Update description and add Bluetooth SIG reference

2019/9xxx/CVE-2019-9506.json

@@ -5,7 +5,7 @@
         "DATE_PUBLIC": "2019-08-14",
         "ID": "CVE-2019-9506",
         "STATE": "PUBLIC",
-        "TITLE": "Blutooth BR/EDR specification does not specify sufficient encryption key entropy"
+        "TITLE": "Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation"
     },
     "affects": {
         "vendor": {
@@ -46,7 +46,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low entropy in the encryption key negotiation protocol to allow practical brute-force attacks (aka \"KNOB\"). A successful attack can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
+                "value": "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing."
             }
         ]
     },
@@ -97,8 +97,13 @@
                 "name": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli",
                 "refsource": "MISC",
                 "url": "https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli"
-            }
+			},
-        ]
+			{
+				"name": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/",
+			    "refsource": "CONFIRM",
+			    "url": "https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/"
+			}
+		]
     },
     "source": {
         "advisory": "VU#918987",