[ubuntu/focal-proposed] bluez 5.53-0ubuntu2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Mon Mar 23 12:12:14 UTC 2020
bluez (5.53-0ubuntu2) focal; urgency=medium
* SECURITY UPDATE: privilege escalation via improper access control
- debian/patches/CVE-2020-0556-1.patch: HOGP must only accept data from
bonded devices in profiles/input/hog.c.
- debian/patches/CVE-2020-0556-2.patch: HID accepts bonded device
connections only in profiles/input/device.c, profiles/input/device.h,
profiles/input/input.conf, profiles/input/manager.c.
- debian/patches/CVE-2020-0556-3.patch: attempt to set security level
if not bonded in profiles/input/hog.c.
- debian/patches/CVE-2020-0556-4.patch: add LEAutoSecurity setting to
input.conf in profiles/input/device.h, profiles/input/hog.c,
profiles/input/input.conf, profiles/input/manager.c.
- CVE-2020-0556
Date: Mon, 23 Mar 2020 07:50:02 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Bluetooth team <ubuntu-bluetooth at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/bluez/5.53-0ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 23 Mar 2020 07:50:02 -0400
Source: bluez
Architecture: source
Version: 5.53-0ubuntu2
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Bluetooth team <ubuntu-bluetooth at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
bluez (5.53-0ubuntu2) focal; urgency=medium
.
* SECURITY UPDATE: privilege escalation via improper access control
- debian/patches/CVE-2020-0556-1.patch: HOGP must only accept data from
bonded devices in profiles/input/hog.c.
- debian/patches/CVE-2020-0556-2.patch: HID accepts bonded device
connections only in profiles/input/device.c, profiles/input/device.h,
profiles/input/input.conf, profiles/input/manager.c.
- debian/patches/CVE-2020-0556-3.patch: attempt to set security level
if not bonded in profiles/input/hog.c.
- debian/patches/CVE-2020-0556-4.patch: add LEAutoSecurity setting to
input.conf in profiles/input/device.h, profiles/input/hog.c,
profiles/input/input.conf, profiles/input/manager.c.
- CVE-2020-0556
Checksums-Sha1:
7e0687451a50617b132bcc5fda70ab338d2203e1 2796 bluez_5.53-0ubuntu2.dsc
390fab23e26e2e09f3e121a32e2aeb73c546c127 43316 bluez_5.53-0ubuntu2.debian.tar.xz
8f74db73319b5394dbb836da586734a591d424b8 10871 bluez_5.53-0ubuntu2_source.buildinfo
Checksums-Sha256:
7c28683144c49f3e11da109696c4c34fad0d6744f58cca8b792c86b2d0b7d1fe 2796 bluez_5.53-0ubuntu2.dsc
29623501887cb1530263e636d51cea109860808b9345d31677f64c6bc801bbee 43316 bluez_5.53-0ubuntu2.debian.tar.xz
b20c6f0bde141a6c8e92504c6d8172134abe49f409806f5c5883fac1ab16bc35 10871 bluez_5.53-0ubuntu2_source.buildinfo
Files:
b36d8b85e73936108ce0fc56c32abcea 2796 admin optional bluez_5.53-0ubuntu2.dsc
857b39e41054731ef74b75bf50d07709 43316 admin optional bluez_5.53-0ubuntu2.debian.tar.xz
eb9e748334eb4aacfb4f8096f8e8f67e 10871 admin optional bluez_5.53-0ubuntu2_source.buildinfo
Original-Maintainer: Debian Bluetooth Maintainers <pkg-bluetooth-maintainers at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl54pvgACgkQZWnYVadE
vpPihg//YFTKcC4qz38RrbjTrDrdhsM819gmgoGX8aIXoHvBODHckFWujBRXWTqQ
hi1/Z/BQRwEbVDyAu6wLT+rh7KhwZy07pqdSpHeCPU7tnn0Ky43hUwelax2lrHDz
mLsOtiYPosEt2Kbb5AWppVhIOWPpi15m/wb/AP8ADMdIRqbnO6MKenFto11QesXn
N2Sdas+9xwP1igjvAYhdnLAnptpHRRm1EzwYFQPm/it9PTXaX0KrxHqIY2sXbGqH
s9Nl2qkjzKAIrSkeLA5nVpJCVkFeI/HScLJIAzV5uA+nZCn14M0vlu3f+7WmP8ZC
XwPzcgFyc8QfE/F67V8JTpUL0MuBKYF89LhhxzRGMW50A9zfKez64BYz6bs6WO1r
wN9E5Ukz3tUCkuXZ734KDnYPgbAZhzScsyyapSMa18+dz3EGFgvAKnxrd3H58GXW
BAwh4nTj5GRTwF+ZZyfX0DEnhzG8KGpFAo60AmOa2XxvyXiV9i3n791UO8B5+3x+
j5boVLuCnREr1wEsgKDK8RDPwcv7oVr+5mIUKF4XHnyX08Dj2hcGpz4v6AgwCdy0
9EaqSXsgrowPP9649q5ljdIN79YBuTHCntC6w2QCuVNJ/Mn+IzRG7ZTA7jQl5rbK
QQdj3xI9IhJ8mYzgqrqZ6M0jDzC8DxlTP497++N8gaYOpLhlMDY=
=6fIT
-----END PGP SIGNATURE-----
More information about the Focal-changes
mailing list