Package: electrum Version: 3.1.3-1~bpo9+1 Severity: important Dear Maintainer,
Having the fact that all versions of Electrum older than 3.3.3 are vulnerable to a phishing attack (https://github.com/spesmilo/electrum/issues/4968 also warning on http://electrum.org), where malicious servers ask users to download bitcoin-stealing malware, why are we still on 3.1.3 branch on Debian Stable? I think Electrum packages on all Debian versions should be updated urgently. It's almost impossible to use this software, because every time we try to make a transaction, a phinshing server asks us to download a fresh version of electrum from a fake domain. Please consider moving to 3.3.4 on Debian Stable and Sid, since it's not a software that requires compilation, it shouldn't be a big mess to upgrade. -- System Information: Debian Release: 9.8 APT prefers stable APT policy: (900, 'stable'), (500, 'trusty-security'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages electrum depends on: ii python3 3.5.3-1 ii python3-electrum 3.1.3-1~bpo9+1 Versions of packages electrum recommends: ii python3-pyqt5 5.7+dfsg-5 Versions of packages electrum suggests: pn python3-btchip <none> pn python3-trezor <none> pn python3-zbar <none> -- no debconf information
