[Git][security-tracker-team/security-tracker][master] Expand notes for CVE-2020-0556/bluez

Fri, 20 Mar 2020 09:35:06 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
59a01db2 by Salvatore Bonaccorso at 2020-03-20T17:33:29+01:00
Expand notes for CVE-2020-0556/bluez

Expand notes for two further commits which were done after the 5.54
release and need to be applied to avoid potential regression when
connecting devices.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -26767,12 +26767,15 @@ CVE-2020-0557
 CVE-2020-0556 (Improper access control in subsystem for BlueZ before version 
5.54 may ...)
        - bluez 5.50-1.1 (bug #953770)
        NOTE: 
https://lore.kernel.org/linux-bluetooth/[email protected]/
-       NOTE: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1
-       NOTE: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787
+       NOTE: Fixed by: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1
+       NOTE: Fixed by: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787
        NOTE: 
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html
        NOTE: Second commit introduces new configuration option 
"ClassicBondedOnly" which defaults
        NOTE: to false, and allows to make sure that input connections only 
come from bonded
        NOTE: device connections.
+       NOTE: Followup commits to avoid (functional) regression:
+       NOTE: Followup: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=35d8d895cd0b724e58129374beb0bb4a2edf9519
+       NOTE: Followup: 
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f2778f5877d20696d68a452b26e4accb91bfb19e
 CVE-2020-0555
        RESERVED
 CVE-2020-0554



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59a01db27e4ecf78ab440f737b697d65773749e7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59a01db27e4ecf78ab440f737b697d65773749e7
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to