1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
|
Delivery-date: Tue, 05 Nov 2024 08:24:29 -0800
Received: from mail-qv1-f59.google.com ([209.85.219.59])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBDL4XL646QOBBNENVG4QMGQEJQKXRNI@googlegroups.com>)
id 1t8MM1-00086y-6z
for bitcoindev@gnusha.org; Tue, 05 Nov 2024 08:24:29 -0800
Received: by mail-qv1-f59.google.com with SMTP id 6a1803df08f44-6cbe4fc0aa7sf90276856d6.0
for <bitcoindev@gnusha.org>; Tue, 05 Nov 2024 08:24:28 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1730823863; cv=pass;
d=google.com; s=arc-20240605;
b=dxLWa0nZupLwsy7tqGGTqf1i/jj7ohTFn8YFYfIVky9/pKxu0DWnl9T1uIsaCFkrDx
OysHMbxOA/t52vRpaNHhUaUSL9BsJ+T1Sd64QfDt9SAY6nn15texbdUoL0RnxGMnSznV
Qm4Y+6QFNC2ay4nO0A1W9gihOTNufdzxkSvZ8QsrS0fgh9aaYXH0wOBWJhSc3oe8ugrD
rSC86S8sjGUsU5nte8DIOvvgdUyK3g/jrljujmdtr4nkTE3h5Bl3ph8jWanOq5FT0MKy
n7FCvSUobUnPW1vQjNePyXVS5+jyfUpX1so/c3qMWNpg61MYnIyQHGUHlW16Lf82AFNV
ikpA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to:content-transfer-encoding
:mime-version:feedback-id:message-id:subject:from:to:date
:dkim-signature;
bh=SLpFQUMn/J9hNC42kp2syQsLMez68bgtNAyTz0Ssn2Q=;
fh=su80cbgRg8af6lcfWjAeENanEqQWuU/POHwX/2Xv0RA=;
b=ZkEYItuRMPo6/bIRGCv8/1Je1bzXVxfLRO1p/Fo4Atbzdz/Tosf3FUWtTDnvONLPu2
C/bCZLzGDdPMN+VaEO/+SOIBa8De+MJupNwPwPtfTC8tLHDB/Iz0bM+L/Cme2p+d9LcZ
XAD92CeGeEPGmU+epKcrrtbD648gw/YUmSGadPgJy59JJLU+5Ee+3nnO3wv73JfpG54B
UgG2XjY3hAgYJNBbZ0W3CSj5qCB3y6tLxEeKS/NvScsTgeuQ6h+ii0aDXO0g5YX8WrUI
rvu571tTkQzZKT2MDmxLLAq/Yzlr2gnqprEmAwf/zVlhEO2t86rNoK2RWtbxUyqli7rl
8iXg==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=l8d+oZrs;
spf=pass (google.com: domain of darosior@protonmail.com designates 185.70.43.167 as permitted sender) smtp.mailfrom=darosior@protonmail.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1730823863; x=1731428663; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender
:content-transfer-encoding:mime-version:feedback-id:message-id
:subject:from:to:date:from:to:cc:subject:date:message-id:reply-to;
bh=SLpFQUMn/J9hNC42kp2syQsLMez68bgtNAyTz0Ssn2Q=;
b=BUcHiycA0DJiIkTaZhEv8cOwa0UGmAF31iSo084BdMMz15MP7MWZSsnosadW3XoAJS
nMXUoqLNAq9wQx2tzsPmfWoz/Tlz0mrUqKAzbriGZidoYWmYdly+zv4n/V9diir5icjs
trPsbRcV7c8ueQ8AVtsk5Vqpt1uqx2uoXT2LDsijNVXpIO1Cj+Wn6qLZ5jT1eIsmxpNS
ERn0JaOlA7mq9MmLGckebzBRzOmKewS3rXYM2wd3b6S9JbpmcPEGUtTa4Ooc2zYuz/Li
+woGm5mX3VyIGaOZh0RV9VtOxhcAw6MeTyHezmjMOOLaRY3aZy/IcJr80fpJD4h2gvmX
pZZw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1730823863; x=1731428663;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender
:content-transfer-encoding:mime-version:feedback-id:message-id
:subject:from:to:date:x-beenthere:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=SLpFQUMn/J9hNC42kp2syQsLMez68bgtNAyTz0Ssn2Q=;
b=wsQYHAxt+mrAxQvdm29ZOAr6IyFKJjLl2NVYIvkSaWA8dVwBXvD/hkNoFoGhOJmfjj
UaQ6z7Low155ltWGgGx14FOBDIvV+nEZ5Pn1VzAhFj4jzabn8dMuM1NSz6jLxiiPMoqL
YJFvAmiCYGJNKFer9gWrfXaBfYZYkhQ98zSDkwp/t0JqBARgGkQADNzMW0o2FJvDS4JZ
ZR8kDKTIwAasvOfL+dw6WSnMF4iKGkgO/cy9sILQYnMBfyy8iZz+7lxU4QklNNkqOWEr
QefG0YHM/6sVzdpkDufgeU9925F50SR4/da1wLEc8pXenAi9iRTXfyzOKqSSf7+gZ09B
/SpQ==
X-Forwarded-Encrypted: i=2; AJvYcCWd7bRn63Nbh8cV08eKsfpRl3L+zxqqR9QlZVCm/KPkAu+Fo61uGByJoENm7K3SuIoYVvBSGlHVqXPI@gnusha.org
X-Gm-Message-State: AOJu0Yx/F1j7CnCnrxkuNCjgWSjx7cZSs0LQ1THtXHvfuBueGHa/DoAv
XHNHfRvGN3TLCXhyrOQWwogorslb3R2O9KAvDk9qmJsaz7g4kWmb
X-Google-Smtp-Source: AGHT+IGTqGvs8Y+i/UQ8gsepA7IxPY9JSkUf0atJz/FCaYAH9WzfMOX24LGJCVZwt5n5XdJKS0cGZQ==
X-Received: by 2002:a05:6214:5f01:b0:6cc:2ba7:7f7b with SMTP id 6a1803df08f44-6d35c164a2bmr247559546d6.28.1730823862765;
Tue, 05 Nov 2024 08:24:22 -0800 (PST)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a05:6214:194f:b0:6cb:fae8:5fd8 with SMTP id
6a1803df08f44-6d351a51c5bls92134606d6.0.-pod-prod-04-us; Tue, 05 Nov 2024
08:24:20 -0800 (PST)
X-Received: by 2002:a05:620a:4687:b0:7ac:e869:b073 with SMTP id af79cd13be357-7b2fb9d8b1emr2367065385a.63.1730823860279;
Tue, 05 Nov 2024 08:24:20 -0800 (PST)
Received: by 2002:a05:620a:2eb:b0:7a1:d643:94b4 with SMTP id af79cd13be357-7b31a379117ms85a;
Tue, 5 Nov 2024 08:00:14 -0800 (PST)
X-Received: by 2002:a05:600c:1d21:b0:431:518a:683b with SMTP id 5b1f17b1804b1-43283255a45mr132873875e9.18.1730822411959;
Tue, 05 Nov 2024 08:00:11 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1730822411; cv=none;
d=google.com; s=arc-20240605;
b=a0NA1rinCbiuy7aqQrek8GXrBwbh7uov7x9v7fcNlhBu23xrul1CO1O+LZBszH232q
VeaU848Oiki1lajwpO/0lKwqj7Uf9GH6FuwH4kZai8l2nwEB7zcABBEz8UQ7e5TwOyiR
L7ISlsOeyl7r04SBS33Pk/vTI7VyT4Q4VCUhgtyuQ3UgnV1yc7AU529U+BbViXLIdRBJ
DFnDjPY63Fejl9MuQSk08x11kIPYALGBjw8gAjBLbF2MIhb41iHZ01UR3UbAI6DNC2ZW
kds9tEDElBI2E5LDDqxROSqybRieeOnEdBdErLLAJ/sNcZfViY0R02aC2bF+SqN2Gl5M
Bm/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=content-transfer-encoding:mime-version:feedback-id:message-id
:subject:from:to:date:dkim-signature;
bh=Qyvmi5co8I07ydCJVBLeinkI/JJf1Z5/sFf084bgkGY=;
fh=DMP0F9ULS1guKiqimntQRCN8ZraraesEgQuVcn7F0Z0=;
b=ZJ1st5uMiGkLSYrVlZAM7BLcpkE7XFtH74tJJ4L8JBNyxEfdAnmaNlK13Q4qUHTCrX
2dMgqmUfnivhTeqyF4zcRUBz111orNzFPch/J79PDJIRMqB4k/dm9Vcx1kq6n0DUvPH9
aopjhPJRZiFodbivOds7L2jYuC1u73PsFoqh6kmfVFoPHNih7bZdw7I50suFcFJRhlsP
pgdHjfbHdcF7lyAHGhwQJn4WiVe0cfIkNR7w8P1fw3O1LFwbUaZ5i3uAMh43uyiFp0Iz
EDI9+iIHM+/2ZEpkdEUDlvGKjqOLhuPrZb6r2zuH5AVOO7yxJ8KFgNCoxe6J+saaqNMo
CMfg==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=l8d+oZrs;
spf=pass (google.com: domain of darosior@protonmail.com designates 185.70.43.167 as permitted sender) smtp.mailfrom=darosior@protonmail.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
Received: from mail-43167.protonmail.ch (mail-43167.protonmail.ch. [185.70.43.167])
