From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Wed, 31 Jul 2024 12:04:46 -0700 Received: from mail-qv1-f61.google.com ([209.85.219.61]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1sZEcv-0005Zx-TS for bitcoindev@gnusha.org; Wed, 31 Jul 2024 12:04:46 -0700 Received: by mail-qv1-f61.google.com with SMTP id 6a1803df08f44-6b79810e326sf77493136d6.3 for ; Wed, 31 Jul 2024 12:04:45 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1722452679; cv=pass; d=google.com; s=arc-20160816; b=t8a528LB8JZ6l+f1kWPIM7uxamDCMbonXwiB7tNHIYh3mgZFbqpggUwom/xrTWEMP1 bWsgbpMJJX54GO6F8nYMHqKOxgfHUqvcNbhN/zODt+ipQf1CkFe+edRvnfytXW8ydCBE eswMmgUrOoghccxVVm4l+3LARyT2TBA2AsD/XkDAkgC7KhWLRjCmhpiGJGnXeoRhjsnk Pb3gZuh5S8WgE3eh0bl8QkqhAumI5p9mnYhfSuSdKFaGpy3Wcw0EqBA9EFa99SlSO+uK EboFgNkm3pzab/IzW5OYojaIcaXK7oLc1PwzG8+9Ax8L05AL6+UIkTXQOnLdVLnQeyCw 37GQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :feedback-id:sender:dkim-signature; bh=QsBsnDD6ZFg0jXnwbVDR123A+48niR7GhGDQDzN4i0g=; fh=cTvRt9fgxLK7IPXkZniEWLc87X18EpHwGYcMReVhouQ=; b=P0nYFRosKsxwCoFAebYyYH2ziPV2WlFeEijmYQY01HMNl6K75Qfn/HFHynheHIkE5g eue1pl1+HS20ssW5WjV957vGGnzqG24SOCeK20x5AsfAeEZ23cGafnKuqOo8jzkgDO3G MKtzWx2id9gJbXK1+2jkGYOrhWlCjBD0UiQVK1ZtKc2IJ/Lqv+iTMfLGHQyoNIUPVY4C jAfCB3toH+uI375yB7zBPQa8zAV19SO5cj9WsrOqEiOF6s0R1MC2WCCF04vOr+iPqDyY J6EBOdBJ0tTjOfCcHexeFmvR2dKOsPqJRVZ6HK7lSNee1Ou2usnp7xtmSFYJ1LyWFJKq GdQQ==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=B9kVC0y7; spf=pass (google.com: domain of pete@petertodd.org designates 103.168.172.159 as permitted sender) smtp.mailfrom=pete@petertodd.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1722452679; x=1723057479; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:feedback-id:sender :from:to:cc:subject:date:message-id:reply-to; bh=QsBsnDD6ZFg0jXnwbVDR123A+48niR7GhGDQDzN4i0g=; b=rlOLR+bXk21Lpvpvgu23au4AnnfrwpGWA3HmOdzDwsrEcsquwo3om31fWzSx6NR9lt k9GodhdyUHgRm472RX+Ls1XfSpxk7FcxlOfffLvA3rj9tMEQN5q+uyxJzHova+Cdqad0 9F5n+wnJ0iwsNTPn1doYQQp0em+ZxbdZZIi98A/QP/AYOV7J/oizovSBTRtpEf0eSLIi eN1wvJUw3pRxpr5hNQMAuyskeK490lIfIsNDDjnh9JhlMjPmhU0wNkoNK//AyAmwAPOz Gq1MxXUkKLwRojp5tqGzz3tYUtnOTghQjxwKhR3RlFkrNxJpMKt12BZS5AJKXqd16WFc /5Ng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722452679; x=1723057479; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:feedback-id :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=QsBsnDD6ZFg0jXnwbVDR123A+48niR7GhGDQDzN4i0g=; b=thRUhNae+uTZUMgSjUmis6S0Pj80mEXV9LPGKOqWbTl6srJErGnOb8IXKnkJ/cr8he QnbjCZ3T207GX0NK81QND3VcQG4bFc4RTyXjBxF0SU6FLhf5ww5sWtmvA5EPXo/+ENMZ VhRdkewPwbn7Xm86pJqn8pdQtO3BxoWwlwAeu0CEkwOeoH5rRrSDb8tt0+6uk/uq0dYS Nb7AjfuFZK7tCfkamujgOCNntSAJ0Ualg2BRfK2tRc9vRL4ww218/cfJtTkqCPjB6rrE vWxpWOeblEPMLtPcmphHF0krshUA/AnFvTiF0xW309y7/rJoSu8JvqA0eLUvnwem9/TO VQmw== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCWjAqdOLmfuxBsdQd3ITGb3W+b68LUZ41/x4FlXqSn4bdMcF4sUalvdPze8qBjPW8ZuSeWv2+6YDIx1WuQbGs/Zphv81m8= X-Gm-Message-State: