[{"id":1769744,"web_url":"http://patchwork.ozlabs.org/comment/1769744/","msgid":"<20170917185245.6c2eac0b@windsurf>","list_archive_url":null,"date":"2017-09-17T16:52:45","subject":"Re: [Buildroot] [PATCH 1/1] package/bluez5_utils: security bump\n\tversion to 5.47","submitter":{"id":2230,"url":"http://patchwork.ozlabs.org/api/people/2230/","name":"Thomas Petazzoni","email":"thomas.petazzoni@free-electrons.com"},"content":"Hello,\n\nOn Sat, 16 Sep 2017 10:41:17 +0200, Bernd Kuhls wrote:\n> Fixes CVE-2017-1000250 - All versions of the SDP server in BlueZ 5.46 and\n> earlier are vulnerable to an information disclosure vulnerability which\n> allows remote attackers to obtain sensitive information from the bluetoothd\n> process memory.  This vulnerability lies in the processing of SDP search\n> attribute requests.\n> \n> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>\n> ---\n>  package/bluez5_utils/bluez5_utils.hash | 2 +-\n>  package/bluez5_utils/bluez5_utils.mk   | 2 +-\n>  2 files changed, 2 insertions(+), 2 deletions(-)\n\nApplied to master, thanks.\n\nThomas","headers":{"Return-Path":"<buildroot-bounces@busybox.net>","X-Original-To":["incoming@patchwork.ozlabs.org","buildroot@lists.busybox.net"],"Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","buildroot@osuosl.org"],"Authentication-Results":"ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=busybox.net\n\t(client-ip=140.211.166.138; helo=whitealder.osuosl.org;\n\tenvelope-from=buildroot-bounces@busybox.net;\n\treceiver=<UNKNOWN>)","Received":["from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xwFZK4mWNz9s83\n\tfor <incoming@patchwork.ozlabs.org>;\n\tMon, 18 Sep 2017 02:53:13 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id C72FB89A68;\n\tSun, 17 Sep 2017 16:53:11 +0000 (UTC)","from whitealder.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id RYwu5+R0rqpm; Sun, 17 Sep 2017 16:53:08 +0000 (UTC)","from ash.osuosl.org (ash.osuosl.org [140.211.166.34])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id 9EDEB89AEB;\n\tSun, 17 Sep 2017 16:53:07 +0000 (UTC)","from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])\n\tby ash.osuosl.org (Postfix) with ESMTP id A810B1C11F6\n\tfor <buildroot@lists.busybox.net>;\n\tSun, 17 Sep 2017 16:53:06 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n\tby hemlock.osuosl.org (Postfix) with ESMTP id A13958A5D8\n\tfor <buildroot@lists.busybox.net>;\n\tSun, 17 Sep 2017 16:53:06 +0000 (UTC)","from hemlock.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id G-awmSrQ7rwE for <buildroot@lists.busybox.net>;\n\tSun, 17 Sep 2017 16:53:01 +0000 (UTC)","from mail.free-electrons.com (mail.free-electrons.com [62.4.15.54])\n\tby hemlock.osuosl.org (Postfix) with ESMTP id 6BB198A5D7\n\tfor <buildroot@buildroot.org>; Sun, 17 Sep 2017 16:53:01 +0000 (UTC)","by mail.free-electrons.com (Postfix, from userid 110)\n\tid 662F820829; Sun, 17 Sep 2017 18:53:00 +0200 (CEST)","from windsurf (cpe-24-165-11-229.hawaii.res.rr.com [24.165.11.229])\n\tby mail.free-electrons.com (Postfix) with ESMTPSA id 2FA95207C0;\n\tSun, 17 Sep 2017 18:52:48 +0200 (CEST)"],"X-Virus-Scanned":["amavisd-new at osuosl.org","amavisd-new at osuosl.org"],"X-Greylist":"domain auto-whitelisted by SQLgrey-1.7.6","Date":"Sun, 17 Sep 2017 18:52:45 +0200","From":"Thomas Petazzoni <thomas.petazzoni@free-electrons.com>","To":"Bernd Kuhls <bernd.kuhls@t-online.de>","Message-ID":"<20170917185245.6c2eac0b@windsurf>","In-Reply-To":"<20170916084117.11155-1-bernd.kuhls@t-online.de>","References":"<20170916084117.11155-1-bernd.kuhls@t-online.de>","Organization":"Free Electrons","X-Mailer":"Claws Mail 