1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
|
Delivery-date: Wed, 03 Jul 2024 09:36:09 -0700
Received: from mail-qt1-f187.google.com ([209.85.160.187])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBDL4XL646QOBB4P3SW2AMGQEQQTUMYI@googlegroups.com>)
id 1sP2xl-00062s-1S
for bitcoindev@gnusha.org; Wed, 03 Jul 2024 09:36:09 -0700
Received: by mail-qt1-f187.google.com with SMTP id d75a77b69052e-446102c711bsf67106961cf.2
for <bitcoindev@gnusha.org>; Wed, 03 Jul 2024 09:36:08 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1720024563; cv=pass;
d=google.com; s=arc-20160816;
b=Wwff0Dh2kZ1yiuTfyyfRcwjpbL92T6urndSwM9eJGJ6T0j3th1sJ2r72R/czg8DXgg
DxOwF24zj8KlLzh1bQ8lsQxGKGicVCadUZPW1Wj3Xd/jjMAam5VlSP40/xk18mi8StWV
kKKl04rFYP+xE/osNerFQVl2IvW6yN98aaD11KeDTcpKryAP+j2/Dg+WUW6YOEu0CzuV
7ltW7N7Pfc51eYRsXM7NmqHjANivKC6mNZpU3z4+UjydWTng+rKrsk1YnDO6IJk9ekyF
v8wK7BCykC9JVw0/IqjGD4YyC4tCFFUuRfFtxFFYMXQvGPSodcbpgl6wgzzYXGLqrAzC
2Bag==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to:content-transfer-encoding
:mime-version:feedback-id:message-id:subject:from:to:date
:dkim-signature;
bh=+EbsSWJiTjjXNxY/2wBmjGFYl4/wyvzLhpfJLWd1FUQ=;
fh=nCjiZSUwy4wR1gYRTYv0p9mznU3l+V1GKRsBl2SrSmA=;
b=dgL0HWe/8Ud8MyBd1c8yrELWaXRR7a3pyds0aJ4cU2Ju0qwl1ZTVGyh19+GXRetc/5
mHzW/7yvKFOiBZhXlXfAPNr3S1Ml3sL5nHyuyN3WRDcRbwSPkOVAF2+XNBePcKtxiM2b
G+P9ry31VXbmW+njnM+raUNQAG1Jrl/AGkB9fXmevgizHgaqBwu7482EaIxo4KJNAlgY
UEUc4emZa72YCYvrmfYXYXDTtYGctpKcRRT4rCiBtEj9qiGQ75fDEtUOJD6piAH0k6Bn
4BXGLsuh1Xn2mQOqd3LcZRsmvtYCrhttkEg6iWmPFIZKRU7fv82fHL3syzn00A5nAILd
jGRg==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b="AC/j+i1g";
spf=pass (google.com: domain of darosior@protonmail.com designates 185.70.40.132 as permitted sender) smtp.mailfrom=darosior@protonmail.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1720024563; x=1720629363; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender
:content-transfer-encoding:mime-version:feedback-id:message-id
:subject:from:to:date:from:to:cc:subject:date:message-id:reply-to;
bh=+EbsSWJiTjjXNxY/2wBmjGFYl4/wyvzLhpfJLWd1FUQ=;
b=bGh/wDYyouiYgfOwy4rhXJZQbwWV+qdCorpH+6+j4pXOVTc65cuWWnwA5TSq4DDZEf
vNPqUtYCNTrs7lcltHDMBBhqKv7GfuNNrUrchGgnbu7vENYuki9BSY7Too4JCpHfTG9V
auhNCVIv28ld4O6ECLDORtEWp87fi+pGtqfHi5K+l4vwAIkmmf1oq61gx4C8yOzSK+fn
YJbyL3UEgWvxjpNvFyydWyzZ47SrTxF4qR+OHEMIDh66bURztBn6p5L2zh/dmo8Uczde
pOxMnrP0aAiUUJu1cUirAAZEKMPK40Z1UDt1SPqfC6OcIX8THZFRqPzgVipMaJd0yX+H
HYwg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1720024563; x=1720629363;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender
:content-transfer-encoding:mime-version:feedback-id:message-id
