Your message dated Sat, 07 Sep 2019 12:35:32 +0000 with message-id <e1i6zwc-0001cc...@fasolo.debian.org> and subject line Bug#921688: fixed in electrum 3.3.8-0.1 has caused the Debian Bug report #921688, regarding Electrum vulnerable to malware to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 921688: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921688 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: electrum Version: 3.1.3-1~bpo9+1 When electrum connects to certain malicious servers they issue a warning message telling the user to upgrade by following a phishing link. The link prompts the user to enter their credentials and install malware which results in the loss of all their funds. A new version of electrum has been realeased to address these problems. The issue is being discussed here: https://github.com/spesmilo/electrum/issues/4968 complete with screenshots of the phishing messages. Given the severity and urgency of this exploit, the appropriate new version should be added to the official Debian repos ASAP to avoid further attacks on users. I am using Debian GNU/Linux 9 (stretch) 64-bit Kernel 4.9.0-8-amd64
--- End Message ---
--- Begin Message ---Source: electrum Source-Version: 3.3.8-0.1 We believe that the bug you reported is fixed in the latest version of electrum, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 921...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laurent Bigonville <bi...@debian.org> (supplier of updated electrum package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 07 Sep 2019 10:34:31 +0200 Source: electrum Architecture: source Version: 3.3.8-0.1 Distribution: unstable Urgency: medium Maintainer: Tristan Seligmann <mithra...@debian.org> Changed-By: Laurent Bigonville <bi...@debian.org> Closes: 912042 913760 921688 Changes: electrum (3.3.8-0.1) unstable; urgency=medium . * Non-maintainer upload. * New upstream release. - Fix critical vulnerability allowing certain malicious servers to display fishing messages to the user (Closes: #921688) - debian/control: Update the build-dependencies * debian/rules: Stop calling pyrcc5, this is not needed anymore * Do not move files in debian/rules but use debian/*.install files * debian/control: Add proper Breaks/Replaces for electrum.png being moved between packages (Closes: #912042) * debian/control: revealer plugin seems to explicitly use "DejaVu Sans Mono" font, recommend fonts-dejavu-core accordingly. Do not delete SourceSansPro-Bold.otf font anymore as it's also explicitly used, but not part of any public font package * debian/control: Bump Standards-Version to 4.4.0 (no further changes) * debian/control: Add libsecp256k1-0 to the Recommends, it is used to speed up elliptic curve operations (Closes: #913760) Checksums-Sha1: 30ab85cf823ec41c691a2af9f1b487095ac40081 2125 electrum_3.3.8-0.1.dsc c95621c6b39618ed7c1edcc462c4bae2731903f2 8973635 electrum_3.3.8.orig.tar.gz 64559f7ac5c56d0dd21461d6a35b80aa24601778 833 electrum_3.3.8.orig.tar.gz.asc 11c52a2d6442994a8e9e8094d9272da53d0c8df4 15696 electrum_3.3.8-0.1.debian.tar.xz dda51da773226074fdd5146a16da8cbd0f2e4f06 14324 electrum_3.3.8-0.1_source.buildinfo Checksums-Sha256: 997dd541ccaaa0ebb0824515fbc6adc84158dba05ad0ee085e0b29881b751afc 2125 electrum_3.3.8-0.1.dsc af9206f397fb5f5e8d3f6e3a9f8b0db1389e1d147c88a6feba73c83f87ae1b0a 8973635 electrum_3.3.8.orig.tar.gz b9499cd93b4c1d17e34da88d200ab21cf76a987a5820345c3604864ce88fbe3b 833 electrum_3.3.8.orig.tar.gz.asc 44854b78684e4ba21b8fb703e81f548a9498a074b950c0af9f0e127eb293b771 15696 electrum_3.3.8-0.1.debian.tar.xz 18828ad1ba668b43577132410645015ca541571289557e5a914d59aee2d640af 14324 electrum_3.3.8-0.1_source.buildinfo Files: 3d4b1cf9bc0e787d6ef42950bf5d6078 2125 utils optional electrum_3.3.8-0.1.dsc a49a76d019afa88a683932642b53aa63 8973635 utils optional electrum_3.3.8.orig.tar.gz c4937b121ac5b72cfc0907b3812e54fc 833 utils optional electrum_3.3.8.orig.tar.gz.asc c38df56060beb6378d2af4535e611ee8 15696 utils optional electrum_3.3.8-0.1.debian.tar.xz 371322010beb2ae15afce7bf6ea4ecb5 14324 utils optional electrum_3.3.8-0.1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFFBAEBCAAvFiEEmRrdqQAhuF2x31DwH8WJHrqwQ9UFAl1zbCcRHGJpZ29uQGRl Ymlhbi5vcmcACgkQH8WJHrqwQ9WfdQf/cgJSS9PRwKZuXuJ9pC8hZcXqU/5v3ruK RTB4kWQtEW6Rd+0lEeqtr0FcIqsfypU9xAcA0JEItznkN5IaHgaJNDYLc33YtcrG 6B/O33UPXRZ5gsgK641uWrZZnR6nvxHniPOsGfs5Zs8dTigQF96i/Xp+lRyFd7a6 LWS7K3/YtXCcOaUBOmORE2HUS0IXn5G566DOA7cH3r0fL0t+tHIsZJZT2wjStyv8 2LFtboxuGenzAbRk3pfHpTuaEixCKkIGCrFWAFDIWAXlZiCsWEtxeYcVgWo0g7kt LgY864KPs8j1SXka25okO9ab1DVVSly7m0O80naU2mRv0esOpqzaAg== =DfM9 -----END PGP SIGNATURE-----
--- End Message ---
