* CVE-2020-26265 A consensus-vulnerability in Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain. https://github.com/ethereum/go-ethereum/security/advisories/GHSA-xw37-57qp-9mm4 * CVE-2020-26264 A DoS vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. https://github.com/ethereum/go-ethereum/security/advisories/GHSA-r33q-22hv-j29q * CVE-2020-26242 Denial-of-service (crash) during block processing. https://github.com/ethereum/go-ethereum/security/advisories/GHSA-jm5c-rv3w-w83m * CVE-2020-26241 This is a Consensus vulnerability, which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. https://github.com/ethereum/go-ethereum/security/advisories/GHSA-69v6-xc2j-r2jf * CVE-2020-26240 An ethash mining DAG generation flaw in Geth could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p
Please bump.
Ping Mathy.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=77ec64563bbc2f428e016c006004cf033e54abc4 commit 77ec64563bbc2f428e016c006004cf033e54abc4 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-03-05 17:56:31 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-03-05 17:57:16 +0000 net-p2p/go-ethereum: (security) bump to 1.10.0 Bug: https://bugs.gentoo.org/760108 Closes: https://bugs.gentoo.org/757096 Signed-off-by: Sam James <sam@gentoo.org> net-p2p/go-ethereum/Manifest | 492 ++++++++++++++++++ net-p2p/go-ethereum/go-ethereum-1.10.0.ebuild | 720 ++++++++++++++++++++++++++ 2 files changed, 1212 insertions(+)
Tree clean, all done!