1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <mh.in.england@gmail.com>) id 1T461M-0006QE-DA
for bitcoin-development@lists.sourceforge.net;
Wed, 22 Aug 2012 08:10:36 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.212.181 as permitted sender)
client-ip=209.85.212.181; envelope-from=mh.in.england@gmail.com;
helo=mail-wi0-f181.google.com;
Received: from mail-wi0-f181.google.com ([209.85.212.181])
by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1T461L-0007rF-MM
for bitcoin-development@lists.sourceforge.net;
Wed, 22 Aug 2012 08:10:36 +0000
Received: by wibhm2 with SMTP id hm2so435609wib.10
for <bitcoin-development@lists.sourceforge.net>;
Wed, 22 Aug 2012 01:10:29 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.217.3.1 with SMTP id q1mr10231431wes.38.1345623029442; Wed, 22
Aug 2012 01:10:29 -0700 (PDT)
Sender: mh.in.england@gmail.com
Received: by 10.216.139.134 with HTTP; Wed, 22 Aug 2012 01:10:29 -0700 (PDT)
In-Reply-To: <CAOCHLotLO8eaLJV2Kkm_YEvbDb80A1VzVGuvujm6NjjGraFEsQ@mail.gmail.com>
References: <CAOCHLotLO8eaLJV2Kkm_YEvbDb80A1VzVGuvujm6NjjGraFEsQ@mail.gmail.com>
Date: Wed, 22 Aug 2012 10:10:29 +0200
X-Google-Sender-Auth: 9LsnVtlbMIZO5gCRCRj_b5lQkIk
Message-ID: <CANEZrP3Dwnv7s5J4qS=Ewj=qoYp=rHxX6LgY9sBmUfGJqs3LrA@mail.gmail.com>
From: Mike Hearn <mike@plan99.net>
To: Forrest Voight <voights@gmail.com>
Content-Type: multipart/alternative; boundary=20cf302079f4abe75404c7d64682
X-Spam-Score: -1.0 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(mh.in.england[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.5 AWL AWL: From: address is in the auto white-list
X-Headers-End: 1T461L-0007rF-MM
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] Full Disclosure: CVE-2012-2459 (block
merkle calculation exploit)
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 22 Aug 2012 08:10:36 -0000
--20cf302079f4abe75404c7d64682
Content-Type: text/plain; charset=UTF-8
Thank you for practicing responsible disclosure.
Now the vulnerability is out in the open, could the code please be updated
to contain the information here, but in the comments? Gavins commit merely
mentions there is a DoS attack without discussing further what it involves,
also, the vulnerability of the merkle hash function should ideally be noted
inside it.
--20cf302079f4abe75404c7d64682
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Thank you for practicing responsible disclosure.<div><br></div><div>Now the=
vulnerability is out in the open, could the code please be updated to cont=
ain the information here, but in the comments? Gavins commit merely mention=
s there is a DoS attack without discussing further what it involves, also, =
the vulnerability of the merkle hash function should ideally be noted insid=
e it.</div>
<div><br></div>
--20cf302079f4abe75404c7d64682--
|