Delivery-date: Thu, 19 Sep 2024 05:37:23 -0700 Received: from mail-yb1-f184.google.com ([209.85.219.184]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from <bitcoindev+bncBC3PT7FYWAMRB6VVWC3QMGQEGMI54BY@googlegroups.com>) id 1srGPT-0003IR-0t for bitcoindev@gnusha.org; Thu, 19 Sep 2024 05:37:23 -0700 Received: by mail-yb1-f184.google.com with SMTP id 3f1490d57ef6-e02fff66a83sf1407719276.0 for <bitcoindev@gnusha.org>; Thu, 19 Sep 2024 05:37:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1726749436; x=1727354236; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:references:in-reply-to:message-id:to:from:date:sender:from :to:cc:subject:date:message-id:reply-to; bh=+GcUYnTzfj/iI0YX/9TVMF9HyEIWlKUTGYdYbotBQvU=; b=BkXrNWmuUnoRfEq6EPtUuZouLd8AuLYH563r+d0bP0fKdUbWZuNRj6M9tdtEFsbeTI HhqTxdgqJk4y9QpC25k+gVARRADNPRZm9/oYgJaRuaHhd+dWHR3u1WGNwb2yArtJz+zp l1CwH4CjpQF/0p0Y7roQcuT9FvE2fPzsieCtqqv+kX6wRGvTgVMzhy1EOivDXTtaUxV/ qF4wUojVgoH0zjhQ5kuiMMlqgUhoryvRYxs6VIJ7ZijZocE9MmZhk7griCrg8h6Yk+kd J4oFfS5zBGip5/Q3WgNpL9dVqxN2XBnmN7tLZIm5+f8K8i6Qua4f9Rp5htGVu6gaivKd 5hwg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1726749436; x=1727354236; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:references:in-reply-to:message-id:to:from:date:from:to:cc :subject:date:message-id:reply-to; bh=+GcUYnTzfj/iI0YX/9TVMF9HyEIWlKUTGYdYbotBQvU=; b=RauL8yc3Wy3iwcIc6mZubI/swDpNoloPjMkfIebBNMLMS0HkbvAv/ppNuZB2vubMLn GwZt7KjkXjBWNIeWrXhLRsZown5zDeIXqL6Ybc+YwC6sJ/O5oifh2Ojvaz/Bact9Q14F VnzxP+YTIvyqbNOJW1oaDUYT5m8eXocnETCATKZQ3Srfa1PF6pFpCUOv3SvkhxRuI7mY ZbgT4hwUm8fpQN1EqBmJgZSjLPbBxIbBNWPrrQybgcoFrJ0yWj4iqZsZIL/e6MrIyzuG IiqNMJH7WhQc2Ct14zE9YXbpIvAGr7SDnnInrvZ8T/AxeBKIreQsmzOij3sUPr2dNsG7 qn7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726749436; x=1727354236; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:references:in-reply-to:message-id:to:from:date:x-beenthere :x-gm-message-state:sender:from:to:cc:subject:date:message-id :reply-to; bh=+GcUYnTzfj/iI0YX/9TVMF9HyEIWlKUTGYdYbotBQvU=; b=rGNMJuWlptFimHcHwjyeuHx7RA8hshhu8+zhQz+jiIbMFrmTM+kBG59E9PpmBUE7Ro UEJLjKjUoFqgK6Ce/gIaacgZBw/EWwgMwkT7rLn4Lz+C5oWF/MME143bxO5dYg+lvD1Z p0ssq+h9fb4wwJlc4dctGats2k2YLu1hllOvnuHqF2qQbXla8Hkh6d85y66zQqjEZr0v 8oM72Ej7QwBcNGYNFpVIIWrr5WT4bJlEX+3lnUVqP6Ujz8enW+WcjzDAX4BeHGpYUuuZ scBtkKPRkfhNjUhNT5dUuLCiCMJZOqp2PkOY3YiWndf/n3Kfs4fUA5jJEAI4oDCL8dKK v7gg== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=1; AJvYcCVaKoN+sQRETpUesYmWeKlF/mQ2h3fV41aeXigABqYxZNppTMxfwZSCWan6xL/GNO4YTqJlJphAXuMv@gnusha.org X-Gm-Message-State: AOJu0YzeJlEpMkTDANVKe5tLnd3HZ5frSLTsaavW5HpH1wUtrrYpRjhD kcnuucND85mEHeHbKtR6KDRDXHBwiOR13ot3nm8eI1v3dXFSxLp6 X-Google-Smtp-Source: AGHT+IHxSf+IvhTV9gQW0qBYul1x9GiGltnpq6mMc3iKhxYBYBn2vAf5tix6An6L8IrPi0NIlmr3HQ== X-Received: by 2002:a05:6902:102e:b0:e20:2acb:79b5 with SMTP id 3f1490d57ef6-e202acb7a79mr1416969276.51.1726749436467; Thu, 19 Sep 2024 05:37:16 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com Received: by 2002:a05:6902:1146:b0:e1c:fa56:9b8d with SMTP id 3f1490d57ef6-e2027e60acals1164275276.2.-pod-prod-01-us; Thu, 19 Sep 2024 05:37:14 -0700 (PDT) X-Received: by 2002:a05:690c:6c82:b0:6db:c7d6:8d3c with SMTP id 00721157ae682-6dbc7d68e5emr238300657b3.40.1726749434425; Thu, 19 Sep 2024 05:37:14 -0700 (PDT) Received: by 2002:a81:b302:0:b0:6dd:c9c1:7a16 with SMTP id 00721157ae682-6ddf9c44140ms7b3; Thu, 19 Sep 2024 01:13:00 -0700 (PDT) X-Received: by 2002:a05:690c:6a0f:b0:6dd:1331:8110 with SMTP id 00721157ae682-6dd13319d59mr145863947b3.35.1726733579155; Thu, 19 Sep 2024 01:12:59 -0700 (PDT) Date: Thu, 19 Sep 2024 01:12:58 -0700 (PDT) From: Antoine Riard <antoine.riard@gmail.com> To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com> Message-Id: <950859e2-e548-4361-8e5b-2595c0ed7a43n@googlegroups.com> In-Reply-To: <WhFGS_EOQtdGWTKD1oqSujp1GW-v_ZUJemlNePPGaGBgzpmu6ThpqLwJpUVei85OiMu_xxjEzt_SeOWY7547C72BVISLENOd_qrdCwPajgk=@protonmail.com> References: <WhFGS_EOQtdGWTKD1oqSujp1GW-v_ZUJemlNePPGaGBgzpmu6ThpqLwJpUVei85OiMu_xxjEzt_SeOWY7547C72BVISLENOd_qrdCwPajgk=@protonmail.com> Subject: [bitcoindev] Re: Public disclosure of 1 vulnerability affecting Bitcoin Core <24.0.1 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_11462_849771626.1726733578755" X-Original-Sender: antoine.riard@gmail.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: <bitcoindev.googlegroups.com> X-Google-Group-Id: 786775582512 List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com> List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com> List-Archive: <https://groups.google.com/group/bitcoindev List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com> List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>, <https://groups.google.com/group/bitcoindev/subscribe> X-Spam-Score: -0.5 (/) ------=_Part_11462_849771626.1726733578755 Content-Type: multipart/alternative; boundary="----=_Part_11463_472927724.1726733578755" ------=_Part_11463_472927724.1726733578755 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Darosior, Thanks for writing the report. "With that, Bitcoin Core no longer relies on having checkpoints to protect= =20 against any known attacks." I think it's good time to get that back on track: https://github.com/bitcoin/bitcoin/pull/25725 As of commit ab0b5706b, it sounds checkpoints are still there. Best, Antoine (the other one) ots hash: e4888dbb9983b541649f66bb23665e25fa22c47deeec5a294cf6e7624911cd07 Le jeudi 19 septembre 2024 =C3=A0 08:27:23 UTC+1, Antoine Poinsot a =C3=A9c= rit : > Hi everyone, > > Today we are releasing 1 security advisory for the Bitcoin Core project.= =20 > This vulnerability affects versions of Bitcoin Core before (and not=20 > including) 24.0.1. > > The details for this vulnerability are available at=20 > https://bitcoincore.org/en/2024/09/18/disclose-headers-oom. > > This is part of the gradual adoption by the project of a new vulnerabilit= y=20 > disclosure policy. The policy is available at=20 > https://bitcoincore.org/en/security-advisories/#policy. We will follow up= =20 > next month with vulnerabilities affecting Bitcoin Core versions before (a= nd=20 > not including) 25.0, if any. > > Antoine Poinsot > --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/= bitcoindev/950859e2-e548-4361-8e5b-2595c0ed7a43n%40googlegroups.com. ------=_Part_11463_472927724.1726733578755 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Darosior,<br /><br />Thanks for writing the report.<br /><br />"With tha= t, Bitcoin Core no longer relies on having checkpoints to protect against a= ny known attacks."<br /><br />I think it's good time to get that back on tr= ack:<br />https://github.com/bitcoin/bitcoin/pull/25725<br /><br />As of co= mmit ab0b5706b, it sounds checkpoints are still there.<br /><br />Best,<br = />Antoine (the other one)<br />ots hash: e4888dbb9983b541649f66bb23665e25fa= 22c47deeec5a294cf6e7624911cd07<br /><br /><div class=3D"gmail_quote"><div d= ir=3D"auto" class=3D"gmail_attr">Le jeudi 19 septembre 2024 =C3=A0 08:27:23= UTC+1, Antoine Poinsot a =C3=A9crit=C2=A0:<br/></div><blockquote class=3D"= gmail_quote" style=3D"margin: 0 0 0 0.8ex; border-left: 1px solid rgb(204, = 204, 204); padding-left: 1ex;">Hi everyone, <br> <br>Today we are releasing 1 security advisory for the Bitcoin Core project= . This vulnerability affects versions of Bitcoin Core before (and not inclu= ding) 24.0.1. <br> <br>The details for this vulnerability are available at <a href=3D"https://= bitcoincore.org/en/2024/09/18/disclose-headers-oom" target=3D"_blank" rel= =3D"nofollow" data-saferedirecturl=3D"https://www.google.com/url?hl=3Dfr&am= p;q=3Dhttps://bitcoincore.org/en/2024/09/18/disclose-headers-oom&source= =3Dgmail&ust=3D1726818482230000&usg=3DAOvVaw1BJzRNP4tEcM851k20aKGu"= >https://bitcoincore.org/en/2024/09/18/disclose-headers-oom</a>. <br> <br>This is part of the gradual adoption by the project of a new vulnerabil= ity disclosure policy. The policy is available at <a href=3D"https://bitcoi= ncore.org/en/security-advisories/#policy" target=3D"_blank" rel=3D"nofollow= " data-saferedirecturl=3D"https://www.google.com/url?hl=3Dfr&q=3Dhttps:= //bitcoincore.org/en/security-advisories/%23policy&source=3Dgmail&u= st=3D1726818482230000&usg=3DAOvVaw0CcRt0WgDJeM3A9srnlS8x">https://bitco= incore.org/en/security-advisories/#policy</a>. We will follow up next month= with vulnerabilities affecting Bitcoin Core versions before (and not inclu= ding) 25.0, if any. <br> <br>Antoine Poinsot <br></blockquote></div> <p></p> -- <br /> You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.<br /> To unsubscribe from this group and stop receiving emails from it, send an e= mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind= ev+unsubscribe@googlegroups.com</a>.<br /> To view this discussion on the web visit <a href=3D"https://groups.google.c= om/d/msgid/bitcoindev/950859e2-e548-4361-8e5b-2595c0ed7a43n%40googlegroups.= com?utm_medium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msg= id/bitcoindev/950859e2-e548-4361-8e5b-2595c0ed7a43n%40googlegroups.com</a>.= <br /> ------=_Part_11463_472927724.1726733578755-- ------=_Part_11462_849771626.1726733578755--