Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1S8hI5-0007QF-Nz for bitcoin-development@lists.sourceforge.net; Sat, 17 Mar 2012 00:14:37 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.160.175 as permitted sender) client-ip=209.85.160.175; envelope-from=gavinandresen@gmail.com; helo=mail-gy0-f175.google.com; Received: from mail-gy0-f175.google.com ([209.85.160.175]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-MD5:128) (Exim 4.76) id 1S8hI4-0001oc-U8 for bitcoin-development@lists.sourceforge.net; Sat, 17 Mar 2012 00:14:37 +0000 Received: by ghbz2 with SMTP id z2so5730306ghb.34 for ; Fri, 16 Mar 2012 17:14:28 -0700 (PDT) Received: by 10.224.215.10 with SMTP id hc10mr6321279qab.28.1331943268544; Fri, 16 Mar 2012 17:14:28 -0700 (PDT) Received: from Sparky-2.local (pool-96-240-193-190.spfdma.east.verizon.net. [96.240.193.190]) by mx.google.com with ESMTPS id hb3sm3712889qab.6.2012.03.16.17.14.27 (version=SSLv3 cipher=OTHER); Fri, 16 Mar 2012 17:14:27 -0700 (PDT) Message-ID: <4F63D762.7080405@gmail.com> Date: Fri, 16 Mar 2012 20:14:26 -0400 From: Gavin Andresen User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0) Gecko/20120313 Thunderbird/11.0 MIME-Version: 1.0 To: bitcoin-development@lists.sourceforge.net X-Enigmail-Version: 1.4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gavinandresen[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1S8hI4-0001oc-U8 Subject: [Bitcoin-development] Urgent: Windows Bitcoin-Qt update X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Mar 2012 00:14:37 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A potential security vulnerability has been discovered in the Windows version of Bitcoin-Qt. If you are running Bitcoin-Qt versions 0.5 through 0.6 on Windows you should shut it down and upgrade to either version 0.5.3.1 or 0.6rc4 NOW. The command-line bitcoin daemon (bitcoind), Mac and Linux versions of Bitcoin-Qt, and versions prior to 0.5 are not affected. Due to the nature of the vulnerability, we believe it would be very difficult for an attacker to do anything more than crash the Bitcoin-Qt process. However, because there is a possibility of such a crash causing remote code execution we consider this a critical issue. Binaries are available at SourceForge: https://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.6.0/test/ https://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.5.3/ If you have questions, feel free to drop by the #bitcoin-dev channel on FreeNode IRC. - -- Gavin Andresen Gregory Maxwell Matt Corallo Nils Schneider Wladimir J. van der Laan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9j12IACgkQdYgkL74406iIyQCfbxFTO3yD4Q2bHDjPlDuJn3Mj 9GAAn3mV+ggo+5q1Ujd0A5zwpFYojkE2 =g1Ad -----END PGP SIGNATURE-----