Package: bitcoind, bitcoin-qt Version: 0.3.24 I found this via <URL: https://security-tracker.debian.org/tracker/CVE-2013-2293 >, and report it here to make sure the package maintainers are aware of the issue, and to get a place to track its status in Debian. It is one of four open CVEs listed in the security tracker. Setting the version found to the one in the stable backport archive. The issue should also be present in the package available in unstable (0.7.2).
This is the problem description: The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before 0.8.0rc1 copies transactions from disk to memory without incrementally checking for spent prevouts, which allows remote attackers to cause a denial of service (disk I/O consumption) via a Bitcoin transaction with many inputs corresponding to many different parts of the stored block chain. I expect the issue is fixed in 0.8.1 in experimental. -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
