1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
|
Delivery-date: Fri, 16 May 2025 07:51:32 -0700
Received: from mail-oa1-f61.google.com ([209.85.160.61])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBDL4XL646QOBBZ5BTXAQMGQEG7OGR2Q@googlegroups.com>)
id 1uFwPL-0003kp-Pw
for bitcoindev@gnusha.org; Fri, 16 May 2025 07:51:32 -0700
Received: by mail-oa1-f61.google.com with SMTP id 586e51a60fabf-2d572363154sf346164fac.0
for <bitcoindev@gnusha.org>; Fri, 16 May 2025 07:51:31 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1747407085; cv=pass;
d=google.com; s=arc-20240605;
b=R0Uxo0UtfBFcCi9+EVOMOI345ON69rpGBOAsES3RqnE0hAThirw5PUUY3Iw8vkeN/N
Nr0cvMfgcW2Vur/i9Sr73jAGOvnE83sLQW+krwUk7eTx37TYD684BBVIvxanNCe6LNkn
Mnlq4TmQwZ6JDvABwKkpaywmo8nNJkfd8Eb2ED4gsPj/5D4VUulhpqpJ5a3kYY3BJjHH
Bu7RbthDOflSWwG+80jIn3Ia+EgS1d/cOSeNuAgghdz19TGuOzUnNBEy2Om/vPks/PJv
2Vu64RtnjdDW1k44qI80WqSxx5RP2Umih8A4KnPccDLGdjvkJhHyt9zKOVc9+xckcoxY
hw/g==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to:mime-version:feedback-id
:references:in-reply-to:message-id:subject:cc:from:to:date
:dkim-signature;
bh=c+kjZYpd3tkW8kW8lHU50YkM6Nuyz9NCz6ZohyaBpaM=;
fh=7itXrcKcxxI1BzQaGkvWGnH1iQ6uTJqs/PLl1nmwzoA=;
b=HLFqHgn2sl55GNjwV/ENe3ieMMAjkCvQrgx7NJ1SQQ26c12G8FtfAI8xY9F0shki0p
DzxQOfevqrcGYh6MWdajkgradbG1dvyiuXQgBNO/wC3bx2NdNKXEcWffH+3xYtDyBc7M
j77o9AbMq+wwM9Q2N3A+CJzPdEkJUfRXVu/2ix01ShQ578Pj/aOByzFa+dcye3+m4QA0
ixQxX/c0VT1pKa7ksDTLrwKVt8UKhev5ExCm/+rw1DryUswxRYBSq3VYWniWVnn+T4Lh
2oNL+bxtl7zUszYK8SXGDb+ApLDBI7N9zjQH/oW0oIQP4uBmEuecLP8NIJnyqtDB09s1
v6uQ==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=NmMCAPbs;
spf=pass (google.com: domain of darosior@protonmail.com designates 185.70.43.16 as permitted sender) smtp.mailfrom=darosior@protonmail.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1747407085; x=1748011885; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender:mime-version
:feedback-id:references:in-reply-to:message-id:subject:cc:from:to
:date:from:to:cc:subject:date:message-id:reply-to;
bh=c+kjZYpd3tkW8kW8lHU50YkM6Nuyz9NCz6ZohyaBpaM=;
b=jXaPPQGdAVZGx1n4z5aaZKRBU0rz2LyYU4Cnq4njlSJC8T00MUMr0Eh0cvzTmF1EBX
79ki8KWJXCnoflIdzqM1kp8trR3wpZ/B+JJGAaIiOsHX4M/mAzH8eGMZSJqNiGUIT3nO
ow6hbSByqirQocGpv9pWja+DmefuR0aE2rbaEUDsJp/gqjwJgncBOBgswHrIuC1N+q5o
KDz2tdS09Ew0KI0mG2TUajGUM3rcLAzz3a482dui7E94JuHm5RaoDZmcJxUWVielQEJU
VvzDr9zth6JYguh4M2vqNWXbef0FzqybE3UrsXeBvA8WVCVHJW50CYj9X1LbJrQNx2lv
grJQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1747407085; x=1748011885;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender:mime-version
:feedback-id:references:in-reply-to:message-id:subject:cc:from:to
:date:x-beenthere:x-gm-message-state:from:to:cc:subject:date
:message-id:reply-to;
bh=c+kjZYpd3tkW8kW8lHU50YkM6Nuyz9NCz6ZohyaBpaM=;
b=TnDtX897OpoTxurn/ITwYJgbeQi2158zPPgFG2aZvBx4iikeFfI41Smn+MpBmAEuz1
quKlvfiaa0zYDrd2quGP/mCnVow60wclinrR82wbBK1Cue0JBmTDhPuKg4omY2s/1p4q
EqonIfhXxSHzAl0k4fOLeYMn/dEF44WAZjXO6g8jZ0z9gVCWBQrEOmd62SnWyVs9gE8l
763em70FrtNheYaUsOLkrnTvrGqTVhZ398AMHCazh2SvbcF4QhTW8w6+Iby6CJaIYX8w
JgBHLr/ftTg1wDzOiq/yk1omD2Zocxi5kYz+pIYKI/ekSoWklxD1Xvl+mcqJG/zxuW2f
FOZg==
X-Forwarded-Encrypted: i=2; AJvYcCUdX4TcVEj9x0WPArluUeR0uUKY/MwJDSGPrLPAZLSJ0gP7EI4bC0sRCXrp17hpVcFexcM+b8MNCre6@gnusha.org
X-Gm-Message-State: AOJu0YxTzHH7G2w4VXg/7eB39D20x+YqmTarxkmXpRIqShznXR1bEJvQ
TTaVqbGRPAv+c1h5GG+3bDSB+oSi2VSRO2RVu/KFqyUAEvacfR/s+Kdd
X-Google-Smtp-Source: AGHT+IG1lw24rCYtgyEyQGxRc3DpoFZuxBN8CSPsSvSF+L48NUnR25VhgnVxBrQGFFxa5UnMAR7KEQ==
X-Received: by 2002:a05:6870:2a4a:b0:2d5:ba2d:80e4 with SMTP id 586e51a60fabf-2e3c1e6d32dmr2014997fac.24.1747407085440;
Fri, 16 May 2025 07:51:25 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=AVT/gBG5YGoUbgu7/KhSbp0hB/cf7TLwsbcT3tfXwgxK6/lb9A==
Received: by 2002:a05:6871:20c5:b0:2da:fbc:5e7 with SMTP id
586e51a60fabf-2e39c84e483ls1274417fac.0.-pod-prod-07-us; Fri, 16 May 2025
07:51:19 -0700 (PDT)
X-Received: by 2002:a05:6808:6c82:b0:401:bdd7:6670 with SMTP id 5614622812f47-404d877a75amr2328959b6e.23.1747407079322;
Fri, 16 May 2025 07:51:19 -0700 (PDT)
Received: by 2002:ab3:7843:0:b0:293:32b4:31b9 with SMTP id a1c4a302cd1d6-2b0e5669f65msc7a;
Fri, 16 May 2025 07:41:32 -0700 (PDT)
X-Received: by 2002:a05:6512:4481:b0:54a:cc76:1676 with SMTP id 2adb3069b0e04-550e7239cc1mr1133627e87.44.1747406489490;
Fri, 16 May 2025 07:41:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1747406489; cv=none;
d=google.com; s=arc-20240605;
b=C+d4s8IgW1nz8oa1llUgnPTOLj+vAsBSYvtKSzj3byXVkwLK+GcoD7NyY3dfqM+pVm
NuqktJwM3nOi4gkOgncFtG42gIdenTFvlbH6AKnIFJ2gMaJG6/Ofrlzq08dNmPC8tdaa
O0+TDbUayuEfZX41SWYBNhkrlmo/N/HOYknAvqOx/lEoSWyRwHwxs5LrNBPjYieNO3Bx
Sr9sCBg3DbsJ9ULW5080KSgZcI671meoc2/aJVxVrG5RargNjs4A68EXzj9xihsJqJDY
le/OFma0aeJe3vztJAygR2046GtgH3dFJZJpk2juqeidAzICeg6PWC0+kOGoWAZezFxm
Om3Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=content-transfer-encoding:mime-version:feedback-id:references
:in-reply-to:message-id:subject:cc:from:to:date:dkim-signature;
bh=56PogaVwhQ/3l+/L2QyAKBJSk3uNhIrUPyOzA46i0jE=;
fh=m2IwlnuMmP6ceRgqI8U7RCh8Dkd3VeWlWEfxse0Wcvc=;
b=ajr219FXxe9Whd7HfUgExbVtR6RT5PGgKLy3NDsK0hZWkoBQ/vinhshkII75uJbTQH
P7Lv7GostQ5FrJQqFoB4gCjqCzZP3Cv8YvsZ2c6n1Kn86VANnhfnlW/FFXJnJrpIMjYn
ejmK99JUhKB1s3363oE8kYC4W9ok2+vDb5MWogEBlLsjwahULLqEYGgoSqZRe9N+r3La
FcyZRqmprdpObxAUOn5rlQjTPaBQKg4jNXZfEqYBJ+Z7XS4ksLVzCwxjmrdyFcrsIIfS
sciioWMGJCMdMM+scWL6kNKvg5IYXj0275BG/wwmsFy78O+nwAF1I0dyQjPc8ujxKatn
NHGw==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=NmMCAPbs;
spf=pass (google.com: domain of darosior@protonmail.com designates 185.70.43.16 as permitted sender) smtp.mailfrom=darosior@protonmail.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
Received: from mail-4316.protonmail.ch (mail-4316.protonmail.ch. [185.70.43.16])
