0.16.3 release notes (CVE-2018-17144): "A denial-of-service vulnerability exploitable by miners has been discovered in Litecoin Core versions 0.14.0 up to 0.16.2. It is recommended to upgrade any of the vulnerable versions to 0.16.3 as soon as possible." 0.18.1 release notes: "This release changes the Random Number Generator (RNG) used from OpenSSL to Litecoin Core's own implementation, although entropy gathered by Litecoin Core is fed out to OpenSSL and then read back in when the program needs strong randomness. This moves Litecoin Core a little closer to no longer needing to depend on OpenSSL, a dependency that has caused security issues in the past. The new implementation gathers entropy from multiple sources, including from hardware supporting the rdseed CPU instruction."
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2d4a9bbe950fbbdc14cf7b19d86dbbd200b0bed5 commit 2d4a9bbe950fbbdc14cf7b19d86dbbd200b0bed5 Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-06-18 10:04:48 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-06-18 11:26:30 +0000 net-p2p/litecoind: add 0.18.1 Closes: https://bugs.gentoo.org/607842 Bug: https://bugs.gentoo.org/672326 Bug: https://bugs.gentoo.org/768768 Bug: https://bugs.gentoo.org/788844 Signed-off-by: David Seifert <soap@gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/21302 Signed-off-by: Sam James <sam@gentoo.org> net-p2p/litecoind/Manifest | 1 + .../files/litecoind-0.18.1-system-leveldb.patch | 37 +++++++++ net-p2p/litecoind/litecoind-0.18.1.ebuild | 87 ++++++++++++++++++++++ 3 files changed, 125 insertions(+)
Unable to check for sanity: > no match for package: net-p2p/litecoind-0.18.1
https://github.com/gentoo/gentoo/commit/7f13bff130027d7f6f37474c389b1fd62258bd68 All done!