Return-Path: <gmaxwell@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 88CCFB19
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sat, 27 Jun 2015 06:21:04 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-ie0-f175.google.com (mail-ie0-f175.google.com
	[209.85.223.175])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 15340176
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Sat, 27 Jun 2015 06:21:04 +0000 (UTC)
Received: by iebrt9 with SMTP id rt9so88047648ieb.2
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Fri, 26 Jun 2015 23:21:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:date:message-id:subject:from:to:content-type;
	bh=SNJdOFYn3DJ49rk+3AejmFmdR5SjqGkAUWMCR1GiNco=;
	b=lTFhx4WSg5t+KVfFjD5lIlMapWMhXWGyjU7Wy90Sgy8pPjnVYzBED0Ckc6xARymC4q
	KfGjikrIYn4/SazxO1wUrEkBTKJDMKnKuzxONYJTc21Es0u3WRxZY0nkYTsmEA8p0wtn
	Gjg7NpWkctqdpMz8LYmwpsBZxm/44pngbWK9NxFHNxYPgPNgVx9LUPYRgsUEa8UQrfgT
	KGsl6Itk6Lw3UXxf4h8E2twGV3ds/qPz6CzfkJxO/wOA6CMe7tCStG+Eq9EXJ96FKsFH
	8l8wTrll3dGwfAzekgl1KBlzt+HEy7H/J35yECJrlxLur0ZxhTalVuxalTldxIYDRiwV
	Ar5g==
MIME-Version: 1.0
X-Received: by 10.43.172.68 with SMTP id nx4mr6949615icc.48.1435386063552;
	Fri, 26 Jun 2015 23:21:03 -0700 (PDT)
Received: by 10.107.147.69 with HTTP; Fri, 26 Jun 2015 23:21:03 -0700 (PDT)
Date: Sat, 27 Jun 2015 06:21:03 +0000
Message-ID: <CAAS2fgR0ak5B1gdSvR7s4YRydbpXb0jC45U3V50D6n=aMLUn7w@mail.gmail.com>
From: Gregory Maxwell <gmaxwell@gmail.com>
To: bitcoin-dev@lists.linuxfoundation.org
Content-Type: text/plain; charset=UTF-8
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM,
	RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Subject: [bitcoin-dev] Upcoming DOS vulnerability announcements for Bitcoin
	Core
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Jun 2015 06:21:04 -0000

On July 7th I will be making public details of several serious denial of
service vulnerabilities which have fixed in recent versions of Bitcoin Core,
including CVE-2015-3641.

I strongly recommend anyone running production nodes exposed to inbound
connections from the internet upgrade to 0.10.2 as soon as possible.

Upgrading older systems, especially miners, is also important due to the
BIP66 soft-fork which is about to reach enforcing status, see also:
http://sourceforge.net/p/bitcoin/mailman/message/34199290/