Re: bitcoind: 0.3.24~dfsg-1~bpo60+1 policy on backports?
I've not got more of the story, every release of bitcoin is BETA currently.
>From doc/README:
Bitcoin 0.3.24 BETA
CC luke+bitcoin@dashjr.org on discussions.
It seams as though packaging this may have been premature as the
software is still in development and Debian would continually have an
outdated version.
What say us about providing security support? It seams that some of the
fixes needed are being kept a secret, though I'm not sure if our source
packages would get the kind of attention that at this point would be
undesirable... Who reads debian/patch files anyway, right?
At the vary least I'd like to see these being tracked, if that's
appropriate.
Thank you.
On 07/22/12 16:55, Mike Mestnik wrote:
> What's the policy(or usual outcome) on security issues in
> squeeze-backports/main?
>
> I'm told that 0.3.24 may be vulnerable to these at the vary least...
> CVE-2012-1909, BIP-0016, CVE-2012-2459, and CVE-2012-3789
>
> https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures
>
> It doesn't look like this version has anything in the way of fixes:
> http://anonscm.debian.org/gitweb/?p=collab-maint/bitcoin.git;a=tree;f=debian/patches;hb=refs/tags/debian/0.3.24_dfsg-1
>
>
Reply to: