Your message dated Sat, 12 Jun 2021 20:18:24 +0000 with message-id <e1lsa5i-0008rh...@fasolo.debian.org> and subject line Bug#989700: fixed in bluez 5.55-3.1 has caused the Debian Bug report #989700, regarding bluez: CVE-2021-3588 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 989700: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989700 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: bluez Version: 5.55-3 Severity: grave Tags: security upstream Forwarded: https://github.com/bluez/bluez/issues/70 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for bluez. CVE-2021-3588[0]: | The cli_feat_read_cb() function in src/gatt-database.c does not | perform bounds checks on the 'offset' variable before using it as an | index into an array for reading. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-3588 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3588 [1] https://github.com/bluez/bluez/issues/70 [2] https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1926548 [3] https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3a40bef49305f8327635b81ac8be52a3ca063d5a Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: bluez Source-Version: 5.55-3.1 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of bluez, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 989...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated bluez package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 10 Jun 2021 21:34:56 +0200 Source: bluez Architecture: source Version: 5.55-3.1 Distribution: unstable Urgency: high Maintainer: Debian Bluetooth Maintainers <team+pkg-blueto...@tracker.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 989495 989614 989700 Changes: bluez (5.55-3.1) unstable; urgency=high . * Non-maintainer upload. * main: Don't warn for unset config option (Closes: #989495) * shared/gatt-server: Fix not properly checking for secure flags (CVE-2020-26558, CVE-2021-0129) (Closes: #989614) * gatt: Fix potential buffer out-of-bound (CVE-2021-3588) (Closes: #989700) Checksums-Sha1: 43088621155389d56643c7ca69862f11c667dea1 2884 bluez_5.55-3.1.dsc 2a518a8f32286fb99003be2d1fb97c34f10b6c46 35236 bluez_5.55-3.1.debian.tar.xz Checksums-Sha256: e7c6c6ec99c424816d900cb8edcda82ffec2c2c7c0eafaec0721939848e0fe72 2884 bluez_5.55-3.1.dsc 1afdaa4b1e3ae66e8181b879910abcbf7d693d0a6b3f0b4f22b136efc1e650df 35236 bluez_5.55-3.1.debian.tar.xz Files: 379cd0a0154edecd6c203496ae9abd7a 2884 admin optional bluez_5.55-3.1.dsc 296230c600fd215fd912510167d53044 35236 admin optional bluez_5.55-3.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmDCbW1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E6rQP/3xqshBh5hp5ZeapYCWzjY6b3jkjIYco CjDwc7NqK4+YV7cPun4/PHKagKT1r6FqOahHTR7JaP4R9HwRaaA8A5mvEQOhTapS b4sZnIY5oyrG5jg/v9ylW7pIPjaJphxRtF/lndx2pP2c2coIEMFrzHGf+UngLdOl yv4F85R+eH5Li3zLskE2bmqi9m8HCjPNZ2BJs18W0kwvk4GqJ2/ZsvJFqMqkoiBm vrCz8N8h/XG6/gu/IKlXGW18GB66P2I4fyDG6JHyLQjxCN4vyzc5jiwEwqiGNpN3 FsV0MLvMDRpYBkWupxaxTPemDGjPn8bgb33TAJH1w1vha+8kyskucaeXFDWUWjx9 sLT8f9fTbiRTDuJJEEeNkSns3mhbxhGpUDALFAsZOjbNs0PewaN35YbAxl51fOIt cmVcqukGORG0jYp9A8NSz2At9OHK2zl5sDeH4+O+Dl5Ug4rxAj9HwYvK8ShhksKr /9GvMuZiO7T5Zov7WbOYLEulskl5rTI4Vgjvq29w0f1K+5qS4dhcemGRsysJeX75 dJmd3IwfqjmMnzaFYOZMDNd/WkELUj8mDgcYUZNg16mvWv0HaF7rlY41VJ+6ta+Z GphcIfrbFUoKN42j2ugk+EYBft/nzBo+Y0lYTXwa5BaokM76bM8jXd6tx7gI9mo7 rZ8a40dJCT32 =H6kw -----END PGP SIGNATURE-----
--- End Message ---
