From unknown Fri Aug 15 02:02:22 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#28447 <28447@debbugs.gnu.org> To: bug#28447 <28447@debbugs.gnu.org> Subject: Status: [PATCH] gnu: bluez: Fix CVE-2017-1000250. Reply-To: bug#28447 <28447@debbugs.gnu.org> Date: Fri, 15 Aug 2025 09:02:22 +0000 retitle 28447 [PATCH] gnu: bluez: Fix CVE-2017-1000250. reassign 28447 guix-patches submitter 28447 Marius Bakke severity 28447 normal tag 28447 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Wed Sep 13 11:45:19 2017 Received: (at submit) by debbugs.gnu.org; 13 Sep 2017 15:45:20 +0000 Received: from localhost ([127.0.0.1]:38527 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ds9qp-0000RE-Ly for submit@debbugs.gnu.org; Wed, 13 Sep 2017 11:45:19 -0400 Received: from eggs.gnu.org ([208.118.235.92]:47795) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ds9qo-0000R1-Jc for submit@debbugs.gnu.org; Wed, 13 Sep 2017 11:45:18 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ds9qe-0006vP-Gk for submit@debbugs.gnu.org; Wed, 13 Sep 2017 11:45:13 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_05,FREEMAIL_FROM, T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:38935) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ds9qe-0006vB-Dh for submit@debbugs.gnu.org; Wed, 13 Sep 2017 11:45:08 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38731) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ds9qZ-0005EZ-VM for guix-patches@gnu.org; Wed, 13 Sep 2017 11:45:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ds9qW-0006oQ-1V for guix-patches@gnu.org; Wed, 13 Sep 2017 11:45:03 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:45843) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ds9qV-0006n6-TS for guix-patches@gnu.org; Wed, 13 Sep 2017 11:44:59 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id ACE9B20A8B; Wed, 13 Sep 2017 11:44:57 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute5.internal (MEProxy); Wed, 13 Sep 2017 11:44:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= cc:date:from:message-id:subject:to:x-me-sender:x-me-sender :x-sasl-enc:x-sasl-enc; s=fm1; bh=DS1lWCoC8W2j5olYz1GIhyCFl/l4RY clYXaQd0y1NVQ=; b=MXlSFhEtWPPZPlQvmeT+tbFBMlg0P225K72bYYtIZIgqd/ 9TkkGEGFyZY8aO8RUkhvgBee3mXnTQmqrWTAQqproNflRf3TajFhxZLNIhXtBFkU 3RlU5a52zD7rCsLVbte+sqrL0trdY24vIHTtrxWuwtqlhGoTQm6M0efyJYSQpgEj 6kcWufqgSwEEK1g8Pi5wckiYRNX/ySjehWidbWGVOXo/qhxiyid/1MJ0OwGDGL4q F1CbTXoG9+1KjGLRGKmYJQ10qfLZl3W2DuSAtnGDWFks1MHxhYksvSTz63FDiu+8 R41WQ+K8KJvGmpSoA32eXJQUObTJ4jR3x4e3s3jw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:message-id:subject:to :x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=DS1lWC oC8W2j5olYz1GIhyCFl/l4RYclYXaQd0y1NVQ=; b=cIpncVb03KGDUuEHFNF+Jo DBX1/1kDLjtVt+cvBu8xVJlPNpCLd4HayIGc1YPYsEI4EUwH2UJNVW4n80U5R6J0 1L2zaFD5mnQqmsWe39vNj6HSpGpTp1v+4e/WkETd5vQFfRlZe8aE7qQtejYSb4UP 5bYAJjGvNXKAwdYlnJx0rCulifPHqb8jXyM4Q8DGYycPCfMSdXg3LynVc/lXSE3M VTvtY7leqvBQMc4ltKMkPNVzJyYQsID+O07g37m3+cs+CNA8nkF6ffTDSnFg/P5d Jnlm22jh+D3K0abM3XD854ZMiySc6NEYVyImuFfqmrFqIuF+3WOu7UCeKS1Ar/iQ == X-ME-Sender: X-Sasl-enc: lXmHqplnnGPK4jgSOGbQy8Pp3BDgdiZanB3MRsy6nWXQ 1505317497 Received: