FS#61729 : [electrum] arbitrary attacker-controlled message dialogs spreading malware

FS#61729 - [electrum] arbitrary attacker-controlled message dialogs spreading malware

Attached to Project: Community Packages
Opened by David Parrish (dmp1ce) - Tuesday, 12 February 2019, 01:16 GMT
Last edited by Santiago Torres (sangy) - Tuesday, 12 February 2019, 04:04 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Christian Rebischke (Shibumi) Levente Polyak (anthraxx)
Architecture	All
Severity	Critical
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description: Electrum has an actively exploited security vulnerability. https://github.com/spesmilo/electrum/issues/4968

A release is out and the package is marked as out-of-date but I was still directed to create an issue from IRC.

Additional info:
* Versions below 3.3.3 are effected.

This task depends upon

Closed by Santiago Torres (sangy)
Tuesday, 12 February 2019, 04:04 GMT
Reason for closing: Fixed
Additional comments about closing: 3.3.3-1 is out

Comment by Allan McRae (Allan) - Tuesday, 12 February 2019, 01:18 GMT

To be clear, this is not a bug about an update. It is a bug about a security issue. However, the maintain can fix this issue via an update.

Comment by Eli Schwartz (eschwartz) - Tuesday, 12 February 2019, 03:03 GMT

Field changed: Summary (Electrum should be updated due to security issue → [electrum] arbitrary attacker-controlled message dialogs spreading malware)
Field changed: Status (Unconfirmed → Assigned)
Field changed: Category (Packages → Security)
Task reassigned to Levente Polyak (anthraxx), Christian Rebischke (Shibumi)

On that note, the bug summary is supposed to stand out enough to be searchable and give an overview of the problem when looking through the bug list. Next time, please use a message that conveys the problem, rather than just mentioning the fact that an update is needed -- it is obvious an update is needed.

Thank you for reporting this security vulnerability. Re-assigning to the Security component for easier tracking.

> I was still directed to create an issue from IRC.

You may be happy to know you can reach the security team at #archlinux-security as well. :)

Comment by Santiago Torres (sangy) - Tuesday, 12 February 2019, 04:04 GMT

3.3.3-1 is out now :)

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#61729 - [electrum] arbitrary attacker-controlled message dialogs spreading malware

Details

Loading...