Your message dated Fri, 22 Dec 2023 21:17:08 +0000
with message-id <[email protected]>
and subject line Bug#1057914: fixed in bluez 5.66-1+deb12u1
has caused the Debian Bug report #1057914,
regarding bluez: CVE-2023-45866
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1057914: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057914
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: bluez
Version: 5.70-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for bluez.
CVE-2023-45866[0]:
| Bluetooth HID Hosts in BlueZ may permit an unauthenticated
| Peripheral role HID Device to initiate and establish an encrypted
| connection, and accept HID keyboard reports, potentially permitting
| injection of HID messages when no user interaction has occurred in
| the Central role to authorize such access. An example affected
| package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some
| cases, a CVE-2020-0556 mitigation would have already addressed this
| Bluetooth HID Hosts issue.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-45866
https://www.cve.org/CVERecord?id=CVE-2023-45866
[1]
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: bluez
Source-Version: 5.66-1+deb12u1
Done: Salvatore Bonaccorso <[email protected]>
We believe that the bug you reported is fixed in the latest version of
bluez, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated bluez package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 10 Dec 2023 17:57:24 +0100
Source: bluez
Architecture: source
Version: 5.66-1+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Bluetooth Maintainers <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1057914
Changes:
bluez (5.66-1+deb12u1) bookworm-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* input.conf: Change default of ClassicBondedOnly (CVE-2023-45866)
(Closes: #1057914)
Checksums-Sha1:
1f9d8f638c8ea4ae7d27751e0ad17e463908ae5c 2922 bluez_5.66-1+deb12u1.dsc
2ca5b7d1633695d39a69bbfefd5c0fe97d47c79a 1837964 bluez_5.66.orig.tar.xz
b4b3ff29848223a5cd83b33b0af9255d6d276e1b 40776
bluez_5.66-1+deb12u1.debian.tar.xz
Checksums-Sha256:
311c8eb4dfccc524e5cce5474efedc8b6e369d94cf56a732080e6cb13e33c53d 2922
bluez_5.66-1+deb12u1.dsc
a231fb9d151780edf6d2536c81914e2dbd3daa36b68f486badaf98a7f34021e4 1837964
bluez_5.66.orig.tar.xz
962a3865bf15fdfa9d4210c7cc0e822d1d37b4bacc7672e9db52d71c6f9c5ec5 40776
bluez_5.66-1+deb12u1.debian.tar.xz
Files:
6ccfa15c0287fa0bda7749503451bdb4 2922 admin optional bluez_5.66-1+deb12u1.dsc
bbb7f207b9c5a5e64e0e71aab9730b54 1837964 admin optional bluez_5.66.orig.tar.xz
bcf4b31d0fa7a8347a3b78f1ff92bf67 40776 admin optional
bluez_5.66-1+deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmV175pfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EUAMQAJAKcvMGfLcwQa2l0qfU6XC7krKzradR
LcMm/VO7/fyZzBWVaFrJ4leGKrP/eQRFWAdcwfAy073WVQP6dLxwBcLDaFwivaLB
px1Js5dtr8wUUUIb0e6+NxTNNvPB1glSOUziKV/DlPPoWum48BfoCWSghEeDr73N
oDMjbZnWzPyZdHboLt+IRT9vhoqFqC8Oxp4iik++2KS4Y36s36jQyDFxDY12MasV
7R4yxjcPGSUmXSCyM/VeqsYUT0u/RPkdBTw9DltQd+WPJjAnYtzoMepRcqVO6Iap
ckWitVS3JpkSBrNVqFwO8xu9GoVgu7mMrFGm0Oi5KfmPBED7i6/sTJVjfkAHoQan
zh0e9hy8ZLqUlg4XzfOaL4/Eh6be2RTHO3ewfO6G529OMNIvHAZb0//1W4Tz7+42
TJOtUgZ4tmoweP1krOM6YuQL4RKp2PAT3sIO4+hkgV9us0GF/PizFDDpNak1bmeq
bSbXIbRnT4AnAKl8wSOEWE0w4I5Lh+nDo3L/K1CToZvZTbfBccgnlfpEOm9V0Yjy
dIYZR6Wy9lrJcCL+O2ODgyzTEH1SPfdEdtCXGLk5Y92B0DyadEHRWGKS2UnwCokW
t+9a26eGmh0nJXk5sa8Vzt/6iF6tHrvsZW0WI+/jtrVsesHaCSlYG6igdscL94Ul
ha4+Ao9Toe1D
=ANbc
-----END PGP SIGNATURE-----
--- End Message ---