by gmr-mx.google.com with ESMTPS id 2adb3069b0e04-550e6f8e0f0si37968e87.9.2025.05.16.07.41.29
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 16 May 2025 07:41:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of darosior@protonmail.com designates 185.70.43.16 as permitted sender) client-ip=185.70.43.16;
Date: Fri, 16 May 2025 14:41:22 +0000
To: Antoine Poinsot <darosior@protonmail.com>
From: "'Antoine Poinsot' via Bitcoin Development Mailing List" <bitcoindev@googlegroups.com>
Cc: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] Public disclosure of one vulnerability affecting
Bitcoin Core <29.0
Message-ID: <UCY0pWHlfFg8YzQRMNBHyUIg15CJLI8gM4E-7eHvYmUhkE5mP9Bz71xcHbnyyie8V9ZOnbi6yyKy4rG9h4O8RVx6_tAWD5BV6W71SHHyJiY=@protonmail.com>
In-Reply-To: <EYvwAFPNEfsQ8cVwiK-8v6ovJU43Vy-ylARiDQ_1XBXAgg_ZqWIpB6m51fAIRtI-rfTmMGvGLrOe5Utl5y9uaHySELpya2ojC7yGsXnP90s=@protonmail.com>
References: <EYvwAFPNEfsQ8cVwiK-8v6ovJU43Vy-ylARiDQ_1XBXAgg_ZqWIpB6m51fAIRtI-rfTmMGvGLrOe5Utl5y9uaHySELpya2ojC7yGsXnP90s=@protonmail.com>
Feedback-ID: 7060259:user:proton
X-Pm-Message-ID: 2cacd4921ab8b0989f00c159812c4d4d5d0a5b7e
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
X-Original-Sender: darosior@protonmail.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@protonmail.com header.s=protonmail3 header.b=NmMCAPbs;
spf=pass (google.com: domain of darosior@protonmail.com designates
185.70.43.16 as permitted sender) smtp.mailfrom=darosior@protonmail.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
X-Original-From: Antoine Poinsot <darosior@protonmail.com>
Reply-To: Antoine Poinsot <darosior@protonmail.com>
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -1.0 (-)
> You can find the advisory on the Bitcoin Core project website at https://bitcoincore.org/en/2025/03/31/disclose-cve-2024-52919.
The link was since updated to https://bitcoincore.org/en/2025/04/28/disclose-cve-2024-52919
On Monday, April 28th, 2025 at 3:00 PM, 'Antoine Poinsot' via Bitcoin Development Mailing List <bitcoindev@googlegroups.com> wrote:
>
>
> Hi everyone,
>
> In accordance with our security disclosure policy, i am sharing today a low-severity security advisory affecting Bitcoin Core versions before 29.0 (released 2 weeks ago).
>
> You can find the advisory on the Bitcoin Core project website at https://bitcoincore.org/en/2025/03/31/disclose-cve-2024-52919.
>
> For more details about the Bitcoin Core security disclosure policy, see https://bitcoincore.org/en/security-advisories.
>
> Antoine Poinsot
>
> --
> You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/EYvwAFPNEfsQ8cVwiK-8v6ovJU43Vy-ylARiDQ_1XBXAgg_ZqWIpB6m51fAIRtI-rfTmMGvGLrOe5Utl5y9uaHySELpya2ojC7yGsXnP90s%3D%40protonmail.com.
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/UCY0pWHlfFg8YzQRMNBHyUIg15CJLI8gM4E-7eHvYmUhkE5mP9Bz71xcHbnyyie8V9ZOnbi6yyKy4rG9h4O8RVx6_tAWD5BV6W71SHHyJiY%3D%40protonmail.com.
|
