Your message dated Thu, 19 Mar 2020 08:40:12 +0000 with message-id <e1jeqiq-000gtx...@fasolo.debian.org> and subject line Bug#953770: fixed in bluez 5.50-1.1 has caused the Debian Bug report #953770, regarding bluez: CVE-2020-0556 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 953770: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953770 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: bluez Version: 5.50-1 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 5.52-1 Hi, The following vulnerability was published for bluez. CVE-2020-0556[0]: | Improper access control in subsystem for BlueZ before version 5.53 may | allow an unauthenticated user to potentially enable escalation of | privilege and denial of service via adjacent access. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-0556 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0556 [1] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: bluez Source-Version: 5.50-1.1 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of bluez, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 953...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated bluez package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 13 Mar 2020 21:31:22 +0100 Source: bluez Architecture: source Version: 5.50-1.1 Distribution: unstable Urgency: high Maintainer: Debian Bluetooth Maintainers <team+pkg-blueto...@tracker.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 953770 Changes: bluez (5.50-1.1) unstable; urgency=high . * Non-maintainer upload. * Address INTEL-SA-00352 (CVE-2020-0556) (Closes: #953770) - HOGP must only accept data from bonded devices - HID accepts bonded device connections only Checksums-Sha1: aef649dcfa147a0ee185fccdbc18674a99543277 2711 bluez_5.50-1.1.dsc a06ffbed1b44e3e50fe2636197fbc96851d01cbe 33932 bluez_5.50-1.1.debian.tar.xz Checksums-Sha256: a6779f61f6f06e938f1da71edf0e0c4f1b0c4fd1e0aed749395c2d83485207f0 2711 bluez_5.50-1.1.dsc 95775ffd106234cd1d516e3cbe1187bb8f4e4962d0f399362b1e4a31c7c31ddb 33932 bluez_5.50-1.1.debian.tar.xz Files: 13c07c1762cf6fccbe233acf68ce215c 2711 admin optional bluez_5.50-1.1.dsc 7b56cfc049f8ba34b1218533854d8cba 33932 admin optional bluez_5.50-1.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl5skAJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EtMYP/2yLgskW8Ove/e/0HmRGq1WVEvEJc1Uj Q0kHp8m+1tzM/yxnC0AffVtJtqNdTjZ8xdQPHFnTqr7kj2MeEkkaE5CVD2Zojdaq Fi521TyltPKvRXYnc4wgmIZp8/+XQklGS93WkFx74g+4oebr5fNxEbuh0QY2crAe 25t9UysYOESEw15G1+FhgIexDQNB9Tc9LeGMtCTfu6ggWHawxAN0+P5FET9A3U7e SNuygZ2ob06zdfrQASIXOmiyGL8CPfizO7yyoRCVrbOG3gDijkdu+WPXBqYLxEA7 0Fz9S7uJAdJuyfsJG0xpUxJKjEfdjujXvZOVzZ0NPjYFX+M3Lzn+uJFdcwZ1HfP1 rKcKoErhxcSfRjvQA2y3p048mc3ty4yHomkMY4fXL7S0k/tfTRd3Bman3oWsspdv Q55DnOBQavgULLV0/s+HWWsHdGcoYRDj+FRjBiJn9vSAIvEXTF5fgWtSOmjf4P09 7qE6yH6xa7TILDeXqDY60VQBBGL9Yu7qBGqq7StyKZl8Ue32QDBrp+4KbnP/wT7j u0lnIrIcJTWJYHANPojxV1SGagrsupo+z+gVbrH27GSKg97pPV1nUJUcknXUr1SO uQBvn/uzdcXl73xY7PrWFUwlSPqFDhk0iZQ7imhL4s88thd9rPIXJzhFSrD+np3G 9uw191EyqOH0 =W2ql -----END PGP SIGNATURE-----
--- End Message ---
