From: Antoine Riard <antoine.riard@gmail.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: [bitcoindev] Re: Public disclosure of 10 vulnerabilities affecting Bitcoin Core < 0.21.0
Date: Wed, 3 Jul 2024 10:12:55 -0700 (PDT) [thread overview]
Message-ID: <a3a30a30-a28b-4348-a0bd-5a70714997e7n@googlegroups.com> (raw)
In-Reply-To: <xsylfaVvODFtrvkaPyXh0mIc64DWMCchxiVdTApFqJ_0Q5v0bOoDpS_36HwDKmzdDO9U2RKMzESEiVaq47FTamegi2kCNtVZeDAjSR4G7Ic=@protonmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 1810 bytes --]
Hello Antoine,
Nothing really new in those 10 security advisories, I think one thing that
could be a benefit could be to assign a unique numeric identifier to each
sec advisory.
As openssh showed this week this could be good to minimize risks of
regressions by favoring methodic screen of old vulnerabilities at review of
new changes.
On the security researcher / handler-side, having unique numeric
identifiers make it also easier to coordinate mitigation patches
development and deployment.
Best,
Antoine (the other one).
Le mercredi 3 juillet 2024 à 17:36:02 UTC+1, Antoine Poinsot a écrit :
> Hi everyone,
>
> Today we are releasing 10 security advisories for the Bitcoin Core
> project. Those bugs affect versions of Bitcoin Core before (and not
> including) 0.21.0.
>
> This is part of the gradual adoption by the project of a new vulnerability
> disclosure policy.
>
> The policy and the 10 security advisories can be found on the project's
> website at https://bitcoincore.org/en/security-advisories .
>
> We will follow up later in july to publicly disclose vulnerabilities fixed
> in version 22.0. And then in august to disclose those fixed in version
> 23.0, and so on until we run out of old unmaintained versions to disclose
> vulnerabilities for. The announced policy will then start to be observed
> for new versions.
>
> Antoine Poinsot
>
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/a3a30a30-a28b-4348-a0bd-5a70714997e7n%40googlegroups.com.
[-- Attachment #1.2: Type: text/html, Size: 2656 bytes --]
next prev parent reply other threads:[~2024-07-09 1:16 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-03 16:34 [bitcoindev] Public disclosure of 10 vulnerabilities affecting Bitcoin Core < 0.21.0 'Antoine Poinsot' via Bitcoin Development Mailing List
2024-07-03 17:12 ` Antoine Riard [this message]
2024-07-10 7:40 ` [bitcoindev] " 'Antoine Poinsot' via Bitcoin Development Mailing List
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a3a30a30-a28b-4348-a0bd-5a70714997e7n@googlegroups.com \
--to=antoine.riard@gmail.com \
--cc=bitcoindev@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox