Your message dated Thu, 08 Jan 2009 18:02:04 +0000
with message-id <e1lkzcm-0000gw...@ries.debian.org>
and subject line Bug#510644: fixed in bluez-utils 3.36-3
has caused the Debian Bug report #510644,
regarding bluetooth.conf needs alterations for new D-Bus
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
510644: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510644
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: bluez-utils
Version: 3.36-2
Severity: serious
Justification: blocker for #503532 (CVE-2008-4311) and far-fetched security hole
Tags: fixed-upstream
User: pkg-utopia-maintain...@lists.alioth.debian.org
Usertags: CVE-2008-4311
bluez-utils installs a D-Bus system policy file intending to allow users
at the console to send BlueZ messages to hcid. However, it actually
allows users at the console to send messages to the object path '/' on
any service, slightly subverting access control for those other services.
Furthermore, it might be insufficient to allow everything that hcid intends to
allow; messages used to be allowed accidentally by a dbus-daemon bug, but
with the dbus-daemon changes targeted for lenny, they will be denied
unless explicitly allowed.
<http://git.kernel.org/?p=bluetooth/bluez.git;a=history;f=src/bluetooth.conf;h=c0476237;hb=fb333f1c>
shows the recent history of this file - the latest version,
<http://git.kernel.org/?p=bluetooth/bluez.git;a=blob;f=src/bluetooth.conf;hb=06637b08>,
appears to be appropriate.
Regards from the Cambridge BSP,
Simon
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: bluez-utils
Source-Version: 3.36-3
We believe that the bug you reported is fixed in the latest version of
bluez-utils, which is due to be installed in the Debian FTP archive:
bluetooth_3.36-3_all.deb
to pool/main/b/bluez-utils/bluetooth_3.36-3_all.deb
bluez-audio_3.36-3_amd64.deb
to pool/main/b/bluez-utils/bluez-audio_3.36-3_amd64.deb
bluez-cups_3.36-3_amd64.deb
to pool/main/b/bluez-utils/bluez-cups_3.36-3_amd64.deb
bluez-pcmcia-support_3.36-3_amd64.deb
to pool/main/b/bluez-utils/bluez-pcmcia-support_3.36-3_amd64.deb
bluez-utils_3.36-3.diff.gz
to pool/main/b/bluez-utils/bluez-utils_3.36-3.diff.gz
bluez-utils_3.36-3.dsc
to pool/main/b/bluez-utils/bluez-utils_3.36-3.dsc
bluez-utils_3.36-3_amd64.deb
to pool/main/b/bluez-utils/bluez-utils_3.36-3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 510...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Filippo Giunchedi <fili...@debian.org> (supplier of updated bluez-utils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 08 Jan 2009 18:42:24 +0100
Source: bluez-utils
Binary: bluez-utils bluez-pcmcia-support bluez-cups bluez-audio bluetooth
Architecture: source all amd64
Version: 3.36-3
Distribution: unstable
Urgency: high
Maintainer: Debian Bluetooth Maintainers
<pkg-bluetooth-maintain...@lists.alioth.debian.org>
Changed-By: Filippo Giunchedi <fili...@debian.org>
Description:
bluetooth - Bluetooth stack utilities
bluez-audio - Bluetooth audio support
bluez-cups - Bluetooth printer driver for CUPS
bluez-pcmcia-support - PCMCIA support files for BlueZ 2.0 Bluetooth tools
bluez-utils - Bluetooth tools and daemons
Closes: 510644
Changes:
bluez-utils (3.36-3) unstable; urgency=high
.
* Ship a new bluetooth.conf fixing dbus permissions RC bug (Closes: #510644)
- As a result of this, now users of netdev group are able to communicate
with hcid via dbus
- Add netdev group in postinst if not present
Checksums-Sha1:
f29ae3e81a8bef2048104a01754e8790793095e1 1627 bluez-utils_3.36-3.dsc
905d191c0a07a5651a19f18f5fd73c85ca5ddb49 22689 bluez-utils_3.36-3.diff.gz
693d8b9405cea516b239f9166a873c51a3dfa5d6 22738 bluetooth_3.36-3_all.deb
66a917112073e32d6b4dafb2447154b84ef6910a 381808 bluez-utils_3.36-3_amd64.deb
e81b3e27fb0618bfa82077704e3319e0adb52e5f 24376
bluez-pcmcia-support_3.36-3_amd64.deb
69306846062160c2f1069cf128dec630b088e99f 40246 bluez-cups_3.36-3_amd64.deb
f4d2394521aec325fffd3e7206c9d796e316cd74 137900 bluez-audio_3.36-3_amd64.deb
Checksums-Sha256:
577b00f560dfc21eec75f9ae14262a7c23e4866f726cb0136506d099c2743297 1627
bluez-utils_3.36-3.dsc
888bcd1192f4ed0ac288da565ac883a9fc517085d0ab831bb2ff6a13ee86fe7d 22689
bluez-utils_3.36-3.diff.gz
09bfe57e5fa043f20d57601a612a50c5470ee32b10113fbf574e14ad83b82619 22738
bluetooth_3.36-3_all.deb
101774d4d5f320879da61c6fff682dca4ea7f8449249458bf0e5732ba64fa15f 381808
bluez-utils_3.36-3_amd64.deb
512076ca207ef9ce9879c10ca3d2954a5adc531ffad7f9ac02c1c110581448a6 24376
bluez-pcmcia-support_3.36-3_amd64.deb
b291d1adb5b4002bef0cd75ddd892b54623ec6a980e5adcd18c64730e203ea2f 40246
bluez-cups_3.36-3_amd64.deb
0798b9702645dc3b6731de46bac67463d477a0ebf1c0c70ab75a0e5bba06454a 137900
bluez-audio_3.36-3_amd64.deb
Files:
b84c8eda10912efb981a0af6c1423425 1627 admin optional bluez-utils_3.36-3.dsc
c5c7753f98fd3712134b09da16eaa309 22689 admin optional
bluez-utils_3.36-3.diff.gz
18285fa968645e3c084c4121e64bd72f 22738 admin optional bluetooth_3.36-3_all.deb
0b80c9322115b9a15db6cae0e305ddac 381808 admin optional
bluez-utils_3.36-3_amd64.deb
e6e395d058ba48b73a0c817841eca248 24376 admin extra
bluez-pcmcia-support_3.36-3_amd64.deb
bdcfd08150c7f19525423b908b271a8b 40246 admin optional
bluez-cups_3.36-3_amd64.deb
6b3e3cdf26b1d40f8c91f4060d1ef08d 137900 admin optional
bluez-audio_3.36-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAklmPOQACgkQABzeamt51AEg4wCfSaohAgr9ymxqMvVkLh3DSIuu
MPcAoJcT9th3j8jzmNhp5IKO2EdajZjG
=eb+9
-----END PGP SIGNATURE-----
--- End Message ---
