Bug#921688: electrum being actively used for phishing
On Tue, 30 Apr 2019 10:59:16 -0400 Sam Hartman wrote: > > I realize that we normally don't care about packages only in sid, but > the version of electrum in sid is apparently only useful to funnel your > bitcoin to attackers. > The issue is that versions prior to 3.3 are vulnerable to mallware, and > as a result all the public servers refuse to talk to the version in sid, > but rogue servers are happy to take your credentials and money. > > The maintainer has not addressed this bug since Feb 7. > > I don't have time to go look into the package and upgrade before leaving > on a trip tomorrow. > > If we can't get this fixed really quick would ftpmaster accept a request > to remove the package? > FTR, I looked at 3.3.4 and it requires 2 new python modules that are not yet in the archive: aiohttp_socks and aiorpcx My work on the package is at https://salsa.debian.org/bigon/electrum
Bug#921688: electrum being actively used for phishing
On 15388 March 1977, Sam Hartman wrote: If we can't get this fixed really quick would ftpmaster accept a request to remove the package? Yes. -- bye, Joerg
Bug#921688: electrum being actively used for phishing
I realize that we normally don't care about packages only in sid, but the version of electrum in sid is apparently only useful to funnel your bitcoin to attackers. The issue is that versions prior to 3.3 are vulnerable to mallware, and as a result all the public servers refuse to talk to the version in sid, but rogue servers are happy to take your credentials and money. The maintainer has not addressed this bug since Feb 7. I don't have time to go look into the package and upgrade before leaving on a trip tomorrow. If we can't get this fixed really quick would ftpmaster accept a request to remove the package? --Sam signature.asc Description: PGP signature
