pull down to refresh
10 sats \ 6 replies \ @k00b 16 Oct 2023 \ on: [bitcoin-dev] Full Disclosure: CVE-2023-40231 / CVE-2023-40232 / CVE-2023-40233 bitcoin
I was spooked for a second. LND only recently released v0.17. Roasbeef followed up:
He's got multiple things wrong here. Ldk was also apparently fixed a while back. The version it says in the mailing list isn't even out yet.
reply
Here to answer your questions on what I get wrong.
To the best of my knowledge you never contributed to low-level lightning parts.
I”ll maintain the LDK version number is correct, has been communicated to me privately last Friday by a LDK maintainers and there is currently more hardening under ways
reply
deleted by author
reply
Thanks no thanks for the spook accusation. This is insulting.
Warned for years people the mempool was a bedrock of security issues for L2s:
https://github.com/ariard/L2-zoology
reply
I wasn't accusing you of anything! I, me, myself was spooked! I was afraid I was running an effected version of LND.
No offense intended. I'm sorry if my statement wasn't clear. I don't qualify as a critic on this issue, so I would never criticize you on it.
reply
See Laolu comment on the mailing list about LND.
This is always unclear with coordinated disclosure if you give the latest release number (where mitigations are included) or the ones where they have been effectively included. Latest release number might always have some minor bugs.
Thanks for the work you’re doing on stacker.news.
reply