public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Antoine Riard <antoine.riard@gmail.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: [bitcoindev] Re: Public disclosure of 1 vulnerability affecting Bitcoin Core <24.0.1
Date: Thu, 19 Sep 2024 01:12:58 -0700 (PDT)	[thread overview]
Message-ID: <950859e2-e548-4361-8e5b-2595c0ed7a43n@googlegroups.com> (raw)
In-Reply-To: <WhFGS_EOQtdGWTKD1oqSujp1GW-v_ZUJemlNePPGaGBgzpmu6ThpqLwJpUVei85OiMu_xxjEzt_SeOWY7547C72BVISLENOd_qrdCwPajgk=@protonmail.com>


[-- Attachment #1.1: Type: text/plain, Size: 1563 bytes --]

Hi Darosior,

Thanks for writing the report.

"With that, Bitcoin Core no longer relies on having checkpoints to protect 
against any known attacks."

I think it's good time to get that back on track:
https://github.com/bitcoin/bitcoin/pull/25725

As of commit ab0b5706b, it sounds checkpoints are still there.

Best,
Antoine (the other one)
ots hash: e4888dbb9983b541649f66bb23665e25fa22c47deeec5a294cf6e7624911cd07

Le jeudi 19 septembre 2024 à 08:27:23 UTC+1, Antoine Poinsot a écrit :

> Hi everyone,
>
> Today we are releasing 1 security advisory for the Bitcoin Core project. 
> This vulnerability affects versions of Bitcoin Core before (and not 
> including) 24.0.1.
>
> The details for this vulnerability are available at 
> https://bitcoincore.org/en/2024/09/18/disclose-headers-oom.
>
> This is part of the gradual adoption by the project of a new vulnerability 
> disclosure policy. The policy is available at 
> https://bitcoincore.org/en/security-advisories/#policy. We will follow up 
> next month with vulnerabilities affecting Bitcoin Core versions before (and 
> not including) 25.0, if any.
>
> Antoine Poinsot
>

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/950859e2-e548-4361-8e5b-2595c0ed7a43n%40googlegroups.com.

[-- Attachment #1.2: Type: text/html, Size: 2683 bytes --]

      reply	other threads:[~2024-09-19 12:37 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-09-19  5:15 [bitcoindev] Public disclosure of 1 vulnerability affecting Bitcoin Core <24.0.1 'Antoine Poinsot' via Bitcoin Development Mailing List
2024-09-19  8:12 ` Antoine Riard [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=950859e2-e548-4361-8e5b-2595c0ed7a43n@googlegroups.com \
    --to=antoine.riard@gmail.com \
    --cc=bitcoindev@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox