Hi, Given today's presentation by Chris Jeffrey at the Breaking Bitcoin conference, and the subsequent discussion around responsible disclosure and industry practice, perhaps now would be a good time to discuss "Bitcoin and CVEs" which has gone unanswered for 6 months.
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-March/013751.html To quote: "Are there are any vulnerabilities in Bitcoin which have been fixed but not yet publicly disclosed? Is the following list of Bitcoin CVEs up-to-date? https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures There have been no new CVEs posted for almost three years, except for CVE-2015-3641, but there appears to be no information publicly available for that issue: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3641 It would be of great benefit to end users if the community of clients and altcoins derived from Bitcoin Core could be patched for any known vulnerabilities. Does anyone keep track of security related bugs and patches, where the defect severity is similar to those found on the CVE list above? If yes, can that list be shared with other developers?" Best Regards, Simon _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