:subject:from:to:date:x-beenthere:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=+EbsSWJiTjjXNxY/2wBmjGFYl4/wyvzLhpfJLWd1FUQ=;
b=ZxRPMfU7CS65zDrfkaQ6Md6wxtDmH19yP+dFAx0+TdHKLb+ZCYR1sImdlFzckkl71w
eK1ReZQC4uDFxp+cVy0phJFtUh0Pkp2HJgtskHEQH3rhHMi5AEx9LxLSVIegyvt5E8Rg
ggBIv8YEs0Go0WuEffe7kwPa3XZ30mcR5UdRuYpw6IuOfHE4RBh+d+X+vr/S1AkIq4IR
Is/quV4hbAYGBzrxPqkfl+RttmcCg3AChCmDZmXN+WEYOa/VJCKLhj4PkV6YpditrGT1
Q9ejj1CBrYfMnrqV4f+PiV2LzS3GrKRlOTZtf7L1uInatTpm2cuHNdp9TVHe1TU9l/hX
kGjA==
X-Forwarded-Encrypted: i=2; AJvYcCUXhHEpAbDkUwV82zqUvuGTkBcK5QPqUZOyWJCqIW6o2PHsSoH3t9IunxIVWnaP3tLIZzZYLzjo0scir0AuYNxoqH3Ob/s=
X-Gm-Message-State: AOJu0Yyd0lxl6ilm6CzUU130pjuF4mp3wDRoXr8Iri3lfYUwXbDF2bKS
i0376QWCfSmZf+CEtUV2zzeLwEAqPeqVELZWR+MfeKzojbiT4rwu
X-Google-Smtp-Source: AGHT+IFJ3JLK4F+falTKI4K29TqQFKGsFlEKCqulrW3UwegOQgw/SeB9M0gEl3AiNqtPw0wWiBhMMg==
X-Received: by 2002:a05:622a:448:b0:446:5f73:fd2c with SMTP id d75a77b69052e-44662c99f63mr124594701cf.12.1720024562405;
Wed, 03 Jul 2024 09:36:02 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a05:622a:586:b0:444:b691:8723 with SMTP id
d75a77b69052e-446546ed895ls89221401cf.1.-pod-prod-09-us; Wed, 03 Jul 2024
09:36:00 -0700 (PDT)
X-Received: by 2002:a05:622a:301:b0:446:47fe:8ad9 with SMTP id d75a77b69052e-44662c5c400mr9167261cf.7.1720024560730;
Wed, 03 Jul 2024 09:36:00 -0700 (PDT)
Received: by 2002:a05:620a:8205:b0:79c:bd3:58c5 with SMTP id af79cd13be357-79d99ee4597ms85a;
Wed, 3 Jul 2024 09:34:30 -0700 (PDT)
X-Received: by 2002:adf:f406:0:b0:365:b695:ef76 with SMTP id ffacd0b85a97d-367756c71eemr8420063f8f.36.1720024468155;
Wed, 03 Jul 2024 09:34:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1720024468; cv=none;
d=google.com; s=arc-20160816;
b=BYx8ju/yx6lp6H1R2vb42n/iGKO8HMFuX/Ue4AaKy2ZsW2luurU7a4sDqY4p/NJoHg
m5M9Fznsyprfdot1RhUWPJzcXCSlgF0yDzBXRfEsJZU5twlZFIS9svrh+hpzjii9c6yR
WUVR7iBwEdjMz8lvlfsVukUTyjlKyd70CR87c9nIQYbDzrTbuW2JVtRQjHaP8e/ho5Tw
LoOITfqubQMOZkx9RZbbFxsTUwaKA5dEMIMNogNSc0hj7vS94jW66lF339IHBpwzhkee
uSF+geLVm3DEVCEA1xCcSoKoB7R7d/lF3ORyief4kgmNJhDmCH801VQrBG38lrblrZZV
hZ9Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=content-transfer-encoding:mime-version:feedback-id:message-id
:subject:from:to:date:dkim-signature;
bh=d/F9dntJl0qc+6k11fD/1DftyBmuGi94E3g+kYzGAeM=;
fh=DMP0F9ULS1guKiqimntQRCN8ZraraesEgQuVcn7F0Z0=;
b=Sor9s2GfXaL7cd6TaE1ZKzWfPVqrUrzqCRvKqpGS5/NJEAyWbc2Y+ANS7YKPLi+E5e
8zK0+CbhP4ahDQPPMh9rzUOw3bi46bZ29mMGIsxx2yFfHeEhArQqePSaotJ7grunWz/s
CVTFDyxpIS2t9ss/Vtf4MvXWiLvr2OziabXqiCqhk4CDmasUJ2lqCCRMchUpm916OC/x
u+ZuilUoky6mLBnDSGcheNX/hggrVwICG3Pc+GXw2xnjvkjSPIFnKdjD83RjTMBseUnV
7BRbLpeqdA4DvZkFqDRAkBJIZ4TEtdtbjT3ksjgqlmh98QxOcx3vWd4MXX8/JyR0Pewe
4iKA==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b="AC/j+i1g";
spf=pass (google.com: domain of darosior@protonmail.com designates 185.70.40.132 as permitted sender) smtp.mailfrom=darosior@protonmail.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
Received: from mail-40132.protonmail.ch (mail-40132.protonmail.ch. [185.70.40.132])
by gmr-mx.google.com with ESMTPS id ffacd0b85a97d-3678e5e534esi63664f8f.3.2024.07.03.09.34.28
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 03 Jul 2024 09:34:28 -0700 (PDT)
Received-SPF: pass (google.com: domain of darosior@protonmail.com designates 185.70.40.132 as permitted sender) client-ip=185.70.40.132;
Date: Wed, 03 Jul 2024 16:34:21 +0000
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
From: "'Antoine Poinsot' via Bitcoin Development Mailing List" <bitcoindev@googlegroups.com>
Subject: [bitcoindev] Public disclosure of 10 vulnerabilities affecting
Bitcoin Core < 0.21.0
Message-ID: <xsylfaVvODFtrvkaPyXh0mIc64DWMCchxiVdTApFqJ_0Q5v0bOoDpS_36HwDKmzdDO9U2RKMzESEiVaq47FTamegi2kCNtVZeDAjSR4G7Ic=@protonmail.com>
Feedback-ID: 7060259:user:proton
X-Pm-Message-ID: e7f9fff96aec600e8b2ed4e3444101c27ed5a8c8
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Original-Sender: darosior@protonmail.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@protonmail.com header.s=protonmail3 header.b="AC/j+i1g";
spf=pass (google.com: domain of darosior@protonmail.com designates
185.70.40.132 as permitted sender) smtp.mailfrom=darosior@protonmail.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
X-Original-From: Antoine Poinsot <darosior@protonmail.com>
Reply-To: Antoine Poinsot <darosior@protonmail.com>
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -1.0 (-)
Hi everyone,
Today we are releasing 10 security advisories for the Bitcoin Core project.=
Those bugs affect versions of Bitcoin Core before (and not including) 0.21=
.0.
This is part of the gradual adoption by the project of a new vulnerability =
disclosure policy.
The policy and the 10 security advisories can be found on the project's web=
site at https://bitcoincore.org/en/security-advisories .
We will follow up later in july to publicly disclose vulnerabilities fixed =
in version 22.0. And then in august to disclose those fixed in version 23.0=
, and so on until we run out of old unmaintained versions to disclose vulne=
rabilities for. The announced policy will then start to be observed for new=
versions.
Antoine Poinsot
--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/=
bitcoindev/xsylfaVvODFtrvkaPyXh0mIc64DWMCchxiVdTApFqJ_0Q5v0bOoDpS_36HwDKmzd=
DO9U2RKMzESEiVaq47FTamegi2kCNtVZeDAjSR4G7Ic%3D%40protonmail.com.
|
