It was discovered that there was a keyboard injection attack in Bluez, a set of services and tools for interacting with wireless Bluetooth devices.
Prior to this change, BlueZ may have permitted unauthenticated peripherals to establish encrypted connections and thereby accept keyboard reports, potentially permitting injection of HID (~keyboard) commands, despite no user authorising such access.