CVE-2018-20587: Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port.
CVE-2019-15947: In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's wallet.dat file, including their private keys, via a grep "6231 0500" command.
Please fix them.
The package has not entered testing even though the delay is over
normal
The package has not entered testing even though the 5-day delay is over.Check why.
Depends on packages which need a new maintainer
normal
The packages that bitcoin depends on which need a new maintainer are:
Standards version of the package is outdated.
wishlist
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.4.1 instead of
4.4.0).
testing migrations
This package will soon be part of the auto-protobuf transition. You might want to ensure that your package is ready for it.
You can probably find supplementary information in the
debian-release
archives or in the corresponding
release.debian.org
bug.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/b/bitcoin.png){kind=link}