Your message dated Mon, 30 Mar 2020 21:32:23 +0000 with message-id <e1jj219-000avv...@fasolo.debian.org> and subject line Bug#953770: fixed in bluez 5.43-2+deb9u2 has caused the Debian Bug report #953770, regarding bluez: CVE-2020-0556 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 953770: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953770 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: bluez Version: 5.50-1 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 5.52-1 Hi, The following vulnerability was published for bluez. CVE-2020-0556[0]: | Improper access control in subsystem for BlueZ before version 5.53 may | allow an unauthenticated user to potentially enable escalation of | privilege and denial of service via adjacent access. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-0556 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0556 [1] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: bluez Source-Version: 5.43-2+deb9u2 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of bluez, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 953...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated bluez package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 22 Mar 2020 10:42:49 +0100 Source: bluez Architecture: source Version: 5.43-2+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian Bluetooth Maintainers <pkg-bluetooth-maintain...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 953770 Changes: bluez (5.43-2+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Address INTEL-SA-00352 (CVE-2020-0556) (Closes: #953770) - HOGP must only accept data from bonded devices - HID accepts bonded device connections only * input: hog: Attempt to set security level if not bonded * input: Add LEAutoSecurity setting to input.conf Checksums-Sha1: 7a264b6056fb3b369384cae4de6a8658251f35ce 2936 bluez_5.43-2+deb9u2.dsc 77eae3c847bb6eb5fb6cf9e3df07e9cbfaecad24 30480 bluez_5.43-2+deb9u2.debian.tar.xz Checksums-Sha256: 97be0c87939413d3566e7967e118fde4db1033cf7efa12155b2e02155292496f 2936 bluez_5.43-2+deb9u2.dsc 442c6f2f55194f496b86f394df77684c09a546b6e4a39feff111dd2403bd9eed 30480 bluez_5.43-2+deb9u2.debian.tar.xz Files: 34151ebe4c576cce276f1d3d24c0dfce 2936 admin optional bluez_5.43-2+deb9u2.dsc 1e2c4aef142c2fe1d95c89def1a216bd 30480 admin optional bluez_5.43-2+deb9u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl53NQFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89Eq9sP/2Wi9pIeZuw3kfGvgeR9gBMCOp8UKmyl PWVOG7xQBhTDJr7dfntPau511VQ1paqcZBrWG6xmS0S2Vw3UCXTo1rpU8p2U4YMD cIBaKbYdsEramqStnIIriQLCPVkz1K87RPNGXpSulUyuDNI9/KEtjSpr7xbxVUBZ sE76EDn92qPcRmdQ5/Hg9kqw9CxsKc+Y78nD+3UchCY7RJp8v+d9xSGwVzcPZgwI NLs22GCAiusYXKKqDzNiTyvsjuB3ZKtS5NCTjPq6dsOOhS554J0OZM9/Y7+XMQnj YQzQpegKejvZGdeQ5m3tB7RvSQnAHrupuiFcQxsPC4lylce7kmYig7uftGs/PtEy AG+s+PVEqKaIWTdR8wy+cMk8PDuSEWh3mErh4Vm5CroazjvbYLzf1RUsWjGtvLWq dFx9OVo4+CpzZL3XG9BE+XM/+H6OmwQPnbSFImmdOBETea9V1vtrlj4IK+8akwFQ DVzefeHhPP4BCmldyCGId08r23AABvNc7r9Gwa0E9/URLwAjn1HqPs0XhlYZ0tju x8E9XJq+UWwjGO+YEmgNdS4W+mH5uArvtlhXD5IyZeK/SIh1Oeag1iSeVqKEL9z9 Aw/QmOf6c+uBvirzrg6lmTuQxRJVeRLVBTcuqtv34z8a3Rn9HkfonLYhGCIKLcne EoI5eoQSZ2FI =hMa4 -----END PGP SIGNATURE-----
--- End Message ---
