summaryrefslogtreecommitdiff
path: root/ca/c07944e3216b03a00003e485627ad66d77fc47
blob: f7ee082714a5d3adfa229f16114cdc2ee7840970 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
	helo=mx.sourceforge.net)
	by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <mh.in.england@gmail.com>) id 1T461M-0006QE-DA
	for bitcoin-development@lists.sourceforge.net;
	Wed, 22 Aug 2012 08:10:36 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.212.181 as permitted sender)
	client-ip=209.85.212.181; envelope-from=mh.in.england@gmail.com;
	helo=mail-wi0-f181.google.com; 
Received: from mail-wi0-f181.google.com ([209.85.212.181])
	by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1T461L-0007rF-MM
	for bitcoin-development@lists.sourceforge.net;
	Wed, 22 Aug 2012 08:10:36 +0000
Received: by wibhm2 with SMTP id hm2so435609wib.10
	for <bitcoin-development@lists.sourceforge.net>;
	Wed, 22 Aug 2012 01:10:29 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.217.3.1 with SMTP id q1mr10231431wes.38.1345623029442; Wed, 22
	Aug 2012 01:10:29 -0700 (PDT)
Sender: mh.in.england@gmail.com
Received: by 10.216.139.134 with HTTP; Wed, 22 Aug 2012 01:10:29 -0700 (PDT)
In-Reply-To: <CAOCHLotLO8eaLJV2Kkm_YEvbDb80A1VzVGuvujm6NjjGraFEsQ@mail.gmail.com>
References: <CAOCHLotLO8eaLJV2Kkm_YEvbDb80A1VzVGuvujm6NjjGraFEsQ@mail.gmail.com>
Date: Wed, 22 Aug 2012 10:10:29 +0200
X-Google-Sender-Auth: 9LsnVtlbMIZO5gCRCRj_b5lQkIk
Message-ID: <CANEZrP3Dwnv7s5J4qS=Ewj=qoYp=rHxX6LgY9sBmUfGJqs3LrA@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: Forrest Voight <voights@gmail.com>
Content-Type: multipart/alternative; boundary=20cf302079f4abe75404c7d64682
X-Spam-Score: -1.0 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(mh.in.england[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	1.0 HTML_MESSAGE           BODY: HTML included in message
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	-0.5 AWL AWL: From: address is in the auto white-list
X-Headers-End: 1T461L-0007rF-MM
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] Full Disclosure: CVE-2012-2459 (block
 merkle calculation exploit)
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 22 Aug 2012 08:10:36 -0000

--20cf302079f4abe75404c7d64682
Content-Type: text/plain; charset=UTF-8

Thank you for practicing responsible disclosure.

Now the vulnerability is out in the open, could the code please be updated
to contain the information here, but in the comments? Gavins commit merely
mentions there is a DoS attack without discussing further what it involves,
also, the vulnerability of the merkle hash function should ideally be noted
inside it.

--20cf302079f4abe75404c7d64682
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Thank you for practicing responsible disclosure.<div><br></div><div>Now the=
 vulnerability is out in the open, could the code please be updated to cont=
ain the information here, but in the comments? Gavins commit merely mention=
s there is a DoS attack without discussing further what it involves, also, =
the vulnerability of the merkle hash function should ideally be noted insid=
e it.</div>
<div><br></div>

--20cf302079f4abe75404c7d64682--