3.14.1 (GTK+ 2.24.31; x86_64-redhat-linux-gnu)","MIME-Version":"1.0","Cc":"Marcin Bis <marcin@bis.org.pl>, buildroot@buildroot.org","Subject":"Re: [Buildroot] [PATCH 1/1] package/bluez5_utils: security bump\n\tversion to 5.47","X-BeenThere":"buildroot@busybox.net","X-Mailman-Version":"2.1.18-1","Precedence":"list","List-Id":"Discussion and development of buildroot <buildroot.busybox.net>","List-Unsubscribe":"<http://lists.busybox.net/mailman/options/buildroot>,\n\t<mailto:buildroot-request@busybox.net?subject=unsubscribe>","List-Archive":"<http://lists.busybox.net/pipermail/buildroot/>","List-Post":"<mailto:buildroot@busybox.net>","List-Help":"<mailto:buildroot-request@busybox.net?subject=help>","List-Subscribe":"<http://lists.busybox.net/mailman/listinfo/buildroot>,\n\t<mailto:buildroot-request@busybox.net?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@busybox.net","Sender":"\"buildroot\" <buildroot-bounces@busybox.net>"}},{"id":1787810,"web_url":"http://patchwork.ozlabs.org/comment/1787810/","msgid":"<871sm2sqoo.fsf@dell.be.48ers.dk>","list_archive_url":null,"date":"2017-10-16T21:55:51","subject":"Re: [Buildroot] [PATCH 1/1] package/bluez5_utils: security bump\n\tversion to 5.47","submitter":{"id":42365,"url":"http://patchwork.ozlabs.org/api/people/42365/","name":"Peter Korsgaard","email":"peter@korsgaard.com"},"content":">>>>> \"Bernd\" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:\n\n > Fixes CVE-2017-1000250 - All versions of the SDP server in BlueZ 5.46 and\n > earlier are vulnerable to an information disclosure vulnerability which\n > allows remote attackers to obtain sensitive information from the bluetoothd\n > process memory.  This vulnerability lies in the processing of SDP search\n > attribute requests.\n\n > Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>\n\nCommitted to 2017.08.x, thanks.","headers":{"Return-Path":"<buildroot-bounces@busybox.net>","X-Original-To":["incoming@patchwork.ozlabs.org","buildroot@lists.busybox.net"],"Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","buildroot@osuosl.org"],"Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=busybox.net\n\t(client-ip=140.211.166.138; helo=whitealder.osuosl.org;\n\tenvelope-from=buildroot-bounces@busybox.net;\n\treceiver=<UNKNOWN>)","ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"WWuFvsmZ\"; dkim-atps=neutral"],"Received":["from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3yGBwK6fYTz9sRW\n\tfor <incoming@patchwork.ozlabs.org>;\n\tTue, 17 Oct 2017 08:56:01 +1100 (AEDT)","from localhost (localhost [127.0.0.1])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id 2F8C5866DC;\n\tMon, 16 Oct 2017 21:56:00 +0000 (UTC)","from whitealder.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id REc6D1Z4FrG0; Mon, 16 Oct 2017 21:55:57 +0000 (UTC)","from ash.osuosl.org (ash.osuosl.org [140.211.166.34])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id F3D7E866CE;\n\tMon, 16 Oct 2017 21:55:56 +0000 (UTC)","from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n\tby ash.osuosl.org (Postfix) with ESMTP id 8E50C1CEC57\n\tfor <buildroot@lists.busybox.net>;\n\tMon, 16 Oct 2017 21:55:55 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n\tby whitealder.osuosl.org (Postfix) with ESMTP id 889AD866CE\n\tfor <buildroot@lists.busybox.net>;\n\tMon, 16 Oct 2017 21:55:55 +0000 (UTC)","from whitealder.osuosl.org ([127.0.0.1])\n\tby localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id 7FKmqHm4nHBV for <buildroot@lists.busybox.net>;\n\tMon, 16 Oct 2017 21:55:55 +0000 (UTC)","from mail-wm0-f53.google.com (mail-wm0-f53.google.com\n\t[74.125.82.53])\n\tby whitealder.osuosl.org (Postfix) with ESMTPS id 69E1A86435\n\tfor <buildroot@buildroot.org>; Mon, 16 Oct 2017 21:55:54 +0000 (UTC)","by mail-wm0-f53.google.com with SMTP id b189so116920wmd.4\n\tfor <buildroot@buildroot.org>; Mon, 16 Oct 2017 14:55:54 -0700 (PDT)","from dell.be.48ers.dk (d51a5bc31.access.telenet.be.