From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Wed, 31 Jul 2024 11:02:35 -0700 Received: from mail-yb1-f191.google.com ([209.85.219.191]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1sZDel-0004tp-7e for bitcoindev@gnusha.org; Wed, 31 Jul 2024 11:02:35 -0700 Received: by mail-yb1-f191.google.com with SMTP id 3f1490d57ef6-e0b329ba782sf9050405276.2 for ; Wed, 31 Jul 2024 11:02:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1722448948; x=1723053748; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:message-id:to:from:date:sender:from:to:cc:subject:date :message-id:reply-to; bh=uvp6f2NvtgMbjyIouo+dQCug8hRthxwQhDyFvHoWHdM=; b=ls2qV/5e7ygqOHSqw+C24iwOW9tz6OQ9ZrQj2rB5aGB696QoOfYGJ6LzPwQJ1WCahJ GSbA2j1MIJ2q3xINc8n4wlozQUfyX2gsDpgExAm4/dVGJOaqNZQzBJQzIm3xU4m8l0tW xUXcZofSCkr9mqEgr8iFsmJ2ZIZWWh6vGaBrYP35TcBwqCGH3ypeYquAtWDV7XLkpwm9 iGZznE7m+Y1B92DR3ip9MwbF5j6IB6xMiLR9fdIjAKtJrnb4uM/rmXmfUaehka/rJ+Mm g1GuGocxuciBMrRNuceR3nZq7/GxWFlMMg1VZWSXUY2EwOnIaY681xmPJaU9YE0Rf4qR vjUg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1722448948; x=1723053748; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:message-id:to:from:date:from:to:cc:subject:date:message-id :reply-to; bh=uvp6f2NvtgMbjyIouo+dQCug8hRthxwQhDyFvHoWHdM=; b=C0X5XzO7kG49RdGV7oQD8h7ugr5l5mSEtxz+LqeliRG/6Z71ayP+EBndhq2Jjvm0ee s2gJ99RWq5mM0lwjpH2jaKT8s4xkd/xrj8YSMLX5Yv9wAc1HyYelx6u1Js8sc7egov07 bsZYH1sDuwJbBHDbay/AmBQYNeJ5pkQ/Io1+nb/8jd8Ls9SsiO5UJdQx8w6n0osGs+DV LBbCbb4cV6OO0p5A6xY+SBZpnSr+9+BTHaLp2bHNVQiR0i3KQpWFFWr8ZpF6jUhq+zNd KjkziNZ67etH7bEXNSQv0lcuOqyBeq+HpSWK6oI6lqYCwmEWjbQxvZ192+unQb+wR47D albg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722448948; x=1723053748; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:message-id:to:from:date:x-beenthere:x-gm-message-state :sender:from:to:cc:subject:date:message-id:reply-to; bh=uvp6f2NvtgMbjyIouo+dQCug8hRthxwQhDyFvHoWHdM=; b=J0cEZFEPtogpZoY1QNAfZyQv/hENjbcmfzrbdN3vhnJ1GbxtGaJF54avKaFvA0rhsQ jQo5VGxtwl8lKdZqUdGIo3wuR/wVWFUg/NzU/LW6dcbHY6KRxA5lb5G7yz4CSm2Xr3dN uHpvB99Y1q0SAZKlsdb1i2WziD+lNGT+hgia1pGPXzRaslBVwgexC/rhJ0iJ6PNk422p bo+0VRfaLggzWveUCE68Oyh9gCQDIWCLSi51Kh1dDXCfNHkp4S7n/b1bjsEQ+ZLMdKoz 2rAObyXV5N3SUwm8uVmZp2SIq5wFWO5aWF6lq+mT3lp8nYlQAz4Q4c8jMDhte1wFgVvx fspg== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=1; AJvYcCVVTGbSU881dWbHRl6LmStrJzWgfFYOuRzhz5Msw3VaCaHOgubmxoCAgxrIGgf5OQ8HGGdzVaCOIoKQdseX5p0XZAWg184= X-Gm-Message-State: AOJu0Yx+hYOPAItayt+Lg09Y+VhewR0y5RA4sKZgMqPBWtvnIzFqxlZ5 ihQ6hjTLIoCBclfTNPlDpY3DMvJryCkwJTu1JSvYjjPg56vvoeky X-Google-Smtp-Source: AGHT+IGoLBNIy+sYdhOoKHR5L3GNo1dpYXVWZN8ODfrw6JJi2RhRRuDG9tAIJ91xJ1rFtBM9XJJb6g== X-Received: by 2002:a05:6902:1889:b0:e0b:2c11:bc4 with SMTP id 3f1490d57ef6-e0b543f2cf1mr19084881276.6.1722448948381; Wed, 31 Jul 2024 11:02:28 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com Received: by 2002:a05:6902:150d:b0:e0b:be54:a76d with SMTP id 3f1490d57ef6-e0bbe54abc2ls519764276.0.-pod-prod-09-us; Wed, 31 Jul 2024 11:02:26 -0700 (PDT) X-Received: by 2002:a05:6902:2b83:b0:e05:a1df:562e with SMTP id 3f1490d57ef6-e0b54405473mr1027706276.2.1722448946369; Wed, 31 Jul 2024 11:02:26 -0700 (PDT) Received: by 2002:a81:ae12:0:b0:627:7f59:2eee with SMTP id 00721157ae682-6847fb12387ms7b3; Wed, 31 Jul 2024 10:01:18 -0700 (PDT) X-Received: by 2002:a05:6902:1549:b0:e05:eccb:95dc with SMTP id 3f1490d57ef6-e0b5445f558mr214210276.6.1722445277535; Wed, 31 Jul 2024 10:01:17 -0700 (PDT) Date: Wed, 31 Jul 2024 10:01:17 -0700 (PDT) From: Niklas Goegge To: Bitcoin Development Mailing List Message-Id: Subject: [bitcoindev] Public disclosure of 2 vulnerabilities affecting Bitcoin Core < v22.0 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_74918_991864678.1722445277152" X-Original-Sender: n.goeggi@gmail.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.5 (/) ------=_Part_74918_991864678.1722445277152 Content-Type: multipart/alternative; boundary="----=_Part_74919_915797876.1722445277152" ------=_Part_74919_915797876.1722445277152 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi everyone,=20 Today we are releasing 2 security advisories for the Bitcoin Core project.= =20 Those bugs affect versions of Bitcoin Core before (and not including)=20 v22.0.=20 This is part of the gradual adoption by the project of a new vulnerability= =20 disclosure policy.=20 The policy and the 2 security advisories can be found on the project's=20 website at https://bitcoincore.org/en/security-advisories .=20 We will follow up later in August to publicly disclose vulnerabilities=20 fixed in version v23.0. And then in September to disclose those fixed in=20 version v24.0, and so on until we run out of unmaintained versions to=20 disclose vulnerabilities for. The announced policy will then start to be=20 observed for new versions. Niklas G=C3=B6gge --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/= bitcoindev/bf5287e8-0960-45e8-9c90-64ffc5fdc9aan%40googlegroups.com. ------=_Part_74919_915797876.1722445277152 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi everyone,

Today we are releasing 2 security advisories for the Bitcoin Core=20 project. Those bugs affect versions of Bitcoin Core before (and not=20 including) v22.0.

This is part of the gradual adoption by the project of a new vulnerab= ility disclosure policy.

The policy and the 2 security advisories can be found on the project'= s website at https://bitcoincore.org/en/security-advisor= ies .

We will follow up later in August to publicly disclose vulnerabilitie= s fixed in version v23.0. And then in September to disclose those fixed in= =20 version v24.0, and so on until we run out of unmaintained versions to disclose vulnerabilities for. The announced policy will then start to=20 be observed for new versions.

Niklas G=C3=B6gge

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg= id/bitcoindev/bf5287e8-0960-45e8-9c90-64ffc5fdc9aan%40googlegroups.com.=
------=_Part_74919_915797876.1722445277152-- ------=_Part_74918_991864678.1722445277152--