Your message dated Tue, 18 Dec 2012 00:47:30 +0000 with message-id <e1tkllg-0002mo...@franck.debian.org> and subject line Bug#688813: fixed in bitcoin 0.7.2-1 has caused the Debian Bug report #688813, regarding bitcoind: CVE-2012-4683 and CVE-2012-4682 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 688813: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688813 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: bitcoind Severity: grave Tags: security Justification: user security hole Hi, it seems that two DoS CVEs were allocated for bitcoind, although it's not clear how it's affected, nor if there's a patch or anything. The only detail I was able to get was https://en.bitcoin.it/wiki/CVE. Could you please investigate with upstream and fix this? As bitcoind is not in Squeeze nor Wheezy, you should be able to upload a fix to unstable without issue. Regards, -- Yves-Alexis -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-grsec-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---Source: bitcoin Source-Version: 0.7.2-1 We believe that the bug you reported is fixed in the latest version of bitcoin, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 688...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jonas Smedegaard <d...@jones.dk> (supplier of updated bitcoin package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 10 Nov 2012 23:22:04 +0100 Source: bitcoin Binary: bitcoind Architecture: source i386 Version: 0.7.2-1 Distribution: unstable Urgency: low Maintainer: Debian Bitcoin Packaging Team <pkg-bitcoin-de...@lists.alioth.debian.org> Changed-By: Jonas Smedegaard <d...@jones.dk> Description: bitcoind - peer-to-peer network based digital currency - daemon Closes: 660286 677524 682676 688813 689917 Changes: bitcoin (0.7.2-1) unstable; urgency=low . * New upstream source. (Closes: #689917) - DoS vulnerabillities: CVE-2012-3789 closed (Closes: #682676) CVE-2012-4683 and CVE-2012-4682 closed (Closes: #688813) - Block database no longer stored alongside wallet.dat (Closes: #660286) . [ Jonas Smedegaard ] * Update watch file to directly use github.com (not githubredir.debian.net). * Update copyright file: + Update list of main upstream authors. + Drop obsolete Files section for sha256.cpp. + Add Files section for newly introduced bash-completion. + Fix use pseudo-comment section to obey silly restrictions of copyright format 1.0. * Bump debhelper compatibility level to 8. * Update package relations: + Relax to build-depend unversioned on cdbs: Needed version satisfied in stable, and oldstable no longer supported. . [ Scott Howard ] * debian/control - Changed maintainer to: Debian Bitcoin Packaging Team * Added myself as uploader. * Enabled parallel building DEB_BUILD_PARALLEL * Updated debian/control description of bitcoind to state that the blockchain now is "several GB" large (Closes: #677524) Checksums-Sha1: 0211e6800ff875b34ebe0c3e9eacf9aacba6a43f 1826 bitcoin_0.7.2-1.dsc 6afb648f273a52934a65d8a127a08dccdb74db48 1643002 bitcoin_0.7.2.orig.tar.gz 4462afc41ae2fa1cec1e7ef104fb03047b46c08f 24924 bitcoin_0.7.2-1.debian.tar.gz d9df75dcf61fda6bd6749eeb3c6bc3d53ab829a0 882784 bitcoind_0.7.2-1_i386.deb Checksums-Sha256: 580c8ce6d4b5a1d4878a18d7a251ebe66f7103d5b5b684d2887b22460292b640 1826 bitcoin_0.7.2-1.dsc 510e12608251b8f361595a6dcb0308db9cfc7b7c33b2fafa4fc4e5b9541b60d3 1643002 bitcoin_0.7.2.orig.tar.gz e87247c0f7c07818665e6b2bc107066b8b02bad4b48fffc45d52cc98fb7a6c53 24924 bitcoin_0.7.2-1.debian.tar.gz 055600a684a53645ed0c837e0c84f4c25002e7ab04de314bcff528df1ac2931c 882784 bitcoind_0.7.2-1_i386.deb Files: b02e494d30df55b851d86aa06328403e 1826 utils optional bitcoin_0.7.2-1.dsc e019911ef8c6d7c33915560e98c188a5 1643002 utils optional bitcoin_0.7.2.orig.tar.gz 8b79a84cc9691f2606d8be71ee110b72 24924 utils optional bitcoin_0.7.2-1.debian.tar.gz c4bf544c793805bb4f98701ef8a1f95e 882784 utils optional bitcoind_0.7.2-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAlDPuP4ACgkQuqVp0MvxKmolAwCgnKmZ0M3NwX+WRpJIXeinkkha v/0AoJPJMJSQjrh8+HeMHyNFLJc4064n =cs6B -----END PGP SIGNATURE-----
--- End Message ---
