diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2023-03-17 13:05:57 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2023-03-17 13:05:57 +0100 |
| commit | c0aa783b12cca88f4db87be7d883b51229202a94 (patch) | |
| tree | acec68c397e7c737288facd66f0d1cda94ef3856 | |
| parent | cd641c591a35c6d3092abf89a75976985d44a358 (diff) | |
Remove associations for CVE-2020-15802 and CVE-2020-26555
Following security-tracker update for the entries and de-association
with specific implementation in Linux but rather considering it a
protocol issue.
Link: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c72e05398d71b26af09299b3f90b540b44af3bb8
| -rw-r--r-- | active/CVE-2020-15802 | 19 | ||||
| -rw-r--r-- | active/CVE-2020-26555 | 24 |
2 files changed, 0 insertions, 43 deletions
diff --git a/active/CVE-2020-15802 b/active/CVE-2020-15802 deleted file mode 100644 index 975e823a..00000000 --- a/active/CVE-2020-15802 +++ /dev/null @@ -1,19 +0,0 @@ -Description: BLURtooth: "Dual mode" hardware using CTKD are vulnerable to key overwrite -References: - https://bugzilla.redhat.com/show_bug.cgi?id=1878021 - https://securityaffairs.co/wordpress/108096/hacking/blurtooth-bluetooth-attack.html - https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/ - https://www.kb.cert.org/vuls/id/589825/ - https://bugzilla.suse.com/show_bug.cgi?id=1176442 -Notes: - bwh> Introduced in 3.19 as noted in - bwh> http://www.bluez.org/bluetooth-4-2-features-going-to-the-3-19-kernel-release/ -Bugs: -upstream: needed -5.10-upstream-stable: needed -4.19-upstream-stable: needed -4.9-upstream-stable: needed -sid: needed -5.10-bullseye-security: needed -4.19-buster-security: needed -4.9-stretch-security: ignored "EOL" diff --git a/active/CVE-2020-26555 b/active/CVE-2020-26555 deleted file mode 100644 index a1f793bc..00000000 --- a/active/CVE-2020-26555 +++ /dev/null @@ -1,24 +0,0 @@ -Description: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack -References: - https://kb.cert.org/vuls/id/799380 - https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/impersonation-pin-pairing/ - https://bugzilla.redhat.com/show_bug.cgi?id=1918601 - https://bodhi.fedoraproject.org/updates/FEDORA-2021-a35b44fd9f - https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00520.html -Notes: - bwh> Fedora claims this was fixed along with CVE-2020-26558 in - bwh> 5.12.7, which implies the upstream fix is commit 6d19628f539f - bwh> "Bluetooth: SMP: Fail if remote and local public keys are - bwh> identical". But it's not clear to me that that commit - bwh> addresses this issue too. - bwh> Intel claims to have addressed this for their Bluetooth - bwh> adapters in a firmware update. -Bugs: -upstream: -5.10-upstream-stable: -4.19-upstream-stable: -4.9-upstream-stable: -sid: -5.10-bullseye-security: -4.19-buster-security: -4.9-stretch-security: |