484546 – (CVE-2013-5700) <net-p2p/bitcoind-0.8.5, <net-p2p/bitcoin-qt-0.8.5: Denial of Service (CVE-2013-5700)

Bug 484546 (CVE-2013-5700) - <net-p2p/bitcoind-0.8.5, <net-p2p/bitcoin-qt-0.8.5: Denial of Service (CVE-2013-5700)

Summary: <net-p2p/bitcoind-0.8.5, <net-p2p/bitcoin-qt-0.8.5: Denial of Service (CVE-20...

Status:	RESOLVED FIXED

Alias:	CVE-2013-5700

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:	480096
Blocks:
	Show dependency tree

Reported:	2013-09-11 01:56 UTC by GLSAMaker/CVETool Bot
Modified:	2013-10-21 03:18 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2013-09-11 01:56:58 UTC

CVE-2013-5700 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5700):
  The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before
  0.8.4rc1 allows remote attackers to cause a denial of service
  (divide-by-zero error and daemon crash) via a crafted sequence of messages.

Comment 1 Chris Reffett (RETIRED) gentoo-dev

2013-09-26 17:46:27 UTC

GLSA vote (for this and bugs 435216, 482970, 484134): no. @maintainers: please clean affected. 0.6.* needs to be cleaned or 0.6.5rc4 needs to be added and stabilized wrt bug 482970, <0.8.4 needs to be cleaned.

Comment 2 Sergey Popov gentoo-dev

2013-09-27 08:52:44 UTC

GLSA vote: no

Waiting for cleanup

Comment 3 Anthony Basile gentoo-dev

2013-10-10 00:18:33 UTC

I cleaned up net-p2p/bincoind but we need bitcoin-qt-0.8.5 stabized for amd64, arm and x86.  I'm cc-in the arches.

Comment 4 Agostino Sarubbo gentoo-dev

2013-10-11 14:01:50 UTC

amd64 stable

Comment 5 Agostino Sarubbo gentoo-dev

2013-10-11 14:02:14 UTC

x86 stable

Comment 6 Agostino Sarubbo gentoo-dev

2013-10-13 08:11:56 UTC

arm stable

Comment 7 Sean Amoss (RETIRED) gentoo-dev

2013-10-13 15:43:21 UTC

Maintainers, please clean up vulnerable versions of net-p2p/bitcoin-qt. Thanks

Comment 8 Anthony Basile gentoo-dev

2013-10-14 00:36:39 UTC

(In reply to Sean Amoss from comment #7)
> Maintainers, please clean up vulnerable versions of net-p2p/bitcoin-qt.
> Thanks

done

Comment 9 Yury German Gentoo Infrastructure

2013-10-14 00:57:36 UTC

(In reply to Anthony Basile from comment #8)
> (In reply to Sean Amoss from comment #7)
> > Maintainers, please clean up vulnerable versions of net-p2p/bitcoin-qt.
> > Thanks
> 
> done

Looks like 0.8.1  is still in tree.

Comment 10 Anthony Basile gentoo-dev

2013-10-18 18:14:46 UTC

(In reply to Yury German from comment #9)
> (In reply to Anthony Basile from comment #8)
> > (In reply to Sean Amoss from comment #7)
> > > Maintainers, please clean up vulnerable versions of net-p2p/bitcoin-qt.
> > > Thanks
> > 
> > done
> 
> Looks like 0.8.1  is still in tree.

Please check again.  Only net-p2p/bitcoind-0.8.5 and net-p2p/bitcoin-qt-0.8.5 are in the tree.