from localhost (unknown [188.113.81.93]) by mail.messagingengine.com (Postfix) with ESMTPA id 40B1A24A5D; Wed, 13 Sep 2017 11:44:57 -0400 (EDT) From: Marius Bakke To: guix-patches@gnu.org Subject: [PATCH] gnu: bluez: Fix CVE-2017-1000250. Date: Wed, 13 Sep 2017 17:44:25 +0200 Message-Id: <20170913154425.3647-1-mbakke@fastmail.com> X-Mailer: git-send-email 2.14.1 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.4 (----) X-Debbugs-Envelope-To: submit Cc: Marius Bakke X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.4 (----) * gnu/packages/linux.scm (%bluez-CVE-2017-1000250.patch): New variable. (bluez)[replacement]: New field. (bluez/fixed): New variable. --- gnu/packages/linux.scm | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index bfa736c1c..9dc68a2b3 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -3009,10 +3009,24 @@ applications.") Bluetooth audio output devices like headphones or loudspeakers.") (license license:gpl2+))) +;; Fix remote information disclosure in bluetoothd. +;; https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250 +;; https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000250.html +(define %bluez-CVE-2017-1000250.patch + (origin + (method url-fetch) + (uri "https://git.kernel.org/pub/scm/bluetooth/bluez.git/patch/?id=\ +9e009647b14e810e06626dde7f1bb9ea3c375d09") + (file-name "bluez-CVE-2017-1000250.patch") + (sha256 + (base32 + "0p6gblj775sv0xx4pvdll39j6spg8ihhshid5z6lgrjh0rmxi3sk")))) + (define-public bluez (package (name "bluez") (version "5.45") + (replacement bluez/fixed) (source (origin (method url-fetch) (uri (string-append @@ -3074,6 +3088,13 @@ Bluetooth audio output devices like headphones or loudspeakers.") is flexible, efficient and uses a modular implementation.") (license license:gpl2+))) +(define bluez/fixed + (package + (inherit bluez) + (source (origin + (inherit (package-source bluez)) + (patches (list %bluez-CVE-2017-1000250.patch)))))) + (define-public fuse-exfat (package (name "fuse-exfat") -- 2.14.1 From debbugs-submit-bounces@debbugs.gnu.org Wed Sep 13 15:53:36 2017 Received: (at request) by debbugs.gnu.org; 13 Sep 2017 19:53:36 +0000 Received: from localhost ([127.0.0.1]:38862 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dsDj6-0001Wr-Kh for submit@debbugs.gnu.org; Wed, 13 Sep 2017 15:53:36 -0400 Received: from flashner.co.il ([178.62.234.194]:45501) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dsDj4-0001Wf-Or for request@debbugs.gnu.org; Wed, 13 Sep 2017 15:53:35 -0400 Received: from localhost (46-117-130-79.bb.netvision.net.il [46.117.130.79]) by flashner.co.il (Postfix) with ESMTPSA id 77F61402FA for ; Wed, 13 Sep 2017 19:53:28 +0000 (UTC) Date: Wed, 13 Sep 2017 22:53:24 +0300 From: Efraim Flashner To: request@debbugs.gnu.org Subject: control Message-ID: <20170913195324.GA28792@macbook42.flashner.co.il> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="TB36FDmn/VVEgNH/" Content-Disposition: inline User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: request X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --TB36FDmn/VVEgNH/ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable reassign 28449 guix-patches close 28116 close 28419 close 28447 thanks --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --TB36FDmn/VVEgNH/ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAlm5jLAACgkQQarn3Mo9 g1EulBAAjngH3sKFQ7ebNb9Y1ILr8lW34mCpRhmzJ/ltPfMdZDf+SNJlX+4ZO0E9 MOQM6unFbXPbYPwMqcnSt4OaNdhtPIVJQde9R8aD44GAqFbCmBYhzBor2lG+fm+X IYSk5lrXOwsrMZ/mDdtinicfKOEfaQm0YplfL34cuOBUxDoCHyh1STkrRYbWITNa l5VZQ4GubliEoHVRQNzuNJRqi7NIk44XBg3E/hgtjcwuT74tKvWA7Eg7gISoq9Oa MAro1t1m17zhhZTBtM8+gX+3dHBkNr+qmx5xdhTk3CMuzXrYaofVdZDhBDt6M86B +3NrT2i+2+/3sdWUjrFwBVnUvz0Yxfp/F1BTFBD7mgU/H8aJoTkzCFw6jyXbSddk zdwZtPMEXrQd7zUVuxvxRGgqOiEk9/GHlJv5lsXYvp/JyUgXaDYfMOZNGAhZU4C1 5/lB6dohM6cBdbg8tDPFCXFFjoHRyq+l15cnF9WuAE8QDG6S0VPCfvOQacvnnv/j 3937Rp7nsX+QoSCtgWLvTaikCfpMeztMrzQAm4D8BSt6G8YEGnhSj2QzgkIPxJV6 WEZsIg37rrYHvuSrKuLxQRGz9k7Dg49jHUsW7h92uZh6QN2PZQC8iKkmkj7TL3RN hKipg/c4LrQc/t7XlGcwHyMChsWse8YureoLxoyoTTjhs7qMV8c= =xtm7 -----END PGP SIGNATURE----- --TB36FDmn/VVEgNH/-- From debbugs-submit-bounces@debbugs.gnu.org Thu Sep 14 04:22:28 2017 Received: (at 28447-done) by debbugs.gnu.org; 14 Sep 2017 08:22:28 +0000 Received: from localhost ([127.0.0.1]:39581 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dsPPo-0005yj-Gv for submit@debbugs.gnu.org; Thu, 14 Sep 2017 04:22:28 -0400 Received: from eggs.gnu.org ([208.118.235.92]:51246) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dsPPn-0005yX-Ol for 28447-done@debbugs.gnu.org; Thu, 14 Sep 2017 04:22:28 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dsPPd-00050u-RJ for 28447-done@debbugs.gnu.org; Thu, 14 Sep 2017 04:22:22 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:41079) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dsPPO-0004kz-Hm; Thu, 14 Sep 2017 04:22:02 -0400 Received: from [193.50.110.249] (port=36550 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dsPPO-0006NZ-1T; Thu, 14 Sep 2017 04:22:02 -0400 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Marius Bakke Subject: Re: [bug#28447] [PATCH] gnu: bluez: Fix CVE-2017-1000250. References: <20170913154425.3647-1-mbakke@fastmail.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 28 Fructidor an 225 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Thu, 14 Sep 2017 10:22:00 +0200 In-Reply-To: <20170913154425.3647-1-mbakke@fastmail.com> (Marius Bakke's message of "Wed, 13 Sep 2017 17:44:25 +0200") Message-ID: <87zi9xbsgn.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 28447-done Cc: Mark H Weaver , 28447-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Hi Marius, Marius Bakke skribis: > * gnu/packages/linux.scm (%bluez-CVE-2017-1000250.patch): New variable. > (bluez)[replacement]: New field. > (bluez/fixed): New variable. Mark beat you at it: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=3D27236a43486b8fbb9= d55d533e558165bab07d020 The only difference I can see is that Mark included the patch in the repo. Maybe we should coordinate for security fixes via IRC or something. :-) Thanks to both of you! Ludo=E2=80=99. From unknown Fri Aug 15 02:02:22 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 12 Oct 2017 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator