEaojQL6/0tyh3Q 7kGmdF4IgE0ZtyilSM9/AEjLm3kqgMsAclBoKWIyzrvpf7NPNCtldbXdv7ULupHQ zhH3kXg9rtBfkonYv4svhvuYOyADOxZk8GZjihZWjhnU83SXakOH0FGEC/Zu5p8f RkuncwCZjl7aYgOrvBJYmECXeRRvr5AR7tPGLOlZajLdotKk2JuV2TBshcnUsMUg 4d9m3QgZnLvuibZay4BeenclYn3UKmw4UjjRbNN5lTaCKLn7FOvnXuj6qAmemW1Y CbcDb0jiTbMqzIWzMzRkmEGYqZY6Ga5IyQrPAevCCIgevuo99Dc= =L2cl -----END PGP SIGNATURE-----
--- End Message ---