AOJu0YwxPtCMzqkLVcV0g15/Epq3o6GRAl+dDq/GZRrCEn9FrdEzUOGR 0zrXZyUFZU2wApOIo5PHfqjGdXm3HtHksg4czdcWW2qQYQ5fldup X-Google-Smtp-Source: AGHT+IH4ZybyT1CI60ZcwX2Dk9RHC0CMn+ows5bxkp27fdKNaUpaKn/rwu87NpDKpCM+2fF5uLo8lA== X-Received: by 2002:a05:6214:5c08:b0:6b5:dac7:14cf with SMTP id 6a1803df08f44-6bb8d6b0755mr2281056d6.20.1722452679480; Wed, 31 Jul 2024 12:04:39 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com Received: by 2002:a0c:ff28:0:b0:6ad:782a:b4c9 with SMTP id 6a1803df08f44-6bb3c280d09ls107346066d6.1.-pod-prod-01-us; Wed, 31 Jul 2024 12:04:37 -0700 (PDT) X-Received: by 2002:a05:6214:1ccb:b0:6bb:8b90:2ddb with SMTP id 6a1803df08f44-6bb8d77e85emr99136d6.10.1722452677809; Wed, 31 Jul 2024 12:04:37 -0700 (PDT) Received: by 2002:a05:620a:d4a:b0:79f:171b:e3d5 with SMTP id af79cd13be357-7a30c5e405cms85a; Wed, 31 Jul 2024 12:01:27 -0700 (PDT) X-Received: by 2002:a05:6214:458c:b0:6b7:a175:29b7 with SMTP id 6a1803df08f44-6bb8d7beaacmr1785106d6.51.1722452486726; Wed, 31 Jul 2024 12:01:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1722452486; cv=none; d=google.com; s=arc-20160816; b=BVRvg/f34NeGLWRyuAY+3Pr78ezGRwwRrVpqmxf9MAue3beGnIDDzmqc08RXAykwsx br5Cc7TLOTIP87ygSqIO5Fziv4KWR7O9p/Pe10xOP3m5Elsvu680FrigI/3R8lSKinaa kVbGCuF0i930zzQv+a47t/uFyDEj1NScNxVgK/AO2OiMUNZjrTbyXCayNRja/Punou8m aiRCi+eykcMIrO2ayPu8/WduDEos3DFqlt1LzrD8XJ2Sq/BQcSU9egyvfA47vWanQYrC fofPRz3fl8MOVWUQ8B+KMl2+1sdQfUjr/TjylosEPjfYkCEzr0gfJqVWf5etyGhK5Pgw Sr/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:feedback-id:dkim-signature; bh=9YYmg7bK1TzKyFB+fNGNwrN/sEZ9pIUOWjRcdRS5Q/8=; fh=EudMFW/EOPAUsDXQSf9jpjSghZjv2QzeTsmM+YsGvKE=; b=Hoh2p3+dxf2fzwS67NEgPop+WN+qLtWOFOTmT8iK5MTftmJZL63pNDMY3dCJes0OZI dCemgjvLzS7bkzEr5Wxn/7eEetz5fhyKWE47R6G0VqRGnUessBfQDpI7W8IAcr+7AJ1k /MMb3lblKI+1AgaTJbHnsdeLnbaIInPK0S5cRfroHV/TiDT7Q3BPAW5B6tcQg/VJaqFU gPdZ6szbnmaMAWtcLU8HA/zi2CCQZ2mV6U6SoIL317a1Gr/TqoNftXe2+A2BPIHKtfFn SHM1CH2bDshAuNVpcwJtCD9yhForYOyCNmv/N9y3dnS++Rhg6A2sVJwvyu22hi5CyFlT ysLw==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=B9kVC0y7; spf=pass (google.com: domain of pete@petertodd.org designates 103.168.172.159 as permitted sender) smtp.mailfrom=pete@petertodd.org Received: from fhigh8-smtp.messagingengine.com (fhigh8-smtp.messagingengine.com. [103.168.172.159]) by gmr-mx.google.com with ESMTPS id 6a1803df08f44-6bb3fa880acsi5551016d6.3.2024.07.31.12.01.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jul 2024 12:01:25 -0700 (PDT) Received-SPF: pass (google.com: domain of pete@petertodd.org designates 103.168.172.159 as permitted sender) client-ip=103.168.172.159; Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailfhigh.nyi.internal (Postfix) with ESMTP id 77C261147267; Wed, 31 Jul 2024 15:01:25 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Wed, 31 Jul 2024 15:01:25 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrjeeigddufedvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvfevuffkfhggtggujgesghdtreertddtvdenucfhrhhomheprfgvthgv