Vulnerabilities identified in Monero multisignature wallet code
These vulnerabilities affect (i) multisignature wallet creation and (ii) multisignature transaction signing. They can lead to funds being stolen by one of the signing parties.
Until a fix is released, it is not recommended for users to perform any multisignature transaction unless all signing parties can be trusted:
If all signing parties cannot be trusted, no transaction should be attempted. Funds are not at risk if they are not moved and if the wallet-creation process was not abused.
The vulnerabilities were initially disclosed and discussed via the Vulnerability Response Process3.
Update: added link to getmonero.org announcement1.
Update 12/15: multisig fixes PR #8114 submitted (not yet merged)4.