Summary: | <net-p2p/{bitcoind,bitcoin-qt}-0.5.5 : DoS vulnerability (CVE-2012-2459) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Luke-Jr <luke-jr+gentoobugs> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | blueness |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | https://bitcointalk.org/index.php?topic=81749.0 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 407793 |
Description
Luke-Jr
2012-05-14 17:33:31 UTC
Luke, thanks for report this, but please don't cc arches when there is not the time. I see 0.6.2 is in the tree now, thanks. Are we ok to stabilize that? (In reply to comment #2) > I see 0.6.2 is in the tree now, thanks. Are we ok to stabilize that? It's secure against this vulnerability, but 0.6.x has only been out for a couple of weeks and not very well-tested yet. I would recommend stabilizing 0.5.5 for now. (In reply to comment #3) > I would recommend stabilizing > 0.5.5 for now. Thanks, Luke, sorry I missed that in c0. Arches, please test and mark stable: =net-p2p/bitcoind-0.5.5 =net-p2p/bitcoin-qt-0.5.5 Target keywords : "amd64 x86" Also arm? (In reply to comment #5) > Also arm? Neither package is stable on arm currently. (In reply to comment #6) > (In reply to comment #5) > > Also arm? > > Neither package is stable on arm currently. Original arm stabilization request was bug 405211, and had continued into the last CVE (bug 407793). (In reply to comment #7) > (In reply to comment #6) > > (In reply to comment #5) > > > Also arm? > > > > Neither package is stable on arm currently. > > Original arm stabilization request was bug 405211, and had continued into > the last CVE (bug 407793). I added the ebuilds yesterday after I saw this bug report. As the arch teams do their work, I will drop keywords and finally remove the last remaining vulnerable version: {bitcoind,bitcoin-qt}-0.5.3 amd64: pass amd64 stable Both build and run fine on x86. Please mark stable for x86. x86: i am not see bugs or any problems. Please mark stable for x86 x86 stable arm has no stable keywords, removing us. all arches done. CVE-2012-2459 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2459): Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network. Thanks, everyone. GLSA vote: no. GLSA Vote: no too. Closing noglsa. |