Bug 431428 (CVE-2012-3789)

Summary:	<net-p2p/bitcoind-0.6.3, <net-p2p/bitcoin-qt-0.6.3: DoS vulnerability (CVE-2012-3789)
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	blueness, dogshu, luke-jr+gentoobugs
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3789
Whiteboard:	B3 [noglsa]
Package list:		Runtime testing required:	---
Bug Depends on:	429188
Bug Blocks:

Description GLSAMaker/CVETool Bot gentoo-dev

2012-08-14 20:48:06 UTC

CVE-2012-3789 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3789):
  Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x
  before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows
  remote attackers to cause a denial of service (process hang) via unknown
  behavior on a Bitcoin network.


Maintainers, please bump.

Comment 1 Sean Amoss (RETIRED) gentoo-dev

2012-09-16 15:34:37 UTC

From upstream release notes [1]:

Bitcoin version 0.6.3 is now available for download at:
  http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.6.3/

This is a bug-fix release, with no new features.

CHANGE SUMMARY
==============

Fixed a serious denial-of-service attack that could cause the
bitcoin process to become unresponsive. Thanks to Sergio Lerner
for finding and responsibly reporting the problem. (CVE-2012-3789)


[1] http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.6.3/

Stabilization of =net-p2p/bitcoin-qt-0.6.3 and =net-p2p/bitcoind-0.6.3 is in bug 429188.

Comment 2 Sean Amoss (RETIRED) gentoo-dev

2012-10-21 02:04:38 UTC

GLSA vote: no.

Comment 3 Tim Sammut (RETIRED) gentoo-dev

2012-12-11 17:38:43 UTC

Thanks, folks. GLSA Vote: no. Closing noglsa.