Hi Jonas, On Thu, Nov 26, 2020 at 08:59:11PM +0100, Jonas Smedegaard wrote: > Version: 0.20.1~dfsg-1 > > Quoting Salvatore Bonaccorso (2019-09-06 21:18:30) > > The following vulnerability was published for bitcoin. > > > > CVE-2019-15947[0]: > > | In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted > > | in memory. Upon a crash, it may dump a core file. If a user were to > > | mishandle a core file, an attacker can reconstruct the user's > > | wallet.dat file, including their private keys, via a grep "6231 0500" > > | command. > > > > The severity is a bit exagerated here, but given the package is only > > in testing and unstable, before the buster release this might be > > considered RC and needed to fix. But it's a long road to there. > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > For further information see: > > > > [0] https://security-tracker.debian.org/tracker/CVE-2019-15947 > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15947 > > > > Please adjust the affected versions in the BTS as needed. > > This issue was fixed upstream since Debian release 0.20.1~dfsg-1. > > I forgot to list the CVE in the changelog - that will be solved with > next release.
Okay thanks for the heads-up. I updated the security-tracker data accordingly. Regards, Salvatore
