Your message dated Fri, 15 Dec 2023 04:49:02 +0000 with message-id <e1re08e-004pwl...@fasolo.debian.org> and subject line Bug#1057914: fixed in bluez 5.70-1.1~exp0 has caused the Debian Bug report #1057914, regarding bluez: CVE-2023-45866 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1057914: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057914 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: bluez Version: 5.70-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for bluez. CVE-2023-45866[0]: | Bluetooth HID Hosts in BlueZ may permit an unauthenticated | Peripheral role HID Device to initiate and establish an encrypted | connection, and accept HID keyboard reports, potentially permitting | injection of HID messages when no user interaction has occurred in | the Central role to authorize such access. An example affected | package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some | cases, a CVE-2020-0556 mitigation would have already addressed this | Bluetooth HID Hosts issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-45866 https://www.cve.org/CVERecord?id=CVE-2023-45866 [1] https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: bluez Source-Version: 5.70-1.1~exp0 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of bluez, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1057...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated bluez package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 14 Dec 2023 22:32:44 +0100 Source: bluez Architecture: source Version: 5.70-1.1~exp0 Distribution: experimental Urgency: medium Maintainer: Debian Bluetooth Maintainers <team+pkg-blueto...@tracker.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 1052983 1056996 1057914 Changes: bluez (5.70-1.1~exp0) experimental; urgency=medium . * Non-maintainer upload. . [ Helmut Grohne ] * Fix FTBFS when systemd.pc changes systemdsystemunitdir (Closes: #1052983) . [ Chris Hofstaedtler ] * Defer udev file placement to udev's pkg-config data (Closes: #1056996) * Install hciconfig into /usr/bin instead of /bin . [ Salvatore Bonaccorso ] * input.conf: Change default of ClassicBondedOnly (CVE-2023-45866) (Closes: #1057914) Checksums-Sha1: aa2b13114d9afcae3969887114c8c27280953ab0 2931 bluez_5.70-1.1~exp0.dsc d862a26517a90102f34a1fd55f03cb1ccd3ddcec 40952 bluez_5.70-1.1~exp0.debian.tar.xz Checksums-Sha256: b574b5de53f5e30678d7739c0faebff711f4594a9ead0d65d31c23573d497300 2931 bluez_5.70-1.1~exp0.dsc 47137265c3495c7975a5e690b040a3d18a6bf0e1b5f3034dd3476690d095ec96 40952 bluez_5.70-1.1~exp0.debian.tar.xz Files: 0b4ee2d33087aecaadbe68a8e4ad6389 2931 admin optional bluez_5.70-1.1~exp0.dsc ea761a012caff825d8ebb0fdffaa278f 40952 admin optional bluez_5.70-1.1~exp0.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmV7daRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EwBUP/io4r7cBDKrsZmbUA0HaA1L2pnayWBjY hL/7D95FvgdmqNonlobmV2F53WLBrlpZ7HDUgRl7QD83+/8y9a6U0BvzS9FYOPPo B+5brqNg9IoLTBIQHsNX8g7OXWvWTr3XDHNabLpqH+jwG1RIbBzlK4XF8yHAYv5E nf8ylVp87ANxL/bYO3PpPo+FEYrLWZKS1OMmMw8HtIWk7FNnsA6Vwu9/uUSL1d6J e59VtLt2Jv7hOySDvagGxR18T5zoFaLV/dvznQ/bAhXa0OwhgIaEKNRC47qmQ+oT N51iNMWYhaNMEHBmN5BYgWtRd4FZdcgGe4upsVBr6y42GSZvSpR+ttnEHlf5gCeq nsSiaNWbLSnw62+TxsQTlw+98rOTc/DcAZZvAB1mN8NUZwrCCkc+wgjDyTpxWztI fQW7G6UgRoLly8udA5j9gUjAhrWuUZ1MYZgwhpHQH4abJu4JuNlh87xRKeRwiCUZ DtuctBhzflo1klhVc1yuLOT9cxBX8Wd3hoARjarY7T/iCMmod4srQThzGlwANhTn dUV5x2PPY6raLBT6uBPjvoxNUBVdYcyvqp9Bs7c1+DXvCCxNIJA62y949LHMx4TQ k3zlf1lCYGFwHnkwJ+Fafr7McEZibAGk3CyFIikJ3V/LFm0vaHf+vxxJ+Jtvvkyi jFbA8UhqblWL =6Brh -----END PGP SIGNATURE-----
--- End Message ---
