Title: CVE-2012-3789 disclosure Post by: Sergio_Demian_Lerner on January 08, 2013, 06:10:03 PM Given that update ratio from 0.6.2 to 0.6.3+ has probably passed the 80% (*) barrier for a long time, I decided to publish the full CVE-2012-3789 vulnerability report, since that is my obligation with the community.
https://en.bitcoin.it/wiki/CVE-2012-3789 (https://en.bitcoin.it/wiki/CVE-2012-3789) I encourage those who are working in the Satoshi client to peer review the report. Also I suggest to people working on alternate clients or derived versions to read the report and see if the attacks apply to other implementations. Best regards, Sergio. (*) Version information in https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures has been frozen for a couple of months, and I have not other source, so I'm extrapolating growth. Title: Re: CVE-2012-3789 disclosure Post by: Luke-Jr on January 08, 2013, 09:25:18 PM (*) Version information in https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures has been frozen for a couple of months, and I have not other source, so I'm extrapolating growth. The deployment links should all be up to date; anyone is welcome to update the wiki percentages as needed. I've updated them now: the CVE in question has 83% fix deployment. |