GNU bug report logs - #40044
BlueZ CVE-2020-0556

Previous Next

Full log

View this message in rfc822 format

From: Leo Famulari <leo <at> famulari.name>
To: 40044 <at> debbugs.gnu.org
Subject: [bug#40044] [PATCH] gnu: BlueZ: Update to 5.53 [security fixes].
Date: Thu, 12 Mar 2020 15:29:40 -0400

Apparently this fixes a privilege escalation bug:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html

* gnu/packages/linux.scm (bluez-5.53): New variable.
(bluez)[replacement]: New field.
---
 gnu/packages/linux.scm | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 01986222e8..61b02591a4 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -3995,6 +3995,7 @@ Bluetooth audio output devices like headphones or loudspeakers.")
   (package
     (name "bluez")
     (version "5.52")
+    (replacement bluez-5.53)
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -4059,6 +4060,19 @@ Bluetooth audio output devices like headphones or loudspeakers.")
 is flexible, efficient and uses a modular implementation.")
     (license license:gpl2+)))
 
+(define bluez-5.53
+  (package
+    (inherit bluez)
+    (version "5.53")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "mirror://kernel.org/linux/bluetooth/bluez-"
+                    version ".tar.xz"))
+              (sha256
+               (base32
+                "1g1qg6dz6hl3csrmz75ixr12lwv836hq3ckb259svvrg62l2vaiq"))))))
+
 (define-public fuse-exfat
   (package
     (name "fuse-exfat")
-- 
2.25.1

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.