by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-4327d63eeb8si2614845e9.1.2024.11.05.08.00.11
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 05 Nov 2024 08:00:11 -0800 (PST)
Received-SPF: pass (google.com: domain of darosior@protonmail.com designates 185.70.43.167 as permitted sender) client-ip=185.70.43.167;
Date: Tue, 05 Nov 2024 16:00:05 +0000
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
From: "'Antoine Poinsot' via Bitcoin Development Mailing List" <bitcoindev@googlegroups.com>
Subject: [bitcoindev] Public disclosure of one vulnerability affecting Bitcoin
Core <26.0
Message-ID: <uJpfg8UeMOfVUATG4YRiGmyz5MALtZq68FCBXA6PT-BNstodivpqQfDxD1JAv5Qny_vuNr-A1m8jIDNHQLhAQt8hj8Ee9OT6ZFE5Z16O97A=@protonmail.com>
Feedback-ID: 7060259:user:proton
X-Pm-Message-ID: 1c148dccaa0d6aa121235ad03a41688ca57a85cf
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Original-Sender: darosior@protonmail.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@protonmail.com header.s=protonmail3 header.b=l8d+oZrs;
spf=pass (google.com: domain of darosior@protonmail.com designates
185.70.43.167 as permitted sender) smtp.mailfrom=darosior@protonmail.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
X-Original-From: Antoine Poinsot <darosior@protonmail.com>
Reply-To: Antoine Poinsot <darosior@protonmail.com>
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -1.0 (-)
Hi everyone,
Today we are releasing one security advisory for the Bitcoin Core project. =
This vulnerability affects Bitcoin Core versions before (and not including)=
26.0. A fix was also included in 25.1.
The details are available on our website: https://bitcoincore.org/en/2024/1=
1/05/cb-stall-hindering-propagation.
This is the last batch of security advisories for historical issues. For al=
l new reported vulnerabilities we will now start following our advertised p=
ublic disclosure policy, previously announced in [0] and available on our w=
ebsite at https://bitcoincore.org/en/security-advisories.
This concludes the gradual adoption of this new policy by the project, init=
iated back in July [1].
Antoine Poinsot
[0] https://groups.google.com/g/bitcoindev/c/Q2ZGit2wF7w/m/RqqmU2B9AAAJ | =
https://gnusha.org/pi/bitcoindev/rALfxJ5b5hyubGwdVW3F4jtugxnXRvc-tjD_qwW7z=
73rd5j7lXGNdEHWikmSdmNG3vkSOIwEryZzOZr_DgmVDDmt9qsX0gpRAcpY9CfwSk4=3D@proto=
nmail.com/
[1] https://groups.google.com/g/bitcoindev/c/_ys3Eu8-ORA/m/VnVWV5yIAAAJ | =
https://gnusha.org/pi/bitcoindev/xsylfaVvODFtrvkaPyXh0mIc64DWMCchxiVdTApFq=
J_0Q5v0bOoDpS_36HwDKmzdDO9U2RKMzESEiVaq47FTamegi2kCNtVZeDAjSR4G7Ic=3D@proto=
nmail.com
--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
uJpfg8UeMOfVUATG4YRiGmyz5MALtZq68FCBXA6PT-BNstodivpqQfDxD1JAv5Qny_vuNr-A1m8=
jIDNHQLhAQt8hj8Ee9OT6ZFE5Z16O97A%3D%40protonmail.com.
|