The details of this vulnerability have not been disclosed yet. Please stabilize 0.5.5 ASAP. NOTE: these versions are pending import to the main tree still. Solution: Upgrade to version 0.4.6, 0.5.5, 0.6.0.7, or 0.6.2 or later References: https://bitcointalk.org/index.php?topic=81749.0
Luke, thanks for report this, but please don't cc arches when there is not the time.
I see 0.6.2 is in the tree now, thanks. Are we ok to stabilize that?
(In reply to comment #2) > I see 0.6.2 is in the tree now, thanks. Are we ok to stabilize that? It's secure against this vulnerability, but 0.6.x has only been out for a couple of weeks and not very well-tested yet. I would recommend stabilizing 0.5.5 for now.
(In reply to comment #3) > I would recommend stabilizing > 0.5.5 for now. Thanks, Luke, sorry I missed that in c0. Arches, please test and mark stable: =net-p2p/bitcoind-0.5.5 =net-p2p/bitcoin-qt-0.5.5 Target keywords : "amd64 x86"
Also arm?
(In reply to comment #5) > Also arm? Neither package is stable on arm currently.
(In reply to comment #6) > (In reply to comment #5) > > Also arm? > > Neither package is stable on arm currently. Original arm stabilization request was bug 405211, and had continued into the last CVE (bug 407793).
(In reply to comment #7) > (In reply to comment #6) > > (In reply to comment #5) > > > Also arm? > > > > Neither package is stable on arm currently. > > Original arm stabilization request was bug 405211, and had continued into > the last CVE (bug 407793). I added the ebuilds yesterday after I saw this bug report. As the arch teams do their work, I will drop keywords and finally remove the last remaining vulnerable version: {bitcoind,bitcoin-qt}-0.5.3
amd64: pass
amd64 stable
Both build and run fine on x86. Please mark stable for x86.
x86: i am not see bugs or any problems. Please mark stable for x86
x86 stable
arm has no stable keywords, removing us. all arches done.
CVE-2012-2459 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2459): Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network.
Thanks, everyone. GLSA vote: no.
GLSA Vote: no too. Closing noglsa.