CVE-2018-10910 (https://nvd.nist.gov/vuln/detail/CVE-2018-10910): A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.
bluez-5.51 (not yet released) should contain the patches (https://bugzilla.redhat.com/show_bug.cgi?id=1602985).
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01275fe1564faa3c830bca4b0ea900fb44bafb0f commit 01275fe1564faa3c830bca4b0ea900fb44bafb0f Author: Pacho Ramos <pacho@gentoo.org> AuthorDate: 2019-09-29 10:58:47 +0000 Commit: Pacho Ramos <pacho@gentoo.org> CommitDate: 2019-09-29 10:58:47 +0000 net-wireless/bluez: Version bump to 5.51 - Follow Fedora for installing few more needed extra-tools, AutoEnable bluetooth as soon as possible for keyboard/mouse devices. - Install example files for meshctl (#662110) - Fix QA issues (#694852) Closes: https://bugs.gentoo.org/662110 Bug: https://bugs.gentoo.org/683230 Closes: https://bugs.gentoo.org/694852 Closes: https://bugs.gentoo.org/695316 Package-Manager: Portage-2.3.76, Repoman-2.3.17 Signed-off-by: Pacho Ramos <pacho@gentoo.org> net-wireless/bluez/Manifest | 1 + net-wireless/bluez/bluez-5.51.ebuild | 285 +++++++++++++++++++++++ net-wireless/bluez/files/69-btattach-bcm.rules | 33 +++ net-wireless/bluez/files/bluetooth-init.d-r4 | 2 +- net-wireless/bluez/files/btattach-bcm-service.sh | 30 +++ net-wireless/bluez/files/btattach-bcm_at.service | 6 + 6 files changed, 356 insertions(+), 1 deletion(-)
x86 stable
arm64 stable
amd64 stable
ppc stable
ppc64 stable
arm stable
older versions were cleaned
Tree is clean.
GLSA Vote: No Repository is clean, all done!