rhcuvfhougguuceophgvthgvsehpvghtvghrthhouggurdhorhhgqeenucggtffrrghtth gvrhhnpeeiieeufeeggefgiefhhedtueegvedufeefveeutdfffeekhfeftddvtefhteeh ffenucffohhmrghinhepsghithgtohhinhgtohhrvgdrohhrghdpphgvthgvrhhtohguug drohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhm pehpvghtvgesphgvthgvrhhtohguugdrohhrghdpnhgspghrtghpthhtoheptd X-ME-Proxy: Feedback-ID: i525146e8:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 31 Jul 2024 15:01:25 -0400 (EDT) Received: by localhost (Postfix, from userid 1000) id 3FCD35F81E; Wed, 31 Jul 2024 19:01:23 +0000 (UTC) Date: Wed, 31 Jul 2024 19:01:23 +0000 From: Peter Todd To: Niklas Goegge Cc: Bitcoin Development Mailing List Subject: Re: [bitcoindev] Public disclosure of 2 vulnerabilities affecting Bitcoin Core < v22.0 Message-ID: References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="gMbidGc8LHKTAhYy" Content-Disposition: inline In-Reply-To: X-Original-Sender: pete@petertodd.org X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm3 header.b=B9kVC0y7; spf=pass (google.com: domain of pete@petertodd.org designates 103.168.172.159 as permitted sender) smtp.mailfrom=pete@petertodd.org Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.8 (/) --gMbidGc8LHKTAhYy Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline On Wed, Jul 31, 2024 at 10:01:17AM -0700, Niklas Goegge wrote: > Hi everyone, > > Today we are releasing 2 security advisories for the Bitcoin Core project. > Those bugs affect versions of Bitcoin Core before (and not including) > v22.0. > > This is part of the gradual adoption by the project of a new vulnerability > disclosure policy. > > The policy and the 2 security advisories can be found on the project's > website at https://bitcoincore.org/en/security-advisories . You should say which two security vulnerabilities the newly disclosed ones actually are. The link does not make that clear at all. -- https://petertodd.org 'peter'[:-1]@petertodd.org -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/ZqqKA%2BgrzscldhiU%40petertodd.org. --gMbidGc8LHKTAhYy Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0RcYcKRzsEwFZ3N5Lly11TVRLzcFAmaqigEACgkQLly11TVR Lzei2A/+PbiMuP3efzXDl2XnerwNCpHO+OvXzfXYsZRAkQCASjMPx7QUfHgkEeD5 KEm6IK0YMXjYrf7uRD10DR+0R8eAD2QJ8ChXbKppTrR7N8VZRpvimxpYh65lNJrN 2fcOFAVtbmehgC+hP3L+sxfPdKnWV2JDqiIdT8J4MIGtu25PGJ73MpV2ASKi+XUp CzFmKFY6jZWhLhOyCsgRwXg0O9lXetQUK5SS3hnEijq2cVElAH9oLfJxdHagsA4i KaeAZqverPdg+4rC+s6ukvUmpOt6Pwsu29kV662u+l34mVVHZkHXWfaGQyVrPLnG Gy4HBDKVkFzpinTg4KnTM5kCi1wkQ3RYLEmWB3jqq9oV5nml3J1w2DbhS8xpT8uV ArOlq3bfLUiFxTwzj+z2lDruGM6AWJcuhIpzcGzjo8ga4Lka3JNu9VuFIukakK6K ZZiL20mIdBjUxIFt7JhLDjc0JLKJ36Ji/m8rS/WaNwXfezbBc7eCNk9uAW7tqtaC 8Q0KZmq5kxZF4BZCf54oKeNeQFdTM7z3VesmkY1Qv9hEgcRy6Y3ungWjNFrZtbDR SNvzVdRl48Ee8/+zA846zQ1c393Uq4TkTn8i4kaumivshk6Q1q95DMG5+wmN1rQU BcDmTJdkblwtH93P1pP5T9/QzV/V9FG5UWK1gdH8ZyrjyLrlHF4= =Oprq -----END PGP SIGNATURE----- --gMbidGc8LHKTAhYy--