\n\t[81.165.188.49]) by smtp.gmail.com with ESMTPSA id\n\tj39sm6262249ede.10.2017.10.16.14.55.52\n\t(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);\n\tMon, 16 Oct 2017 14:55:52 -0700 (PDT)","from peko by dell.be.48ers.dk with local (Exim 4.88)\n\t(envelope-from <peter@korsgaard.com>)\n\tid 1e4DMV-0003YX-1d; Mon, 16 Oct 2017 23:55:51 +0200"],"X-Virus-Scanned":["amavisd-new at osuosl.org","amavisd-new at osuosl.org"],"X-Greylist":"domain auto-whitelisted by SQLgrey-1.7.6","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;\n\th=sender:from:to:cc:subject:references:date:in-reply-to:message-id\n\t:user-agent:mime-version;\n\tbh=vr01lUNxoolF9x+2jEAsAZOpj9/xfi39tV+ZHxUrMDQ=;\n\tb=WWuFvsmZM4XHkILjA69HLnKh1YdMczITWAPACoOjUxl2KiTIPRhyK0EaQXyu5cBvU1\n\toC7XCRVuV5JXvOcPpd+7NubOZJn7zVkfAABg2Q6n7YOK2bI5g1xiA+QT1qrIcKpUgWBi\n\tYM930CvrzOCyzF7kDJB9EcyYVijohdHDhMjTqodRxp42zt9yiPE2lxphuO8rp0s1bkh9\n\tj6Bc4eTqKf/gCF1gIRNkVDfc0fiMKa8MU7HQ5akKAXGRq+B9JUMrDCemwiigq04ESELw\n\tQfq4tbYJT6WmFKJ/E5QZYOhUvaOpp7r3fibGpWwdF1DT9FdcWgLxMO+dkDSsBEA5lEDY\n\ttLVg==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:sender:from:to:cc:subject:references:date\n\t:in-reply-to:message-id:user-agent:mime-version;\n\tbh=vr01lUNxoolF9x+2jEAsAZOpj9/xfi39tV+ZHxUrMDQ=;\n\tb=JFElzCI2k/QOrGbcMOperzptvDD+S4dX0yhldBVzMQFzFXcg5ujurGFtn+84MBE/X4\n\t8vRKucuoERw5NWiF+frCEnbbvmRgvAcrJp15uiwh4vi7Wu9BGj0yrht1xyOVWDBkDvaW\n\tYTUvRLV2uQTZCEaRtlYW6ti90Z+X86PoTG0aLsKI7zW6f/GTt3ZcvLvb07Vume/Dc+dm\n\tkZ4AqDnAmNqnnqoaLXMxc6Thh35Ji2CMu6GYT/D8DiN8h7FmpLIwi9qMe6gcPBTuwgYZ\n\tycRux5W2OBAQaEd5RGnGtxGK5FNNe47wx/q7lTc/5yemgigkBMJsJcqcF1NJ3jar3hzQ\n\tbhnQ==","X-Gm-Message-State":"AMCzsaVIspVzSkhOJkmv9DSZWDotwytgeYXlwgJW3PZILnQTlAU2tU3q\n\t6wzOUq3SUJygNH1HDURrKCA=","X-Google-Smtp-Source":"AOwi7QB6XT+M8lJ7wkvWxh0P3CetFaHx/lJ3gW4FlFEd2s3NOlHu712Bj5anl9kfyDbgLaJ0nIMocA==","X-Received":"by 10.80.205.155 with SMTP id p27mr11691678edi.255.1508190952938;\n\tMon, 16 Oct 2017 14:55:52 -0700 (PDT)","From":"Peter Korsgaard <peter@korsgaard.com>","To":"Bernd Kuhls <bernd.kuhls@t-online.de>","References":"<20170916084117.11155-1-bernd.kuhls@t-online.de>","Date":"Mon, 16 Oct 2017 23:55:51 +0200","In-Reply-To":"<20170916084117.11155-1-bernd.kuhls@t-online.de> (Bernd Kuhls's\n\tmessage of \"Sat, 16 Sep 2017 10:41:17 +0200\")","Message-ID":"<871sm2sqoo.fsf@dell.be.48ers.dk>","User-Agent":"Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)","MIME-Version":"1.0","Cc":"Marcin Bis <marcin@bis.org.pl>, buildroot@buildroot.org","Subject":"Re: [Buildroot] [PATCH 1/1] package/bluez5_utils: security bump\n\tversion to 5.47","X-BeenThere":"buildroot@busybox.net","X-Mailman-Version":"2.1.18-1","Precedence":"list","List-Id":"Discussion and development of buildroot <buildroot.busybox.net>","List-Unsubscribe":"<http://lists.busybox.net/mailman/options/buildroot>,\n\t<mailto:buildroot-request@busybox.net?subject=unsubscribe>","List-Archive":"<http://lists.busybox.net/pipermail/buildroot/>","List-Post":"<mailto:buildroot@busybox.net>","List-Help":"<mailto:buildroot-request@busybox.net?subject=help>","List-Subscribe":"<http://lists.busybox.net/mailman/listinfo/buildroot>,\n\t<mailto:buildroot-request@busybox.net?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@busybox.net","Sender":"\"buildroot\" <buildroot-bounces@busybox.net>"}}]