1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
|
Delivery-date: Wed, 31 Jul 2024 11:02:35 -0700
Received: from mail-yb1-f191.google.com ([209.85.219.191])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBCRY7FFSIEILF6FJWUDBUBGXVBPTS@googlegroups.com>)
id 1sZDel-0004tp-7e
for bitcoindev@gnusha.org; Wed, 31 Jul 2024 11:02:35 -0700
Received: by mail-yb1-f191.google.com with SMTP id 3f1490d57ef6-e0b329ba782sf9050405276.2
for <bitcoindev@gnusha.org>; Wed, 31 Jul 2024 11:02:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1722448948; x=1723053748; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:message-id:to:from:date:sender:from:to:cc:subject:date
:message-id:reply-to;
bh=uvp6f2NvtgMbjyIouo+dQCug8hRthxwQhDyFvHoWHdM=;
b=ls2qV/5e7ygqOHSqw+C24iwOW9tz6OQ9ZrQj2rB5aGB696QoOfYGJ6LzPwQJ1WCahJ
GSbA2j1MIJ2q3xINc8n4wlozQUfyX2gsDpgExAm4/dVGJOaqNZQzBJQzIm3xU4m8l0tW
xUXcZofSCkr9mqEgr8iFsmJ2ZIZWWh6vGaBrYP35TcBwqCGH3ypeYquAtWDV7XLkpwm9
iGZznE7m+Y1B92DR3ip9MwbF5j6IB6xMiLR9fdIjAKtJrnb4uM/rmXmfUaehka/rJ+Mm
g1GuGocxuciBMrRNuceR3nZq7/GxWFlMMg1VZWSXUY2EwOnIaY681xmPJaU9YE0Rf4qR
vjUg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1722448948; x=1723053748; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:message-id:to:from:date:from:to:cc:subject:date:message-id
:reply-to;
bh=uvp6f2NvtgMbjyIouo+dQCug8hRthxwQhDyFvHoWHdM=;
b=C0X5XzO7kG49RdGV7oQD8h7ugr5l5mSEtxz+LqeliRG/6Z71ayP+EBndhq2Jjvm0ee
s2gJ99RWq5mM0lwjpH2jaKT8s4xkd/xrj8YSMLX5Yv9wAc1HyYelx6u1Js8sc7egov07
bsZYH1sDuwJbBHDbay/AmBQYNeJ5pkQ/Io1+nb/8jd8Ls9SsiO5UJdQx8w6n0osGs+DV
LBbCbb4cV6OO0p5A6xY+SBZpnSr+9+BTHaLp2bHNVQiR0i3KQpWFFWr8ZpF6jUhq+zNd
KjkziNZ67etH7bEXNSQv0lcuOqyBeq+HpSWK6oI6lqYCwmEWjbQxvZ192+unQb+wR47D
albg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1722448948; x=1723053748;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:message-id:to:from:date:x-beenthere:x-gm-message-state
:sender:from:to:cc:subject:date:message-id:reply-to;
bh=uvp6f2NvtgMbjyIouo+dQCug8hRthxwQhDyFvHoWHdM=;
b=J0cEZFEPtogpZoY1QNAfZyQv/hENjbcmfzrbdN3vhnJ1GbxtGaJF54avKaFvA0rhsQ
jQo5VGxtwl8lKdZqUdGIo3wuR/wVWFUg/NzU/LW6dcbHY6KRxA5lb5G7yz4CSm2Xr3dN
uHpvB99Y1q0SAZKlsdb1i2WziD+lNGT+hgia1pGPXzRaslBVwgexC/rhJ0iJ6PNk422p
bo+0VRfaLggzWveUCE68Oyh9gCQDIWCLSi51Kh1dDXCfNHkp4S7n/b1bjsEQ+ZLMdKoz
2rAObyXV5N3SUwm8uVmZp2SIq5wFWO5aWF6lq+mT3lp8nYlQAz4Q4c8jMDhte1wFgVvx
fspg==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=1; AJvYcCVVTGbSU881dWbHRl6LmStrJzWgfFYOuRzhz5Msw3VaCaHOgubmxoCAgxrIGgf5OQ8HGGdzVaCOIoKQdseX5p0XZAWg184=
X-Gm-Message-State: AOJu0Yx+hYOPAItayt+Lg09Y+VhewR0y5RA4sKZgMqPBWtvnIzFqxlZ5
ihQ6hjTLIoCBclfTNPlDpY3DMvJryCkwJTu1JSvYjjPg56vvoeky
X-Google-Smtp-Source: AGHT+IGoLBNIy+sYdhOoKHR5L3GNo1dpYXVWZN8ODfrw6JJi2RhRRuDG9tAIJ91xJ1rFtBM9XJJb6g==
X-Received: by 2002:a05:6902:1889:b0:e0b:2c11:bc4 with SMTP id 3f1490d57ef6-e0b543f2cf1mr19084881276.6.1722448948381;
Wed, 31 Jul 2024 11:02:28 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a05:6902:150d:b0:e0b:be54:a76d with SMTP id
3f1490d57ef6-e0bbe54abc2ls519764276.0.-pod-prod-09-us; Wed, 31 Jul 2024
11:02:26 -0700 (PDT)
X-Received: by 2002:a05:6902:2b83:b0:e05:a1df:562e with SMTP id 3f1490d57ef6-e0b54405473mr1027706276.2.1722448946369;
Wed, 31 Jul 2024 11:02:26 -0700 (PDT)
Received: by 2002:a81:ae12:0:b0:627:7f59:2eee with SMTP id 00721157ae682-6847fb12387ms7b3;
