Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 435216 - net-p2p/bitcoind, net-p2p/bitcoin-qt: Two unspecified DoS vulnerabilities (CVE-2012-{4682,4683})
Summary: net-p2p/bitcoind, net-p2p/bitcoin-qt: Two unspecified DoS vulnerabilities (CV...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa]
Keywords:
Depends on: 480096
Blocks:
  Show dependency tree
 
Reported: 2012-09-16 15:37 UTC by GLSAMaker/CVETool Bot
Modified: 2013-09-27 08:54 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2012-09-16 15:37:30 UTC
CVE-2012-4683 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4683):
  Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to
  cause a denial of service via unknown vectors, a different vulnerability
  than CVE-2012-4682.

CVE-2012-4682 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4682):
  Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to
  cause a denial of service via unknown vectors, a different vulnerability
  than CVE-2012-4683.
Comment 1 Luke-Jr 2012-09-16 16:43:34 UTC
These will be fixed in 0.4.8, 0.5.7, 0.6.0.10, 0.6.4 and 0.7.0, currently in RC stages.
Comment 2 Fabian Köster 2012-10-08 16:53:43 UTC
Bitcoin 0.7.0 has been released but is not in tree yet. Anybody working on this?
Comment 3 Luke-Jr 2012-10-08 16:56:15 UTC
It's in the overlay, and "maintree" branch ready for merging to the official main tree - not sure what the delay is, I'll ping blueness.
Comment 4 Anthony Basile gentoo-dev 2012-10-08 18:32:11 UTC
(In reply to comment #3)
> It's in the overlay, and "maintree" branch ready for merging to the official
> main tree - not sure what the delay is, I'll ping blueness.

done
Comment 5 Sean Amoss (RETIRED) gentoo-dev Security 2012-10-15 01:02:38 UTC
Are these ready to go stable?
Comment 6 Luke-Jr 2012-10-15 01:15:59 UTC
0.6.4_rc4 (not yet in tree) could probably be stabilized, but isn't officially final yet. 0.7.x has a number of new bugs that would make it non-ideal to stabilize.
Comment 7 Anthony Basile gentoo-dev 2013-03-27 23:59:34 UTC
In light of bug #462046, isn't this bug obsolete?  We should be targetting bitcoind and bitcoin-qt 0.8.1 which I just added to the tree.
Comment 8 Luke-Jr 2013-03-28 00:48:51 UTC
(In reply to comment #7)
> In light of bug #462046, isn't this bug obsolete?  We should be targetting
> bitcoind and bitcoin-qt 0.8.1 which I just added to the tree.

I'm all for stabilizing 0.8.1 ASAP, but it *was* just released.
In the meantime, 0.6.3 is latest stable and still vulnerable to these.
Comment 9 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-03 21:02:42 UTC
Ping, are we okay to stable something? Pick a version.
Comment 10 Luke-Jr 2013-09-03 21:09:54 UTC
0.8.4 was just tagged. I'll try to push an ebuild out tonight.