Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 484546 (CVE-2013-5700)

Summary: <net-p2p/bitcoind-0.8.5, <net-p2p/bitcoin-qt-0.8.5: Denial of Service (CVE-2013-5700)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: blueness, luke-jr+gentoobugs, proxy-maint
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5700
Whiteboard: B3 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 480096    
Bug Blocks:    

Description GLSAMaker/CVETool Bot gentoo-dev 2013-09-11 01:56:58 UTC 
CVE-2013-5700 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5700):
  The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before
  0.8.4rc1 allows remote attackers to cause a denial of service
  (divide-by-zero error and daemon crash) via a crafted sequence of messages.
Comment 1 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-26 17:46:27 UTC 
GLSA vote (for this and bugs 435216, 482970, 484134): no. @maintainers: please clean affected. 0.6.* needs to be cleaned or 0.6.5rc4 needs to be added and stabilized wrt bug 482970, <0.8.4 needs to be cleaned.
Comment 2 Sergey Popov gentoo-dev 2013-09-27 08:52:44 UTC 
GLSA vote: no

Waiting for cleanup
Comment 3 Anthony Basile gentoo-dev 2013-10-10 00:18:33 UTC 
I cleaned up net-p2p/bincoind but we need bitcoin-qt-0.8.5 stabized for amd64, arm and x86.  I'm cc-in the arches.
Comment 4 Agostino Sarubbo gentoo-dev 2013-10-11 14:01:50 UTC 
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2013-10-11 14:02:14 UTC 
x86 stable
Comment 6 Agostino Sarubbo gentoo-dev 2013-10-13 08:11:56 UTC 
arm stable
Comment 7 Sean Amoss (RETIRED) gentoo-dev Security 2013-10-13 15:43:21 UTC 
Maintainers, please clean up vulnerable versions of net-p2p/bitcoin-qt. Thanks
Comment 8 Anthony Basile gentoo-dev 2013-10-14 00:36:39 UTC 
(In reply to Sean Amoss from comment #7)
> Maintainers, please clean up vulnerable versions of net-p2p/bitcoin-qt.
> Thanks

done
Comment 9 Yury German Gentoo Infrastructure gentoo-dev 2013-10-14 00:57:36 UTC 
(In reply to Anthony Basile from comment #8)
> (In reply to Sean Amoss from comment #7)
> > Maintainers, please clean up vulnerable versions of net-p2p/bitcoin-qt.
> > Thanks
> 
> done

Looks like 0.8.1  is still in tree.
Comment 10 Anthony Basile gentoo-dev 2013-10-18 18:14:46 UTC 
(In reply to Yury German from comment #9)
> (In reply to Anthony Basile from comment #8)
> > (In reply to Sean Amoss from comment #7)
> > > Maintainers, please clean up vulnerable versions of net-p2p/bitcoin-qt.
> > > Thanks
> > 
> > done
> 
> Looks like 0.8.1  is still in tree.

Please check again.  Only net-p2p/bitcoind-0.8.5 and net-p2p/bitcoin-qt-0.8.5 are in the tree.