Your message dated Fri, 22 Dec 2023 21:18:23 +0000 with message-id <e1rgmuv-00gofx...@fasolo.debian.org> and subject line Bug#1057914: fixed in bluez 5.55-3.1+deb11u1 has caused the Debian Bug report #1057914, regarding bluez: CVE-2023-45866 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1057914: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057914 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: bluez Version: 5.70-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for bluez. CVE-2023-45866[0]: | Bluetooth HID Hosts in BlueZ may permit an unauthenticated | Peripheral role HID Device to initiate and establish an encrypted | connection, and accept HID keyboard reports, potentially permitting | injection of HID messages when no user interaction has occurred in | the Central role to authorize such access. An example affected | package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some | cases, a CVE-2020-0556 mitigation would have already addressed this | Bluetooth HID Hosts issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-45866 https://www.cve.org/CVERecord?id=CVE-2023-45866 [1] https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: bluez Source-Version: 5.55-3.1+deb11u1 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of bluez, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1057...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated bluez package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 10 Dec 2023 20:21:22 +0100 Source: bluez Architecture: source Version: 5.55-3.1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian Bluetooth Maintainers <team+pkg-blueto...@tracker.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 1057914 Changes: bluez (5.55-3.1+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * input.conf: Change default of ClassicBondedOnly (CVE-2023-45866) (Closes: #1057914) Checksums-Sha1: 949e921ecfbe8e216e03a6ffa7e82e19bd6e4fef 2916 bluez_5.55-3.1+deb11u1.dsc 2ca9225aa8e5af87713ca18e16200d26537c6820 1700208 bluez_5.55.orig.tar.xz d25dc4889728ad398af125759b37ecf0272e20d7 35848 bluez_5.55-3.1+deb11u1.debian.tar.xz Checksums-Sha256: 2841cf129f23755027a70b68bea7553531405f8bf84a35261c8088fb34190258 2916 bluez_5.55-3.1+deb11u1.dsc f06520e1e48bddc88db1a5c5a60ee97b36b47409c352352374bf07a594400ac4 1700208 bluez_5.55.orig.tar.xz cb75ba629cf0480fbd59bf18b8379f4d8bb2883edd1ce3be8a6d6e5d8294f4ed 35848 bluez_5.55-3.1+deb11u1.debian.tar.xz Files: 1750eb7855bd3f6e0c6c468e74856d74 2916 admin optional bluez_5.55-3.1+deb11u1.dsc e7c87deadb74346f77a61ebee70bf375 1700208 admin optional bluez_5.55.orig.tar.xz d3f443f55cc290af07285729e91ffad4 35848 admin optional bluez_5.55-3.1+deb11u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmV2EbhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E3d4P/AsM55Ib4z2iGOWk5mlz0IU0VbDpVbGz ImQCngNjcxAWISV4k2cS6wzLUZ/zZtFuMWpxUe6AMAhXhBFIlfxMgh034jC9Bzln YjULvEYmnM3Kwx+aPjIFQVsCgGvC/YT/ugf5LbpGr/ZEE+ezIQaa50cXDWC4zzni 024SQgAXrif1Mdn0Qal90U5jxitQAixMYDxqZ8kkJH+bHiRyGyqem13+8A8taccq fYKGf+lHpzRjn7KUYL+zPoxTY1xR/a3KoS2rzss9A+U2PNKHmyBY9ERMxYhWamgn wFvLBmUAH6mVvHbdADMipAbucXqZ1aTJU9C3795MwwAPx/FZN8T/+aJvxwJqAg5l hcthwau0PoHNpt8n/baDYaG1weCjgQtjJpoRkndEKXSgB4Pbo8xgM/7LGZIzlgn2 eBkfUiYvZcfZU3Ru+1T9WPCHBognDYa/WX5cb31CkLhi0o5bmiI3PskGkyBl0hU6 E/GIqIoTO7GSBolO5xHc2GQN5JqZFZqLMyBS+KDEnLuaAr2uhMsCJg9e53gFhIHh GePzIhvUxbkKDOBR+M+wHAgA0sXd6G1CvNPkwHF8EZs369LBYg/vYMCBm9f7nPob LSgDY+ybrFXCW7njWhPJ4Tc9CZjJ9KwdmB+RtKxWy3Ziov8dyYDiW8PwVGO8PeVj sS8PYyqGS6gQ =KwlL -----END PGP SIGNATURE-----
--- End Message ---
