Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#61729 - [electrum] arbitrary attacker-controlled message dialogs spreading malware

Attached to Project: Community Packages
Opened by David Parrish (dmp1ce) - Tuesday, 12 February 2019, 01:16 GMT
Last edited by Santiago Torres (sangy) - Tuesday, 12 February 2019, 04:04 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Christian Rebischke (Shibumi)
Levente Polyak (anthraxx)
Architecture All
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description: Electrum has an actively exploited security vulnerability. https://github.com/spesmilo/electrum/issues/4968

A release is out and the package is marked as out-of-date but I was still directed to create an issue from IRC.

Additional info:
* Versions below 3.3.3 are effected.
This task depends upon

Closed by  Santiago Torres (sangy)
Tuesday, 12 February 2019, 04:04 GMT
Reason for closing:  Fixed
Additional comments about closing:  3.3.3-1 is out
Comment by Allan McRae (Allan) - Tuesday, 12 February 2019, 01:18 GMT
To be clear, this is not a bug about an update. It is a bug about a security issue. However, the maintain can fix this issue via an update.
Comment by Eli Schwartz (eschwartz) - Tuesday, 12 February 2019, 03:03 GMT
  • Field changed: Summary (Electrum should be updated due to security issue → [electrum] arbitrary attacker-controlled message dialogs spreading malware)
  • Field changed: Status (Unconfirmed → Assigned)
  • Field changed: Category (Packages → Security)
  • Task reassigned to Levente Polyak (anthraxx), Christian Rebischke (Shibumi)
On that note, the bug summary is supposed to stand out enough to be searchable and give an overview of the problem when looking through the bug list. Next time, please use a message that conveys the problem, rather than just mentioning the fact that an update is needed -- it is obvious an update is needed.

Thank you for reporting this security vulnerability. Re-assigning to the Security component for easier tracking.

> I was still directed to create an issue from IRC.

You may be happy to know you can reach the security team at #archlinux-security as well. :)
Comment by Santiago Torres (sangy) - Tuesday, 12 February 2019, 04:04 GMT
3.3.3-1 is out now :)

Loading...