Re: bluez / CVE-2020-0556

To: Ola Lundqvist <ola@inguza.com>
Cc: Debian LTS <debian-lts@lists.debian.org>
Subject: Re: bluez / CVE-2020-0556
From: Brian May <bam@debian.org>
Date: Tue, 12 May 2020 07:24:05 +1000
Message-id: <[🔎] 87lflydv2i.fsf@silverfish.pri>
In-reply-to: <[🔎] CABY6=0kt7xF8fmP4qT7BBwzbR4dBE0eP1ymzvGSoX32NGmfmjw@mail.gmail.com>
References: <[🔎] 871rnrcv83.fsf@silverfish.pri> <[🔎] CABY6=0kt7xF8fmP4qT7BBwzbR4dBE0eP1ymzvGSoX32NGmfmjw@mail.gmail.com>

Ola Lundqvist <ola@inguza.com> writes:

> I based my conclusion on the fact that hog.c does not seem to have the
> concept of bonded at all.
> This is what I mean with "does not seem to need". But I'm new to this
> code so I could very well be wrong.

I believe bonded is a global bluetooth concept, not specific to hog
(which is just one protocol). See:
https://codeitbro.blogspot.com/2017/04/ble-pairing-vs-bonding.html

If you look at hog.c before the upstream commit was applied, it didn't
have any concept of bonded either.
-- 
Brian May <bam@debian.org>

Reply to:

References:
- bluez / CVE-2020-0556
  - From: Brian May <brian@linuxpenguins.xyz>
- Re: bluez / CVE-2020-0556
  - From: Ola Lundqvist <ola@inguza.com>

Prev by Date: Re: Refreshing mysql-connector-java
Next by Date: Re: bluez / CVE-2020-0556
Previous by thread: Re: bluez / CVE-2020-0556
Next by thread: Re: bluez / CVE-2020-0556
Index(es):
- Date
- Thread