Bug 1532033

Summary: Accelerate bodhi update process for high risk bug
Product: [Fedora] Fedora Reporter: Germano Massullo <germano.massullo>
Component: electron-cashAssignee: Jonny Heggheim <hegjon>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 27CC: germano.massullo, hegjon
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: electron-cash-3.1.1-1.fc27 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-01-08 03:18:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Germano Massullo 2018-01-07 14:40:50 UTC 
Description of problem:
https://github.com/fyookball/electrum/commit/f98955aa9594954669e1cbcc058435baf04af459
already in release 3.1.1, fixes a bug that allows any website to steal bitcoins.

Update
https://bodhi.fedoraproject.org/updates/FEDORA-2018-858f432a2d
fixes it, but since it is a very urgent update it should be marked with attributes:

- Type: security;
- Severity: urgent;
- Stable karma: 1.

Please edit the update in such way to shorten the amount of days the package should stay in updates-testing repository before it can be pushed to stable repository
Comment 1 Germano Massullo 2018-01-07 14:41:25 UTC 
Thanks to Tavis Ormandy and TheZero (developer of KeepassXC)
Comment 2 Jonny Heggheim 2018-01-07 22:45:50 UTC 
Thanks, will do it now. Do you know if this bug exists in 3.0?
Comment 3 Jonny Heggheim 2018-01-07 22:47:46 UTC 
(In reply to Germano Massullo from comment #0) 
> Update
> https://bodhi.fedoraproject.org/updates/FEDORA-2018-858f432a2d
> fixes it, but since it is a very urgent update it should be marked with
> attributes:

FEDORA-2018-858f432a2d is for upgrading to 3.1 not 3.1.1
Comment 4 Jonny Heggheim 2018-01-07 22:57:27 UTC 
Looks like Electrum have the same issue https://bitcointalk.org/index.php?topic=2702103.0
Comment 5 Fedora Update System 2018-01-07 23:03:21 UTC 
electron-cash-3.1.1-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-f0ee5b818d
Comment 6 Germano Massullo 2018-01-07 23:53:06 UTC 
(In reply to Jonny Heggheim from comment #3)
> (In reply to Germano Massullo from comment #0) 
> > Update
> > https://bodhi.fedoraproject.org/updates/FEDORA-2018-858f432a2d
> > fixes it, but since it is a very urgent update it should be marked with
> > attributes:
> 
> FEDORA-2018-858f432a2d is for upgrading to 3.1 not 3.1.1

Ah, you are right
Comment 7 Germano Massullo 2018-01-07 23:53:35 UTC 
(In reply to Jonny Heggheim from comment #2)
> Thanks, will do it now. Do you know if this bug exists in 3.0?

it does
Comment 8 Fedora Update System 2018-01-08 03:18:08 UTC 
electron-cash-3.1.1-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
Comment 9 Jonny Heggheim 2018-01-09 19:17:43 UTC 
There have been another security update, are you able to test that too?

https://bodhi.fedoraproject.org/updates/electron-cash-3.1.2-1.fc27