Description of problem: https://github.com/fyookball/electrum/commit/f98955aa9594954669e1cbcc058435baf04af459 already in release 3.1.1, fixes a bug that allows any website to steal bitcoins. Update https://bodhi.fedoraproject.org/updates/FEDORA-2018-858f432a2d fixes it, but since it is a very urgent update it should be marked with attributes: - Type: security; - Severity: urgent; - Stable karma: 1. Please edit the update in such way to shorten the amount of days the package should stay in updates-testing repository before it can be pushed to stable repository
Thanks to Tavis Ormandy and TheZero (developer of KeepassXC)
Thanks, will do it now. Do you know if this bug exists in 3.0?
(In reply to Germano Massullo from comment #0) > Update > https://bodhi.fedoraproject.org/updates/FEDORA-2018-858f432a2d > fixes it, but since it is a very urgent update it should be marked with > attributes: FEDORA-2018-858f432a2d is for upgrading to 3.1 not 3.1.1
Looks like Electrum have the same issue https://bitcointalk.org/index.php?topic=2702103.0
electron-cash-3.1.1-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-f0ee5b818d
(In reply to Jonny Heggheim from comment #3) > (In reply to Germano Massullo from comment #0) > > Update > > https://bodhi.fedoraproject.org/updates/FEDORA-2018-858f432a2d > > fixes it, but since it is a very urgent update it should be marked with > > attributes: > > FEDORA-2018-858f432a2d is for upgrading to 3.1 not 3.1.1 Ah, you are right
(In reply to Jonny Heggheim from comment #2) > Thanks, will do it now. Do you know if this bug exists in 3.0? it does
electron-cash-3.1.1-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
There have been another security update, are you able to test that too? https://bodhi.fedoraproject.org/updates/electron-cash-3.1.2-1.fc27