CVE-2013-5700 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5700): The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x before 0.8.4rc1 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted sequence of messages.
GLSA vote (for this and bugs 435216, 482970, 484134): no. @maintainers: please clean affected. 0.6.* needs to be cleaned or 0.6.5rc4 needs to be added and stabilized wrt bug 482970, <0.8.4 needs to be cleaned.
GLSA vote: no Waiting for cleanup
I cleaned up net-p2p/bincoind but we need bitcoin-qt-0.8.5 stabized for amd64, arm and x86. I'm cc-in the arches.
amd64 stable
x86 stable
arm stable
Maintainers, please clean up vulnerable versions of net-p2p/bitcoin-qt. Thanks
(In reply to Sean Amoss from comment #7) > Maintainers, please clean up vulnerable versions of net-p2p/bitcoin-qt. > Thanks done
(In reply to Anthony Basile from comment #8) > (In reply to Sean Amoss from comment #7) > > Maintainers, please clean up vulnerable versions of net-p2p/bitcoin-qt. > > Thanks > > done Looks like 0.8.1 is still in tree.
(In reply to Yury German from comment #9) > (In reply to Anthony Basile from comment #8) > > (In reply to Sean Amoss from comment #7) > > > Maintainers, please clean up vulnerable versions of net-p2p/bitcoin-qt. > > > Thanks > > > > done > > Looks like 0.8.1 is still in tree. Please check again. Only net-p2p/bitcoind-0.8.5 and net-p2p/bitcoin-qt-0.8.5 are in the tree.