Wed, 31 Jul 2024 10:01:18 -0700 (PDT)
X-Received: by 2002:a05:6902:1549:b0:e05:eccb:95dc with SMTP id 3f1490d57ef6-e0b5445f558mr214210276.6.1722445277535;
Wed, 31 Jul 2024 10:01:17 -0700 (PDT)
Date: Wed, 31 Jul 2024 10:01:17 -0700 (PDT)
From: Niklas Goegge <n.goeggi@gmail.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Message-Id: <bf5287e8-0960-45e8-9c90-64ffc5fdc9aan@googlegroups.com>
Subject: [bitcoindev] Public disclosure of 2 vulnerabilities affecting Bitcoin
Core < v22.0
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_74918_991864678.1722445277152"
X-Original-Sender: n.goeggi@gmail.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)
------=_Part_74918_991864678.1722445277152
Content-Type: multipart/alternative;
boundary="----=_Part_74919_915797876.1722445277152"
------=_Part_74919_915797876.1722445277152
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi everyone,=20
Today we are releasing 2 security advisories for the Bitcoin Core project.=
=20
Those bugs affect versions of Bitcoin Core before (and not including)=20
v22.0.=20
This is part of the gradual adoption by the project of a new vulnerability=
=20
disclosure policy.=20
The policy and the 2 security advisories can be found on the project's=20
website at https://bitcoincore.org/en/security-advisories .=20
We will follow up later in August to publicly disclose vulnerabilities=20
fixed in version v23.0. And then in September to disclose those fixed in=20
version v24.0, and so on until we run out of unmaintained versions to=20
disclose vulnerabilities for. The announced policy will then start to be=20
observed for new versions.
Niklas G=C3=B6gge
--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/=
bitcoindev/bf5287e8-0960-45e8-9c90-64ffc5fdc9aan%40googlegroups.com.
------=_Part_74919_915797876.1722445277152
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi everyone,
<br />
<br />Today we are releasing 2 security advisories for the Bitcoin Core=20
project. Those bugs affect versions of Bitcoin Core before (and not=20
including) v22.0.
<br />
<br />This is part of the gradual adoption by the project of a new vulnerab=
ility disclosure policy.
<br />
<br />The policy and the 2 security advisories can be found on the project'=
s website at <a href=3D"https://bitcoincore.org/en/security-advisories" tar=
get=3D"_blank" rel=3D"nofollow">https://bitcoincore.org/en/security-advisor=
ies</a> .
<br />
<br />We will follow up later in August to publicly disclose vulnerabilitie=
s
fixed in version v23.0. And then in September to disclose those fixed in=
=20
version v24.0, and so on until we run out of unmaintained versions to
disclose vulnerabilities for. The announced policy will then start to=20
be observed for new versions.<br />
<br />Niklas G=C3=B6gge<br />
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion on the web visit <a href=3D"https://groups.google.c=
om/d/msgid/bitcoindev/bf5287e8-0960-45e8-9c90-64ffc5fdc9aan%40googlegroups.=
com?utm_medium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msg=
id/bitcoindev/bf5287e8-0960-45e8-9c90-64ffc5fdc9aan%40googlegroups.com</a>.=
<br />
------=_Part_74919_915797876.1722445277152--
------=_Part_74918_991864678.1722445277152--
|