Your message dated Wed, 06 Apr 2022 22:19:42 +0000
with message-id <[email protected]>
and subject line Bug#1003712: fixed in bluez 5.64-1
has caused the Debian Bug report #1003712,
regarding bluez: CVE-2022-0204: Heap overflow vulnerability in the
implementation of the gatt protocol
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1003712: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003712
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: bluez
Version: 5.62-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for bluez.
CVE-2022-0204[0]:
| Heap overflow vulnerability in the implementation of the gatt
| protocol
Seems fixed with [2].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-0204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0204
[1] https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q
[2]
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=591c546c536b42bef696d027f64aa22434f8c3f0
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: bluez
Source-Version: 5.64-1
Done: Nobuhiro Iwamatsu <[email protected]>
We believe that the bug you reported is fixed in the latest version of
bluez, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nobuhiro Iwamatsu <[email protected]> (supplier of updated bluez package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 07 Apr 2022 06:35:07 +0900
Source: bluez
Architecture: source
Version: 5.64-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Bluetooth Maintainers <[email protected]>
Changed-By: Nobuhiro Iwamatsu <[email protected]>
Closes: 1003712
Changes:
bluez (5.64-1) unstable; urgency=medium
.
* Update to 5.64.
Fixed CVE-2022-0204 (Closes: #1003712)
* Update d/control.
+ bluez; depend on default-dbus-system-bus | dbus-system-bus | dbus.
* Drop d/patches/sdpd-Fix-leaking-buffers-stored-in-cstates-cache.patch.
* Update d/copyright
+ Drop nonexistent files.
Checksums-Sha1:
c23ac1a2531f72c7c642987d69fe1d98524c0edc 2735 bluez_5.64-1.dsc
8dce727a1facaaf7e7dfe02fe9310a678140713f 1761464 bluez_5.64.orig.tar.xz
ae49a7ac23a08b408c8091732d7534bc517c02b1 39820 bluez_5.64-1.debian.tar.xz
756390c5028119195ba0bc8bcacd3e7e1669e619 13090 bluez_5.64-1_amd64.buildinfo
Checksums-Sha256:
4f379a8d8f46ecc9f147af5df0c21a8ba88c7a2331ee0732eb8d14e4c3a768c3 2735
bluez_5.64-1.dsc
9f59032d5c60f0f39deeb9b9ac409e790af031ce8e57ddb7a1e7a4addbcf3a7a 1761464
bluez_5.64.orig.tar.xz
9d83c8a72c03c593d91d278ccb0104d0e54b6624846a259415489e311cff7319 39820
bluez_5.64-1.debian.tar.xz
c017cf678b1a231850fcda3195c1ebcc5711f4a538b2c22e2a2c97cd596a1b73 13090
bluez_5.64-1_amd64.buildinfo
Files:
0fe48894b2e4b87edca314a6824b791c 2735 admin optional bluez_5.64-1.dsc
14028d1c5dd22c266662fa3dd9433c75 1761464 admin optional bluez_5.64.orig.tar.xz
6d2088a85380bf11b97bb8c2bf802837 39820 admin optional
bluez_5.64-1.debian.tar.xz
6ec29886760e428ee225bd98679fb0b8 13090 admin optional
bluez_5.64-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXmKe5SMhlzV7hM9DMiR/u0CtH6YFAmJOCQUACgkQMiR/u0Ct
H6ay5A//ZqD9kvH0xF5D8aVR2EpmFWi7F3PGmJ9BgwlTa2V8mUJ72SCghpSW0OmQ
vqO0caZeeQQ0IeQ9rWUtJZfzJIIh8CP9C0pf8JQajHiDrTQgZU9MQp0p+oc4A+f9
zYqkTCybgwnTSV1jNE1xu76DwpQxce+SruTCpi4bEZt4Lvc6h4feBGVC/DUppgnK
6CsTGdtrScEChCzRPEBeMg5aTYifijcmJzUP0NzfC7T8OG1HrkUHEIMkbHT6y1gN
exhh/UkU9zp3InF68NJwporDUUpoFTnFL1wbfYydlxlAZb98Pp/fpiGu9xfLLOnu
Q/KeBqxHuDgqOeuTCxoCPXzKcviEv8glNCBMceUapd93Zyz1OjulO+O/vlvUxiko
LKYnOBN44NdGJNoB0R2m1NXCvNOzTDtZmqNeATN2ABAEbQZI2waM5uvx9jXeS2aj
TbEpkwC/Uz/6bQnKomvgZeI1p6U8/UoyPQ05K92QWHemuNxMKrwKhZRyE7+q40IA
w/wkqY8lWMewVPH9LbJOb3ossoneAUWeAHGs7O+VSDXWsC3GFH/t8gLsEvbQRsrK
tzPhKpSwtmjyWbO3NlRp9tKzm7IW1NoqT296/Z66kwMT0lza5AY1DZoLpJ60LFRP
fNoZ46r9j7+bnQx6H8GLPoOKTtl5T6+WndL/zENh3fRxCAlQ06s=
=SuuR
-----END PGP SIGNATURE-----
--- End Message ---
