diff options
| author | Jean-Pierre Giraud <jean-pierregiraud@neuf.fr> | 2023-12-21 23:58:02 +0100 |
|---|---|---|
| committer | Jean-Pierre Giraud <jean-pierregiraud@neuf.fr> | 2023-12-21 23:58:02 +0100 |
| commit | 4a3762cd09a693a0e68871f088203cfd4037c071 (patch) | |
| tree | c81321ebfdddd7d357edfec478cd3bf3f30d0a67 /english/security | |
| parent | 4354b521cd0e60008466066d6ad26586089761c7 (diff) | |
[SECURITY] [DSA 5584-1] bluez security update
Diffstat (limited to 'english/security')
| -rw-r--r-- | english/security/2023/dsa-5584.data | 13 | ||||
| -rw-r--r-- | english/security/2023/dsa-5584.wml | 25 |
2 files changed, 38 insertions, 0 deletions
diff --git a/english/security/2023/dsa-5584.data b/english/security/2023/dsa-5584.data new file mode 100644 index 00000000000..6820fa6c7e5 --- /dev/null +++ b/english/security/2023/dsa-5584.data @@ -0,0 +1,13 @@ +<define-tag pagetitle>DSA-5584-1 bluez</define-tag> +<define-tag report_date>2023-12-21</define-tag> +<define-tag secrefs>CVE-2023-45866 Bug#1057914</define-tag> +<define-tag packages>bluez</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security + + + +</dl> diff --git a/english/security/2023/dsa-5584.wml b/english/security/2023/dsa-5584.wml new file mode 100644 index 00000000000..3b27ab0b601 --- /dev/null +++ b/english/security/2023/dsa-5584.wml @@ -0,0 +1,25 @@ +<define-tag description>security update</define-tag> +<define-tag moreinfo> +<p>It was reported that the BlueZ's HID profile implementation is not +inline with the HID specification which mandates the use of Security +Mode 4. The HID profile configuration option ClassicBondedOnly now +defaults to <q>true</q> to make sure that input connections only come from +bonded device connections.</p> + +<p>For the oldstable distribution (bullseye), this problem has been fixed +in version 5.55-3.1+deb11u1.</p> + +<p>For the stable distribution (bookworm), this problem has been fixed in +version 5.66-1+deb12u1.</p> + +<p>We recommend that you upgrade your bluez packages.</p> + +<p>For the detailed security status of bluez please refer to its security +tracker page at: +<a href="https://security-tracker.debian.org/tracker/bluez">\ +https://security-tracker.debian.org/tracker/bluez</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2023/dsa-5584.data" +# $Id: $ |