Your message dated Sat, 28 Mar 2020 18:02:23 +0000 with message-id <e1jifmp-0003kf...@fasolo.debian.org> and subject line Bug#953770: fixed in bluez 5.50-1.2~deb10u1 has caused the Debian Bug report #953770, regarding bluez: CVE-2020-0556 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 953770: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953770 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: bluez Version: 5.50-1 Severity: grave Tags: security upstream Justification: user security hole Control: found -1 5.52-1 Hi, The following vulnerability was published for bluez. CVE-2020-0556[0]: | Improper access control in subsystem for BlueZ before version 5.53 may | allow an unauthenticated user to potentially enable escalation of | privilege and denial of service via adjacent access. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-0556 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0556 [1] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: bluez Source-Version: 5.50-1.2~deb10u1 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of bluez, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 953...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated bluez package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 22 Mar 2020 10:55:38 +0100 Source: bluez Architecture: source Version: 5.50-1.2~deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Bluetooth Maintainers <team+pkg-blueto...@tracker.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 953770 Changes: bluez (5.50-1.2~deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Rebuild for buster-security. . bluez (5.50-1.2) unstable; urgency=medium . * Non-maintainer upload. * input: hog: Attempt to set security level if not bonded * input: Add LEAutoSecurity setting to input.conf . bluez (5.50-1.1) unstable; urgency=high . * Non-maintainer upload. * Address INTEL-SA-00352 (CVE-2020-0556) (Closes: #953770) - HOGP must only accept data from bonded devices - HID accepts bonded device connections only Checksums-Sha1: e810369eceb75489b4220a3fdfc1c11c9e045f83 2743 bluez_5.50-1.2~deb10u1.dsc 43669b5d969026c361313e739a034f79ab15fb01 1498252 bluez_5.50.orig.tar.xz 5fd3f1bf3a447fc5d01babd9b2125dda868a7b7b 35060 bluez_5.50-1.2~deb10u1.debian.tar.xz Checksums-Sha256: ba9e3acc6d8d234498d1db98816499350e4c7607dd2b3fd7637cf321507e57b6 2743 bluez_5.50-1.2~deb10u1.dsc 289aa3b5ab92ab4ca1b58d034e72b082e7c91b78634f48df6293554eda4d04ec 1498252 bluez_5.50.orig.tar.xz bdf75164e435ceefd4b176fc5a7a4cb05bfd2afefc8ebdc02f6c19cab4c55d56 35060 bluez_5.50-1.2~deb10u1.debian.tar.xz Files: 5d2b22db1cb8150825f78f3f99d2d8e3 2743 admin optional bluez_5.50-1.2~deb10u1.dsc bbedd1beaa03610cf9f10bd2cede9ec0 1498252 admin optional bluez_5.50.orig.tar.xz 311390b60c84ed21ceb4f6882bfea413 35060 admin optional bluez_5.50-1.2~deb10u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl53NyhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EpcMQAJXYEm27tc0A6wy1j+JkZxw3PwW7DXL5 pkRraeaDqr8RdRK2BIgGI0rg7J8bBbEydzYNc/j4WxW6lsLmGExoJZ/vyyB5JyWr G5Z58Pta3hi6xmpxGMLF8PUK7rSZCrf7mh08YeAXfmcdID28Yr22xZmSkbsiWcvO +lZ/UXO9w+1mnnDcdJIAaZWxmcWpFWmdZca/+fswiGnFeuXkgyHhqnxsVse9U6Hq 825nrfuQP2ver1T2ykmRA57n6BhbmMrZJffQbx5FMpE66eo3xkn1juN5Q/281E1s rhFCxL+ih7aWDycsigC7kJOwrnpBqk5cOUSjdg3uSs/SiAk2DyPCsay4nHjohDby rJjjTgGaJoBeksKE0Id7GM8Qv3WbRnzyablkxr4OPRcmBWoZ3wVpST8rJylHFNSV sMxH/A2/q/mUAwvm3tn6Pz6UIYkndSJ0FvbqDRIp837Qz3uPpp/LTx9EW6joUSkY sKa4QKgqtnFI77mpRoBNc2r+/vXqGReAHcpaL68RPvYGHp5e5TB5sQZ/1FEqLuTf 4FhvMeXowoVyjmic1XgOaEo0gIY6tiMYZOMxpdiZqcyKPQiSvh0mTkpb8SqxX3Q1 SZgBvyYV8BOSGZMvv5AU/KoX6OnT54PlAmSPL2gpyjhjJLSc0Thjy8ejHlHZWIaF amPvv23iB3EM =vzyZ -----END PGP SIGNATURE-----
--- End Message ---
