Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 683232 - <net-wireless/gnome-bluetooth-3.28.2: add workaround for CVE-2018-10910
Summary: <net-wireless/gnome-bluetooth-3.28.2: add workaround for CVE-2018-10910
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-04-13 09:38 UTC by GLSAMaker/CVETool Bot
Modified: 2019-04-19 15:23 UTC (History)
1 user (show)

See Also:
Package list:
net-wireless/gnome-bluetooth-3.28.2
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-04-13 09:38:07 UTC 
CVE-2018-10910 (https://nvd.nist.gov/vuln/detail/CVE-2018-10910):
  A bug in Bluez may allow for the Bluetooth Discoverable state being set to
  on when no Bluetooth agent is registered with the system. This situation
  could lead to the unauthorized pairing of certain Bluetooth devices without
  any form of authentication. Versions before bluez 5.51 are vulnerable.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2019-04-13 09:40:12 UTC 
If we cannot stabilize =net-wireless/gnome-bluetooth-3.28.2 please backport https://gitlab.gnome.org/GNOME/gnome-bluetooth/commit/6b5086d42ea64d46277f3c93b43984f331d12f89
Comment 2 Mart Raudsepp gentoo-dev 2019-04-13 09:49:01 UTC 
I think it's fine to stabilize. Not sure why whiteboard had "upstream"
Comment 3 Mart Raudsepp gentoo-dev 2019-04-13 09:50:49 UTC 
I think the only potential problem could be related to the settings panel, where gnome-bluetooth assumes the new design of gnome-control-center panels. I hope that just means it looks a bit out of place with the older design by having a new design. Might be nice if someone with stable tree gnome-control-center would verify the bluetooth settings panel.
Comment 4 Agostino Sarubbo gentoo-dev 2019-04-14 10:24:18 UTC 
amd64 stable
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2019-04-18 20:34:12 UTC 
x86 stable
Comment 6 Aaron Bauman (RETIRED) gentoo-dev 2019-04-18 21:51:09 UTC 
@maintainer, please drop vulnerable.
Comment 7 Mart Raudsepp gentoo-dev 2019-04-19 10:45:03 UTC 
cleanup is done