public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Simon Liu <simon@bitcartel.com>
To: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: [bitcoin-dev] Bitcoin and CVEs
Date: Mon, 20 Mar 2017 19:47:31 -0700	[thread overview]
Message-ID: <cb4932bb-6fd0-0a03-6224-fd20b6cb3539@bitcartel.com> (raw)

Hi,

Are there are any vulnerabilities in Bitcoin which have been fixed but
not yet publicly disclosed?  Is the following list of Bitcoin CVEs
up-to-date?

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

There have been no new CVEs posted for almost three years, except for
CVE-2015-3641, but there appears to be no information publicly available
for that issue:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3641

It would be of great benefit to end users if the community of clients
and altcoins derived from Bitcoin Core could be patched for any known
vulnerabilities.

Does anyone keep track of security related bugs and patches, where the
defect severity is similar to those found on the CVE list above?  If
yes, can that list be shared with other developers?

If some fixes have been committed with discreet log messages, it will be
difficult for third parties to identify and assess the importance of any
critical patches.  Do any important ones come to mind?

Finally, curious to know, what has changed since 2014 that has resulted
in the defect rate, at least based on the list of publicly reported
CVEs, to fall to zero?  A change to the development process?
Introduction of a bug bounty?

Best Regards,

Simon



                 reply	other threads:[~2017-03-21  2:47 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cb4932bb-6fd0-0a03-6224-fd20b6cb3539@bitcartel.com \
    --to=simon@bitcartel.com \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox