Summary: | <net-p2p/bitcoin{-qt,d}-0.16.3: (CVE-2018-17144) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Luke-Jr <luke-jr+gentoobugs> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | andrius, proxy-maint, vdupras |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/gentoo/gentoo/pull/9907 | ||
See Also: | https://github.com/gentoo/gentoo/pull/9907 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 768765 |
Description
Luke-Jr
2018-09-21 01:46:30 UTC
*** Bug 666665 has been marked as a duplicate of this bug. *** The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35caca435f172d52f62b9a9119a7234770f662f9 commit 35caca435f172d52f62b9a9119a7234770f662f9 Author: Luke Dashjr <luke-jr+git@utopios.org> AuthorDate: 2018-09-18 15:57:26 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-09-21 12:38:01 +0000 dev-util/bitcoin-tx: Bump to 0.16.3 Signed-off-by: Luke Dashjr <luke-jr+git@utopios.org> Signed-off-by: Virgil Dupras <vdupras@gentoo.org> Bug: https://bugs.gentoo.org/666669 dev-util/bitcoin-tx/Manifest | 2 + dev-util/bitcoin-tx/bitcoin-tx-0.16.3.ebuild | 98 ++++++++++++++++++++++++++++ 2 files changed, 100 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f826abec95faa662523e1ce797ee2b9256d9c562 commit f826abec95faa662523e1ce797ee2b9256d9c562 Author: Luke Dashjr <luke-jr+git@utopios.org> AuthorDate: 2018-09-18 15:55:14 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-09-21 12:37:57 +0000 net-libs/libbitcoinconsensus: Bump to 0.16.3 Signed-off-by: Luke Dashjr <luke-jr+git@utopios.org> Signed-off-by: Virgil Dupras <vdupras@gentoo.org> Bug: https://bugs.gentoo.org/666669 net-libs/libbitcoinconsensus/Manifest | 2 + .../libbitcoinconsensus-0.16.3.ebuild | 95 ++++++++++++++++++++++ 2 files changed, 97 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2bb81035351ee4da03befedbce1c41765ad09a11 commit 2bb81035351ee4da03befedbce1c41765ad09a11 Author: Luke Dashjr <luke-jr+git@utopios.org> AuthorDate: 2018-09-18 15:53:51 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-09-21 12:37:57 +0000 net-p2p/bitcoin-cli: Bump to 0.16.3 Signed-off-by: Luke Dashjr <luke-jr+git@utopios.org> Signed-off-by: Virgil Dupras <vdupras@gentoo.org> Bug: https://bugs.gentoo.org/666669 net-p2p/bitcoin-cli/Manifest | 2 + net-p2p/bitcoin-cli/bitcoin-cli-0.16.3.ebuild | 97 +++++++++++++++++++++++++++ 2 files changed, 99 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2d3e52654733b3f973d8ea7b3f0ea41bf00dec8 commit d2d3e52654733b3f973d8ea7b3f0ea41bf00dec8 Author: Luke Dashjr <luke-jr+git@utopios.org> AuthorDate: 2018-09-18 15:50:53 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-09-21 12:37:57 +0000 net-p2p/bitcoind: Bump to 0.16.3 Signed-off-by: Luke Dashjr <luke-jr+git@utopios.org> Signed-off-by: Virgil Dupras <vdupras@gentoo.org> Bug: https://bugs.gentoo.org/666669 net-p2p/bitcoind/Manifest | 2 + net-p2p/bitcoind/bitcoind-0.16.3.ebuild | 163 ++++++++++++++++++++++++++++++++ 2 files changed, 165 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f73c62f7d8ebc6689028191b516c81440869c4a commit 9f73c62f7d8ebc6689028191b516c81440869c4a Author: Luke Dashjr <luke-jr+git@utopios.org> AuthorDate: 2018-09-18 15:46:59 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-09-21 12:37:55 +0000 net-p2p/bitcoin-qt: Bump to 0.16.3 Signed-off-by: Luke Dashjr <luke-jr+git@utopios.org> Closes: https://github.com/gentoo/gentoo/pull/9907 Signed-off-by: Virgil Dupras <vdupras@gentoo.org> Bug: https://bugs.gentoo.org/666669 net-p2p/bitcoin-qt/Manifest | 2 + net-p2p/bitcoin-qt/bitcoin-qt-0.16.3.ebuild | 182 ++++++++++++++++++++++++++++ 2 files changed, 184 insertions(+) The vulnerability hasn't been categorized by the security team yet, but let's start a stable request regardless... An automated check of this bug failed - repoman reported dependency errors (101 lines truncated):
> dependency.bad net-p2p/bitcoin-qt/bitcoin-qt-0.16.3.ebuild: DEPEND: arm(default/linux/arm/13.0) ['dev-qt/qtcore:5', 'dev-qt/qtgui:5', 'dev-qt/qtnetwork:5', 'dev-qt/qtwidgets:5', 'dev-qt/qtdbus:5', 'dev-qt/linguist-tools:5']
> dependency.bad net-p2p/bitcoin-qt/bitcoin-qt-0.16.3.ebuild: RDEPEND: arm(default/linux/arm/13.0) ['dev-qt/qtcore:5', 'dev-qt/qtgui:5', 'dev-qt/qtnetwork:5', 'dev-qt/qtwidgets:5', 'dev-qt/qtdbus:5']
> dependency.bad net-p2p/bitcoin-qt/bitcoin-qt-0.16.3.ebuild: DEPEND: arm(default/linux/arm/17.0) ['dev-qt/qtcore:5', 'dev-qt/qtgui:5', 'dev-qt/qtnetwork:5', 'dev-qt/qtwidgets:5', 'dev-qt/qtdbus:5', 'dev-qt/linguist-tools:5']
An automated check of this bug succeeded - the previous repoman errors are now resolved. amd64 stable x86 stable arm: we missed the security delay of 20 days. In a week, I'll proceed to cleanup whether this is stabilized or not. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b0b2fb607337ffc92be3d8313498e55616e6963 commit 6b0b2fb607337ffc92be3d8313498e55616e6963 Author: Virgil Dupras <vdupras@gentoo.org> AuthorDate: 2018-10-23 20:37:40 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-10-23 20:38:28 +0000 dev-util/bitcoin-tx: remove old and vulnerable Bug: https://bugs.gentoo.org/666669 Signed-off-by: Virgil Dupras <vdupras@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 dev-util/bitcoin-tx/Manifest | 2 - dev-util/bitcoin-tx/bitcoin-tx-0.15.1.ebuild | 102 --------------------------- 2 files changed, 104 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a51f2a1855e1dd6c62eb7a8ee17ca27531f9d146 commit a51f2a1855e1dd6c62eb7a8ee17ca27531f9d146 Author: Virgil Dupras <vdupras@gentoo.org> AuthorDate: 2018-10-23 20:36:16 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-10-23 20:38:27 +0000 net-libs/libbitcoinconsensus: remove old and vulnerable Bug: https://bugs.gentoo.org/666669 Signed-off-by: Virgil Dupras <vdupras@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 net-libs/libbitcoinconsensus/Manifest | 2 - .../libbitcoinconsensus-0.15.1.ebuild | 99 ---------------------- 2 files changed, 101 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3c847a77d54b0910d52d4852859651fa49510eb3 commit 3c847a77d54b0910d52d4852859651fa49510eb3 Author: Virgil Dupras <vdupras@gentoo.org> AuthorDate: 2018-10-23 20:35:00 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-10-23 20:38:27 +0000 net-p2p/bitcoind: remove old and vulnerable Bug: https://bugs.gentoo.org/666669 Signed-off-by: Virgil Dupras <vdupras@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 net-p2p/bitcoind/Manifest | 2 - net-p2p/bitcoind/bitcoind-0.15.1.ebuild | 167 --------------------- .../files/bitcoind-0.15.1-test-build-fix.patch | 24 --- .../files/bitcoind-0.15.1-test-util-fix.patch | 15 -- 4 files changed, 208 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aa43f6f2847e6779d6bea9c2242be1fc76b86f20 commit aa43f6f2847e6779d6bea9c2242be1fc76b86f20 Author: Virgil Dupras <vdupras@gentoo.org> AuthorDate: 2018-10-23 20:32:44 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-10-23 20:38:26 +0000 net-p2p/bitcoin-cli: remove old and vulnerable Bug: https://bugs.gentoo.org/666669 Signed-off-by: Virgil Dupras <vdupras@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 net-p2p/bitcoin-cli/Manifest | 2 - net-p2p/bitcoin-cli/bitcoin-cli-0.15.1.ebuild | 101 -------------------------- 2 files changed, 103 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b957e3983c5b664df340102d7311e266244f019 commit 1b957e3983c5b664df340102d7311e266244f019 Author: Virgil Dupras <vdupras@gentoo.org> AuthorDate: 2018-10-23 20:31:22 +0000 Commit: Virgil Dupras <vdupras@gentoo.org> CommitDate: 2018-10-23 20:38:26 +0000 net-p2p/bitcoin-qt: remove old and vulnerable Bug: https://bugs.gentoo.org/666669 Signed-off-by: Virgil Dupras <vdupras@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 net-p2p/bitcoin-qt/Manifest | 2 - net-p2p/bitcoin-qt/bitcoin-qt-0.15.1.ebuild | 255 --------------------- .../files/bitcoin-qt-0.15.1-test-build-fix.patch | 24 -- .../files/bitcoin-qt-0.15.1-test-util-fix.patch | 15 -- net-p2p/bitcoin-qt/metadata.xml | 2 - 5 files changed, 298 deletions(-) This bug is evil... |