Your message dated Sat, 23 Sep 2017 11:32:50 +0000 with message-id <e1dvify-000eav...@fasolo.debian.org> and subject line Bug#875633: fixed in bluez 5.23-2+deb8u1 has caused the Debian Bug report #875633, regarding bluez: CVE-2017-1000250: information disclosure vulnerability in service_search_attr_req to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 875633: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875633 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: bluez Version: 5.23-2 Severity: grave Tags: patch upstream security Hi, the following vulnerability was published for bluez. CVE-2017-1000250[0]: | All versions of the SDP server in BlueZ 5.46 and earlier are | vulnerable to an information disclosure vulnerability which allows | remote attackers to obtain sensitive information from the bluetoothd | process memory. This vulnerability lies in the processing of SDP | search attribute requests. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-1000250 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250 [1] https://bugzilla.novell.com/show_bug.cgi?id=1057342 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1489446 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: bluez Source-Version: 5.23-2+deb8u1 We believe that the bug you reported is fixed in the latest version of bluez, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 875...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated bluez package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 13 Sep 2017 09:43:03 +0200 Source: bluez Binary: libbluetooth3 libbluetooth3-dbg libbluetooth-dev bluetooth bluez bluez-dbg bluez-cups bluez-obexd bluez-hcidump bluez-test-scripts Architecture: all source Version: 5.23-2+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Bluetooth Maintainers <pkg-bluetooth-maintain...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 875633 Description: bluetooth - Bluetooth support bluez - Bluetooth tools and daemons bluez-cups - Bluetooth printer driver for CUPS bluez-dbg - Bluetooth tools and daemons (with debugging symbols) bluez-hcidump - Analyses Bluetooth HCI packets bluez-obexd - bluez obex daemon bluez-test-scripts - BlueZ test scripts libbluetooth-dev - Development files for using the BlueZ Linux Bluetooth library libbluetooth3 - Library to use the BlueZ Linux Bluetooth stack libbluetooth3-dbg - Library to use the BlueZ Linux Bluetooth stack with debugging sym Changes: bluez (5.23-2+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2017-1000250: information disclosure vulnerability in service_search_attr_req (Closes: #875633) Checksums-Sha1: 03bcdd23d16bdb5d7f9309ca4fad9bb0fa745157 2870 bluez_5.23-2+deb8u1.dsc d1f0e2264e23e8a3ae1a806e77bdf44c0e848333 2205325 bluez_5.23.orig.tar.gz 3416e778b6bc1a02c06c733eb3e4c7a58729b718 22652 bluez_5.23-2+deb8u1.debian.tar.xz fa8be59df326a1b006af288e27488a0d2ae23106 36438 bluetooth_5.23-2+deb8u1_all.deb c5716b807c7b7babb87f04ed860d89515c547305 68060 bluez-test-scripts_5.23-2+deb8u1_all.deb Checksums-Sha256: ed8f59944fec1ec154f4feb6aa3d741238dc2ac0718399a808cc94dfb789240c 2870 bluez_5.23-2+deb8u1.dsc e784ab7559b054804867ed4634100adf3cb5198a29b7dcecd6c7d45324ac37fd 2205325 bluez_5.23.orig.tar.gz 4d9107a87942f68a4ccb27fa1ecb46f2fdfe8c9ef9203aaa0f6bbb566ff01a5d 22652 bluez_5.23-2+deb8u1.debian.tar.xz 570074885685c7e30ae7d72df8dd8ae2668e0979570bcc5d9ddc393bfd160df2 36438 bluetooth_5.23-2+deb8u1_all.deb 65e40c6f0397d0be032cc354aaffcf09de29d5cde45f88a0de55a309787c3b98 68060 bluez-test-scripts_5.23-2+deb8u1_all.deb Files: c7d469404f5a0a1299d892f7cc8e61a0 2870 admin optional bluez_5.23-2+deb8u1.dsc 698bb5f0dbc0291b51f5fc848eadcb5e 2205325 admin optional bluez_5.23.orig.tar.gz 0500207badc7c37327a7a472a122f784 22652 admin optional bluez_5.23-2+deb8u1.debian.tar.xz 2e42fd4ccb86703845ac44ada647f847 36438 admin optional bluetooth_5.23-2+deb8u1_all.deb ab62f1ad113e12c4497fdfe39b1fcfe7 68060 admin optional bluez-test-scripts_5.23-2+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlm44mhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EeiIP/3KYLtg+PqfJ1euVb11boDdTBGfUoNRB zINDaJBpVODXQq9OeVNCqO+th4Uq1DqtoAZO1hswZnMu5H6Fd8VCAdjiHK2U7vNW HmEov9nbOhQLAmjRNu5VOgZOy/2nbV98dGLs+kXJXCkCCYutFMUqF+W/iaVjYe32 sl1IV1Di8R0PzIlTVW/oYMawdn2jJyA8WJirE2jPwS7xwOXaoXGeJBns/9m4pAlx 6IQ8Hs5zilD1vwJkux8vcaYKC9jmzMu6ovKWmQ8dUB7q4uqPcIZ9xvRyafM4CpeM SADwPK+u6rWVdfwx2KnGcKA+hMXRhhFCgd9vZlOkaVcHyOIuiP1vL2rhWZSKCiln EO6ErvrSNiLyi0S8A6IigDOP4P0XsOQ1XZrzmlMKYNqrmAimo8loyIe2iNaUmFS5 iu7kyPsdKt3QkwyQ9CP0hfW67w36vn1KSEeVWO4tAODbuZ1zuf9KEPhtrsTxPfwp n5HU1qKGwHBZlERG/ggDMfgm6iEu38oeQd6VxjwF9dYwdWOMM6vOks3LZFADWn0F tn7ULdZqiElyXXTCfBBp1X24L5QYrI9ahGzsnxVgoMeQnYAfBodGyXQI2RDJNKSv cBS7vVxRXA+ZX9Hj/tdjrl8l0DvXvEQ9bULohtj9gyiwyDsVe0EGJkdcL46G5uu1 xwIlhrO99GiQ =gOLD -----END PGP SIGNATURE-----
--- End Message ---
