A Security vulnerability to report

[Al1ex]

Hello, I found a security vulnerabilities. I want to know how to safely submit it to the project party.Or you can contact me through TG(@RedTeamPing).

[jcvernaleo]

@Al1ex Hi, thanks for the desire for safety here. If you want, you can email me and encrypt it (depending on how sensitive you feel it is).. My email address is in a lot of the btcd commits and merges. You can find my gpg key on the usual servers.

[Al1ex]

OK

[Al1ex]

@jcvernaleo hello, I have submit this vulnerability report to you email.please check it.

[xtremebeing]

Any update on this? What is the severity and impact?

[jcvernaleo]

@xtremebeing Impact is minor. rpc related and crashes node at worst. Fixing it is on my list for the next release.

[JeremyRand]

Hi, thanks for the desire for safety here. If you want, you can email me and encrypt it (depending on how sensitive you feel it is).. My email address is in a lot of the btcd commits and merges. You can find my gpg key on the usual servers.

@jcvernaleo The only OpenPGP key of yours that I see on keyservers seems to be 1024-bit DSA, which is dangerously insecure. Is there a way to report a vulnerability to you with better cryptographic security than that?

[jcvernaleo]

@JeremyRand sorry for the slow reply. You are correct, that key is horribly old and more than a bit embarrassing. I'll get an updated key in the next few days and will reply to you here about it.