Delivery-date: Thu, 19 Sep 2024 05:37:23 -0700 Received: from mail-yb1-f184.google.com ([209.85.219.184]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1srGPT-0003IR-0t for bitcoindev@gnusha.org; Thu, 19 Sep 2024 05:37:23 -0700 Received: by mail-yb1-f184.google.com with SMTP id 3f1490d57ef6-e02fff66a83sf1407719276.0 for ; Thu, 19 Sep 2024 05:37:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1726749436; x=1727354236; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:references:in-reply-to:message-id:to:from:date:sender:from :to:cc:subject:date:message-id:reply-to; bh=+GcUYnTzfj/iI0YX/9TVMF9HyEIWlKUTGYdYbotBQvU=; b=BkXrNWmuUnoRfEq6EPtUuZouLd8AuLYH563r+d0bP0fKdUbWZuNRj6M9tdtEFsbeTI HhqTxdgqJk4y9QpC25k+gVARRADNPRZm9/oYgJaRuaHhd+dWHR3u1WGNwb2yArtJz+zp l1CwH4CjpQF/0p0Y7roQcuT9FvE2fPzsieCtqqv+kX6wRGvTgVMzhy1EOivDXTtaUxV/ qF4wUojVgoH0zjhQ5kuiMMlqgUhoryvRYxs6VIJ7ZijZocE9MmZhk7griCrg8h6Yk+kd J4oFfS5zBGip5/Q3WgNpL9dVqxN2XBnmN7tLZIm5+f8K8i6Qua4f9Rp5htGVu6gaivKd 5hwg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726749436; x=1727354236; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:references:in-reply-to:message-id:to:from:date:from:to:cc :subject:date:message-id:reply-to; bh=+GcUYnTzfj/iI0YX/9TVMF9HyEIWlKUTGYdYbotBQvU=; b=RauL8yc3Wy3iwcIc6mZubI/swDpNoloPjMkfIebBNMLMS0HkbvAv/ppNuZB2vubMLn GwZt7KjkXjBWNIeWrXhLRsZown5zDeIXqL6Ybc+YwC6sJ/O5oifh2Ojvaz/Bact9Q14F VnzxP+YTIvyqbNOJW1oaDUYT5m8eXocnETCATKZQ3Srfa1PF6pFpCUOv3SvkhxRuI7mY ZbgT4hwUm8fpQN1EqBmJgZSjLPbBxIbBNWPrrQybgcoFrJ0yWj4iqZsZIL/e6MrIyzuG IiqNMJH7WhQc2Ct14zE9YXbpIvAGr7SDnnInrvZ8T/AxeBKIreQsmzOij3sUPr2dNsG7 qn7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726749436; x=1727354236; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:references:in-reply-to:message-id:to:from:date:x-beenthere :x-gm-message-state:sender:from:to:cc:subject:date:message-id :reply-to; bh=+GcUYnTzfj/iI0YX/9TVMF9HyEIWlKUTGYdYbotBQvU=; b=rGNMJuWlptFimHcHwjyeuHx7RA8hshhu8+zhQz+jiIbMFrmTM+kBG59E9PpmBUE7Ro UEJLjKjUoFqgK6Ce/gIaacgZBw/EWwgMwkT7rLn4Lz+C5oWF/MME143bxO5dYg+lvD1Z p0ssq+h9fb4wwJlc4dctGats2k2YLu1hllOvnuHqF2qQbXla8Hkh6d85y66zQqjEZr0v 8oM72Ej7QwBcNGYNFpVIIWrr5WT4bJlEX+3lnUVqP6Ujz8enW+WcjzDAX4BeHGpYUuuZ scBtkKPRkfhNjUhNT5dUuLCiCMJZOqp2PkOY3YiWndf/n3Kfs4fUA5jJEAI4oDCL8dKK v7gg== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=1; AJvYcCVaKoN+sQRETpUesYmWeKlF/mQ2h3fV41aeXigABqYxZNppTMxfwZSCWan6xL/GNO4YTqJlJphAXuMv@gnusha.org X-Gm-Message-State: AOJu0YzeJlEpMkTDANVKe5tLnd3HZ5frSLTsaavW5HpH1wUtrrYpRjhD kcnuucND85mEHeHbKtR6KDRDXHBwiOR13ot3nm8eI1v3dXFSxLp6 X-Google-Smtp-Source: AGHT+IHxSf+IvhTV9gQW0qBYul1x9GiGltnpq6mMc3iKhxYBYBn2vAf5tix6An6L8IrPi0NIlmr3HQ== X-Received: by 2002:a05:6902:102e:b0:e20:2acb:79b5 with SMTP id 3f1490d57ef6-e202acb7a79mr1416969276.51.1726749436467; Thu, 19 Sep 2024 05:37:16 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com Received: by 2002:a05:6902:1146:b0:e1c:fa56:9b8d with SMTP id 3f1490d57ef6-e2027e60acals1164275276.2.-pod-prod-01-us; Thu, 19 Sep 2024 05:37:14 -0700 (PDT) X-Received: by 2002:a05:690c:6c82:b0:6db:c7d6:8d3c with SMTP id 00721157ae682-6dbc7d68e5emr238300657b3.40.1726749434425; Thu, 19 Sep 2024 05:37:14 -0700 (PDT) Received: by 2002:a81:b302:0:b0:6dd:c9c1:7a16 with SMTP id 00721157ae682-6ddf9c44140ms7b3; Thu, 19 Sep 2024 01:13:00 -0700 (PDT) X-Received: by 2002:a05:690c:6a0f:b0:6dd:1331:8110 with SMTP id 00721157ae682-6dd13319d59mr145863947b3.35.1726733579155; Thu, 19 Sep 2024 01:12:59 -0700 (PDT) Date: Thu, 19 Sep 2024 01:12:58 -0700 (PDT) From: Antoine Riard To: Bitcoin Development Mailing List Message-Id: <950859e2-e548-4361-8e5b-2595c0ed7a43n@googlegroups.com> In-Reply-To: References: Subject: [bitcoindev] Re: Public disclosure of 1 vulnerability affecting Bitcoin Core <24.0.1 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_11462_849771626.1726733578755" X-Original-Sender: antoine.riard@gmail.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.5 (/) ------=_Part_11462_849771626.1726733578755 Content-Type: multipart/alternative; boundary="----=_Part_11463_472927724.1726733578755" ------=_Part_11463_472927724.1726733578755 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Darosior, Thanks for writing the report. "With that, Bitcoin Core no longer relies on having checkpoints to protect= =20 against any known attacks." I think it's good time to get that back on track: https://github.com/bitcoin/bitcoin/pull/25725 As of commit ab0b5706b, it sounds checkpoints are still there. Best, Antoine (the other one) ots hash: e4888dbb9983b541649f66bb23665e25fa22c47deeec5a294cf6e7624911cd07 Le jeudi 19 septembre 2024 =C3=A0 08:27:23 UTC+1, Antoine Poinsot a =C3=A9c= rit : > Hi everyone, > > Today we are releasing 1 security advisory for the Bitcoin Core project.= =20 > This vulnerability affects versions of Bitcoin Core before (and not=20 > including) 24.0.1. > > The details for this vulnerability are available at=20 > https://bitcoincore.org/en/2024/09/18/disclose-headers-oom. > > This is part of the gradual adoption by the project of a new vulnerabilit= y=20 > disclosure policy. The policy is available at=20 > https://bitcoincore.org/en/security-advisories/#policy. We will follow up= =20 > next month with vulnerabilities affecting Bitcoin Core versions before (a= nd=20 > not including) 25.0, if any. > > Antoine Poinsot > --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/= bitcoindev/950859e2-e548-4361-8e5b-2595c0ed7a43n%40googlegroups.com. ------=_Part_11463_472927724.1726733578755 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Darosior,

