Re: bluez / CVE-2020-0556
Ola Lundqvist <ola@inguza.com> writes:
> I based my conclusion on the fact that hog.c does not seem to have the
> concept of bonded at all.
> This is what I mean with "does not seem to need". But I'm new to this
> code so I could very well be wrong.
I believe bonded is a global bluetooth concept, not specific to hog
(which is just one protocol). See:
https://codeitbro.blogspot.com/2017/04/ble-pairing-vs-bonding.html
If you look at hog.c before the upstream commit was applied, it didn't
have any concept of bonded either.
--
Brian May <bam@debian.org>
Reply to: