Delivery-date: Thu, 19 Sep 2024 05:37:23 -0700
Received: from mail-yb1-f184.google.com ([209.85.219.184])
	by mail.fairlystable.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <bitcoindev+bncBC3PT7FYWAMRB6VVWC3QMGQEGMI54BY@googlegroups.com>)
	id 1srGPT-0003IR-0t
	for bitcoindev@gnusha.org; Thu, 19 Sep 2024 05:37:23 -0700
Received: by mail-yb1-f184.google.com with SMTP id 3f1490d57ef6-e02fff66a83sf1407719276.0
        for <bitcoindev@gnusha.org>; Thu, 19 Sep 2024 05:37:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1726749436; x=1727354236; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:sender:from
         :to:cc:subject:date:message-id:reply-to;
        bh=+GcUYnTzfj/iI0YX/9TVMF9HyEIWlKUTGYdYbotBQvU=;
        b=BkXrNWmuUnoRfEq6EPtUuZouLd8AuLYH563r+d0bP0fKdUbWZuNRj6M9tdtEFsbeTI
         HhqTxdgqJk4y9QpC25k+gVARRADNPRZm9/oYgJaRuaHhd+dWHR3u1WGNwb2yArtJz+zp
         l1CwH4CjpQF/0p0Y7roQcuT9FvE2fPzsieCtqqv+kX6wRGvTgVMzhy1EOivDXTtaUxV/
         qF4wUojVgoH0zjhQ5kuiMMlqgUhoryvRYxs6VIJ7ZijZocE9MmZhk7griCrg8h6Yk+kd
         J4oFfS5zBGip5/Q3WgNpL9dVqxN2XBnmN7tLZIm5+f8K8i6Qua4f9Rp5htGVu6gaivKd
         5hwg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1726749436; x=1727354236; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:from:to:cc
         :subject:date:message-id:reply-to;
        bh=+GcUYnTzfj/iI0YX/9TVMF9HyEIWlKUTGYdYbotBQvU=;
        b=RauL8yc3Wy3iwcIc6mZubI/swDpNoloPjMkfIebBNMLMS0HkbvAv/ppNuZB2vubMLn
         GwZt7KjkXjBWNIeWrXhLRsZown5zDeIXqL6Ybc+YwC6sJ/O5oifh2Ojvaz/Bact9Q14F
         VnzxP+YTIvyqbNOJW1oaDUYT5m8eXocnETCATKZQ3Srfa1PF6pFpCUOv3SvkhxRuI7mY
         ZbgT4hwUm8fpQN1EqBmJgZSjLPbBxIbBNWPrrQybgcoFrJ0yWj4iqZsZIL/e6MrIyzuG
         IiqNMJH7WhQc2Ct14zE9YXbpIvAGr7SDnnInrvZ8T/AxeBKIreQsmzOij3sUPr2dNsG7
         qn7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1726749436; x=1727354236;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:x-beenthere
         :x-gm-message-state:sender:from:to:cc:subject:date:message-id
         :reply-to;
        bh=+GcUYnTzfj/iI0YX/9TVMF9HyEIWlKUTGYdYbotBQvU=;
        b=rGNMJuWlptFimHcHwjyeuHx7RA8hshhu8+zhQz+jiIbMFrmTM+kBG59E9PpmBUE7Ro
         UEJLjKjUoFqgK6Ce/gIaacgZBw/EWwgMwkT7rLn4Lz+C5oWF/MME143bxO5dYg+lvD1Z
         p0ssq+h9fb4wwJlc4dctGats2k2YLu1hllOvnuHqF2qQbXla8Hkh6d85y66zQqjEZr0v
         8oM72Ej7QwBcNGYNFpVIIWrr5WT4bJlEX+3lnUVqP6Ujz8enW+WcjzDAX4BeHGpYUuuZ
         scBtkKPRkfhNjUhNT5dUuLCiCMJZOqp2PkOY3YiWndf/n3Kfs4fUA5jJEAI4oDCL8dKK
         v7gg==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=1; AJvYcCVaKoN+sQRETpUesYmWeKlF/mQ2h3fV41aeXigABqYxZNppTMxfwZSCWan6xL/GNO4YTqJlJphAXuMv@gnusha.org
X-Gm-Message-State: AOJu0YzeJlEpMkTDANVKe5tLnd3HZ5frSLTsaavW5HpH1wUtrrYpRjhD
	kcnuucND85mEHeHbKtR6KDRDXHBwiOR13ot3nm8eI1v3dXFSxLp6
X-Google-Smtp-Source: AGHT+IHxSf+IvhTV9gQW0qBYul1x9GiGltnpq6mMc3iKhxYBYBn2vAf5tix6An6L8IrPi0NIlmr3HQ==
X-Received: by 2002:a05:6902:102e:b0:e20:2acb:79b5 with SMTP id 3f1490d57ef6-e202acb7a79mr1416969276.51.1726749436467;
        Thu, 19 Sep 2024 05:37:16 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a05:6902:1146:b0:e1c:fa56:9b8d with SMTP id
 3f1490d57ef6-e2027e60acals1164275276.2.-pod-prod-01-us; Thu, 19 Sep 2024
 05:37:14 -0700 (PDT)
X-Received: by 2002:a05:690c:6c82:b0:6db:c7d6:8d3c with SMTP id 00721157ae682-6dbc7d68e5emr238300657b3.40.1726749434425;
        Thu, 19 Sep 2024 05:37:14 -0700 (PDT)
Received: by 2002:a81:b302:0:b0:6dd:c9c1:7a16 with SMTP id 00721157ae682-6ddf9c44140ms7b3;
        Thu, 19 Sep 2024 01:13:00 -0700 (PDT)
X-Received: by 2002:a05:690c:6a0f:b0:6dd:1331:8110 with SMTP id 00721157ae682-6dd13319d59mr145863947b3.35.1726733579155;
        Thu, 19 Sep 2024 01:12:59 -0700 (PDT)
Date: Thu, 19 Sep 2024 01:12:58 -0700 (PDT)
From: Antoine Riard <antoine.riard@gmail.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Message-Id: <950859e2-e548-4361-8e5b-2595c0ed7a43n@googlegroups.com>
In-Reply-To: <WhFGS_EOQtdGWTKD1oqSujp1GW-v_ZUJemlNePPGaGBgzpmu6ThpqLwJpUVei85OiMu_xxjEzt_SeOWY7547C72BVISLENOd_qrdCwPajgk=@protonmail.com>
References: <WhFGS_EOQtdGWTKD1oqSujp1GW-v_ZUJemlNePPGaGBgzpmu6ThpqLwJpUVei85OiMu_xxjEzt_SeOWY7547C72BVISLENOd_qrdCwPajgk=@protonmail.com>
Subject: [bitcoindev] Re: Public disclosure of 1 vulnerability affecting
 Bitcoin Core <24.0.1
MIME-Version: 1.0
Content-Type: multipart/mixed; 
	boundary="----=_Part_11462_849771626.1726733578755"
X-Original-Sender: antoine.riard@gmail.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)

------=_Part_11462_849771626.1726733578755
Content-Type: multipart/alternative; 
	boundary="----=_Part_11463_472927724.1726733578755"

------=_Part_11463_472927724.1726733578755
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Darosior,

Thanks for writing the report.

"With that, Bitcoin Core no longer relies on having checkpoints to protect=
=20
against any known attacks."

I think it's good time to get that back on track:
https://github.com/bitcoin/bitcoin/pull/25725

As of commit ab0b5706b, it sounds checkpoints are still there.

Best,
Antoine (the other one)
ots hash: e4888dbb9983b541649f66bb23665e25fa22c47deeec5a294cf6e7624911cd07

Le jeudi 19 septembre 2024 =C3=A0 08:27:23 UTC+1, Antoine Poinsot a =C3=A9c=
rit :

> Hi everyone,
>
> Today we are releasing 1 security advisory for the Bitcoin Core project.=
=20
> This vulnerability affects versions of Bitcoin Core before (and not=20
> including) 24.0.1.
>
> The details for this vulnerability are available at=20
> https://bitcoincore.org/en/2024/09/18/disclose-headers-oom.
>
> This is part of the gradual adoption by the project of a new vulnerabilit=
y=20
> disclosure policy. The policy is available at=20
> https://bitcoincore.org/en/security-advisories/#policy. We will follow up=
=20
> next month with vulnerabilities affecting Bitcoin Core versions before (a=
nd=20
> not including) 25.0, if any.
>
> Antoine Poinsot
>

--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/=
bitcoindev/950859e2-e548-4361-8e5b-2595c0ed7a43n%40googlegroups.com.

------=_Part_11463_472927724.1726733578755
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Darosior,<br /><br />Thanks for writing the report.<br /><br />"With tha=
t, Bitcoin Core no longer relies on having checkpoints to protect against a=
ny known attacks."<br /><br />I think it's good time to get that back on tr=
ack:<br />https://github.com/bitcoin/bitcoin/pull/25725<br /><br />As of co=
mmit ab0b5706b, it sounds checkpoints are still there.<br /><br />Best,<br =
/>Antoine (the other one)<br />ots hash: e4888dbb9983b541649f66bb23665e25fa=
22c47deeec5a294cf6e7624911cd07<br /><br /><div class=3D"gmail_quote"><div d=
ir=3D"auto" class=3D"gmail_attr">Le jeudi 19 septembre 2024 =C3=A0 08:27:23=
 UTC+1, Antoine Poinsot a =C3=A9crit=C2=A0:<br/></div><blockquote class=3D"=
gmail_quote" style=3D"margin: 0 0 0 0.8ex; border-left: 1px solid rgb(204, =
204, 204); padding-left: 1ex;">Hi everyone,
<br>
<br>Today we are releasing 1 security advisory for the Bitcoin Core project=
. This vulnerability affects versions of Bitcoin Core before (and not inclu=
ding) 24.0.1.
<br>
<br>The details for this vulnerability are available at <a href=3D"https://=
bitcoincore.org/en/2024/09/18/disclose-headers-oom" target=3D"_blank" rel=
=3D"nofollow" data-saferedirecturl=3D"https://www.google.com/url?hl=3Dfr&am=
p;q=3Dhttps://bitcoincore.org/en/2024/09/18/disclose-headers-oom&amp;source=
=3Dgmail&amp;ust=3D1726818482230000&amp;usg=3DAOvVaw1BJzRNP4tEcM851k20aKGu"=
>https://bitcoincore.org/en/2024/09/18/disclose-headers-oom</a>.
<br>
<br>This is part of the gradual adoption by the project of a new vulnerabil=
ity disclosure policy. The policy is available at <a href=3D"https://bitcoi=
ncore.org/en/security-advisories/#policy" target=3D"_blank" rel=3D"nofollow=
" data-saferedirecturl=3D"https://www.google.com/url?hl=3Dfr&amp;q=3Dhttps:=
//bitcoincore.org/en/security-advisories/%23policy&amp;source=3Dgmail&amp;u=
st=3D1726818482230000&amp;usg=3DAOvVaw0CcRt0WgDJeM3A9srnlS8x">https://bitco=
incore.org/en/security-advisories/#policy</a>. We will follow up next month=
 with vulnerabilities affecting Bitcoin Core versions before (and not inclu=
ding) 25.0, if any.
<br>
<br>Antoine Poinsot
<br></blockquote></div>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion on the web visit <a href=3D"https://groups.google.c=
om/d/msgid/bitcoindev/950859e2-e548-4361-8e5b-2595c0ed7a43n%40googlegroups.=
com?utm_medium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msg=
id/bitcoindev/950859e2-e548-4361-8e5b-2595c0ed7a43n%40googlegroups.com</a>.=
<br />

------=_Part_11463_472927724.1726733578755--

------=_Part_11462_849771626.1726733578755--