Thanks for writing the report.

"With tha= t, Bitcoin Core no longer relies on having checkpoints to protect against a= ny known attacks."

I think it's good time to get that back on tr= ack:
https://github.com/bitcoin/bitcoin/pull/25725

As of co= mmit ab0b5706b, it sounds checkpoints are still there.

Best,
Antoine (the other one)
ots hash: e4888dbb9983b541649f66bb23665e25fa= 22c47deeec5a294cf6e7624911cd07

Le jeudi 19 septembre 2024 =C3=A0 08:27:23= UTC+1, Antoine Poinsot a =C3=A9crit=C2=A0:
Hi everyone,

Today we are releasing 1 security advisory for the Bitcoin Core project= . This vulnerability affects versions of Bitcoin Core before (and not inclu= ding) 24.0.1.

The details for this vulnerability are available at https://bitcoincore.org/en/2024/09/18/disclose-headers-oom.

This is part of the gradual adoption by the project of a new vulnerabil= ity disclosure policy. The policy is available at https://bitco= incore.org/en/security-advisories/#policy. We will follow up next month= with vulnerabilities affecting Bitcoin Core versions before (and not inclu= ding) 25.0, if any.

Antoine Poinsot

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg= id/bitcoindev/950859e2-e548-4361-8e5b-2595c0ed7a43n%40googlegroups.com.=
------=_Part_11463_472927724.1726733578755-- ------=_Part_11462_849771626.1726733578755--