Your message dated Fri, 15 Dec 2023 20:35:01 +0000 with message-id <e1reeth-008o3m...@fasolo.debian.org> and subject line Bug#1057914: fixed in bluez 5.70-1.1 has caused the Debian Bug report #1057914, regarding bluez: CVE-2023-45866 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1057914: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057914 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: bluez Version: 5.70-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for bluez. CVE-2023-45866[0]: | Bluetooth HID Hosts in BlueZ may permit an unauthenticated | Peripheral role HID Device to initiate and establish an encrypted | connection, and accept HID keyboard reports, potentially permitting | injection of HID messages when no user interaction has occurred in | the Central role to authorize such access. An example affected | package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some | cases, a CVE-2020-0556 mitigation would have already addressed this | Bluetooth HID Hosts issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-45866 https://www.cve.org/CVERecord?id=CVE-2023-45866 [1] https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: bluez Source-Version: 5.70-1.1 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of bluez, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1057...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated bluez package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 15 Dec 2023 20:57:14 +0100 Source: bluez Architecture: source Version: 5.70-1.1 Distribution: unstable Urgency: medium Maintainer: Debian Bluetooth Maintainers <team+pkg-blueto...@tracker.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 1052983 1056996 1057914 Changes: bluez (5.70-1.1) unstable; urgency=medium . * Non-maintainer upload. * Upload to unstable. . bluez (5.70-1.1~exp0) experimental; urgency=medium . * Non-maintainer upload. . [ Helmut Grohne ] * Fix FTBFS when systemd.pc changes systemdsystemunitdir (Closes: #1052983) . [ Chris Hofstaedtler ] * Defer udev file placement to udev's pkg-config data (Closes: #1056996) * Install hciconfig into /usr/bin instead of /bin . [ Salvatore Bonaccorso ] * input.conf: Change default of ClassicBondedOnly (CVE-2023-45866) (Closes: #1057914) Checksums-Sha1: 416e174fe2ecfd863bd042d63152c84ea5659e6e 2911 bluez_5.70-1.1.dsc 4ba1f274406fa09f9552fe33bc967b70db2c6d0c 40984 bluez_5.70-1.1.debian.tar.xz Checksums-Sha256: 44307403a61d21fa46c0ffdb000d8905001960f40f2e463ea905a162144c7142 2911 bluez_5.70-1.1.dsc 54287ae0d36358238377f86537da00fa0cb0bb4615a99c3c7d8cb605ab350f84 40984 bluez_5.70-1.1.debian.tar.xz Files: 63bf2f4acf78ef42eab77049056657f9 2911 admin optional bluez_5.70-1.1.dsc 2bbe02d6e6b37fedc84505faf8e35cf9 40984 admin optional bluez_5.70-1.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmV8sUFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E35YQAJGG0B9xidSFTR1d1IwsRNAB1qghU7YW Glk0XPviC4+4UERNjmE2EjHnz1jiIeKB87BflGtmGofE4pWNCPcmHIluLnVjJnWk 59erMvL1A1T2fF7BLjoshAUtB0YlhkI9jP0eG+R0+l8+dp5nkybakxVr9M+n3rVH vvPXibe0qhu33QkFF54O6Ob3v0W7mulwm/ji+uAN2W6Rs+HwZdbithK2fDKPnlmM 3ID5kmXX4aKLo8FO4VTdjnZAm721sFf9gd+AhXmV50Xv/XIJTriJqCKsFqlpmD1+ xSWso5+RvBLbZ8nTVKKsyvZMAO/vz3HAGYrpPcSB2oOdKViE8IyreGN3jE6c/tq0 cNhsrOW6ObisJOk40eDtiwut7tJrBNtsjgXCxbXuLKPGdiaY7awvN34kC86PPKQ2 JK7gRmHLRKhoBvdmSr6ie5mFlYTUlKwalVTlCtteep6bQb64nTY6zLR3FWASihaB pGNmX2udbvK+FMVlHZtRqu8C3Phh7sB8+gbHOTM3B0KabWe62tqzdgZcD0GS86w2 zTR9GnK2h8ogxsHacRC5CYzmzbJvbatuzQSlHYv6BIQymSB4lbgl0BRoTvYAVjZe shFe7KRAE23IDFugH/P57wm+/8Kdvn6YngRiKG5E3NqliSstZWqtZZEJOwn4gAVn ZLvYa7S4jtGF =GC1i -----END PGP SIGNATURE-----
--- End Message ---
