Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1T461M-0006QE-DA for bitcoin-development@lists.sourceforge.net; Wed, 22 Aug 2012 08:10:36 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.212.181 as permitted sender) client-ip=209.85.212.181; envelope-from=mh.in.england@gmail.com; helo=mail-wi0-f181.google.com; Received: from mail-wi0-f181.google.com ([209.85.212.181]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1T461L-0007rF-MM for bitcoin-development@lists.sourceforge.net; Wed, 22 Aug 2012 08:10:36 +0000 Received: by wibhm2 with SMTP id hm2so435609wib.10 for ; Wed, 22 Aug 2012 01:10:29 -0700 (PDT) MIME-Version: 1.0 Received: by 10.217.3.1 with SMTP id q1mr10231431wes.38.1345623029442; Wed, 22 Aug 2012 01:10:29 -0700 (PDT) Sender: mh.in.england@gmail.com Received: by 10.216.139.134 with HTTP; Wed, 22 Aug 2012 01:10:29 -0700 (PDT) In-Reply-To: References: Date: Wed, 22 Aug 2012 10:10:29 +0200 X-Google-Sender-Auth: 9LsnVtlbMIZO5gCRCRj_b5lQkIk Message-ID: From: Mike Hearn To: Forrest Voight Content-Type: multipart/alternative; boundary=20cf302079f4abe75404c7d64682 X-Spam-Score: -1.0 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.5 AWL AWL: From: address is in the auto white-list X-Headers-End: 1T461L-0007rF-MM Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] Full Disclosure: CVE-2012-2459 (block merkle calculation exploit) X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Aug 2012 08:10:36 -0000 --20cf302079f4abe75404c7d64682 Content-Type: text/plain; charset=UTF-8 Thank you for practicing responsible disclosure. Now the vulnerability is out in the open, could the code please be updated to contain the information here, but in the comments? Gavins commit merely mentions there is a DoS attack without discussing further what it involves, also, the vulnerability of the merkle hash function should ideally be noted inside it. --20cf302079f4abe75404c7d64682 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Thank you for practicing responsible disclosure.

Now the= vulnerability is out in the open, could the code please be updated to cont= ain the information here, but in the comments? Gavins commit merely mention= s there is a DoS attack without discussing further what it involves, also, = the vulnerability of the merkle hash function should ideally be noted insid= e it.

--20cf302079f4abe75404c7d64682--