Index: vuln.xml
===================================================================
--- vuln.xml
+++ vuln.xml
@@ -58,6 +58,36 @@
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="40a844bf-c430-11e8-96dc-000743165db0">
+    <topic>bitcoin -- Denial of Service and Possible Mining Inflation</topic>
+    <affects>
+      <package>
+	<name>bitcoin</name>
+	<name>bitcoin-daemon</name>
+	<range><lt>0.16.3</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Bitcoin Core reports:</p>
+	<blockquote cite="https://bitcoincore.org/en/2018/09/20/notice/">
+	  <p>CVE-2018-17144, a fix for which was released on September 18th in Bitcoin Core versions 0.16.3 and 0.17.0rc4, includes both a Denial of Service component and a critical inflation vulnerability. It was originally reported to several developers working on Bitcoin Core, as well as projects supporting other cryptocurrencies, including ABC and Unlimited on September 17th as a Denial of Service bug only, however we quickly determined that the issue was also an inflation vulnerability with the same root cause and fix.</p>
+	  <p>In order to encourage rapid upgrades, the decision was made to immediately patch and disclose the less serious Denial of Service vulnerability, concurrently with reaching out to miners, businesses, and other affected systems while delaying publication of the full issue to give times for systems to upgrade. On September 20th a post in a public forum reported the full impact and although it was quickly retracted the claim was further circulated.</p>
+	  <p>At this time we believe over half of the Bitcoin hashrate has upgraded to patched nodes. We are unaware of any attempts to exploit this vulnerability.</p>
+	  <p>However, it still remains critical that affected users upgrade and apply the latest patches to ensure no possibility of large reorganizations, mining of invalid blocks, or acceptance of invalid transactions occurs.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://bitcoincore.org/en/2018/09/20/notice/</url>
+      <cvename>CVE-2018-17144</cvename>
+    </references>
+    <dates>
+      <discovery>2018-09-17</discovery>
+      <entry>2018-09-29</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="613193a0-c1b4-11e8-ae2d-54e1ad3d6335">
     <topic>spamassassin -- multiple vulnerabilities</topic>
     <affects>