Addressed reviews. Changed policy link, added atrribution and changed style of vulnerabilities list.

Author: TumaBitcoiner

_posts/en/newsletters/2025-10-31-newsletter.md

@@ -16,27 +16,31 @@ Bitcoin infrastructure software.
 ## News
 
 - **Disclosure of four low-severity vulnerabilities in Bitcoin Core:**
-  Antoine Poinsot recently [posted][poinsot disc] to the Bitcoin-Dev mailing list four Bitcoin Core security advisories for low severity
+  Antoine Poinsot recently [posted][poinsot disc] to the Bitcoin-Dev
+  mailing List four Bitcoin Core security advisories for low-severity
   vulnerabilities that were fixed in [Bitcoin Core 30.0][]. According to the
-  [disclosure policy][disc pol], a low-severity vulnerability is disclosed two
-  weeks after the release of a major version containing the fix. The four
-  disclosed vulnerabilities are the following:
+  [disclosure policy][news306 disc pol], a low-severity vulnerability is disclosed two
+  weeks after the release of a major version containing the fix.
 
-  - [CVE-2025-54604][]: Disk filling from spoofed self connections. This bug
+  The four disclosed vulnerabilities are the following:
+
+  - [Disk filling from spoofed self connections][CVE-2025-54604]: This bug
     would allow an attacker to fill up the disk space of a victim node by faking
-    self-connections.
+    self-connections. The vulnerability was disclosed responsibly by Niklas Goegge in March 2022. Eugene Siegel and Niklas Goegge merged a mitigation in July 2025.
 
-  - [CVE-2025-54605][]: Disk filling from invalid blocks. This bug would allow
+  - [Disk filling from invalid blocks][CVE-2025-54605]: This bug would allow
     an attacker to fill up the disk space of a victim node by repeatedly sending
-    invalid blocks. This bug was disclosed responsibly by Niklas Goegge in May 2022 and also independently by Eugene Siegel. Eugene Siegel and Niklas Goegge merged the mitigation in July 2025.
+    invalid blocks. This bug was disclosed responsibly by Niklas Goegge in May 2022 and also independently by Eugene Siegel in March 2025. Eugene Siegel and Niklas Goegge merged the mitigation in July 2025.
 
-  - [CVE-2025-46597][]: Highly unlikely remote crash on 32-bit systems. This bug
+  - [Highly unlikely remote crash on 32-bit systems][CVE-2025-46597]: This bug
     may cause a node to crash when receiving a pathological block in a rare
     edge case. This bug was disclosed responsibly by Pieter Wuille in April 2025. Antoine Poinsot implemented and merged the mitigation in June 2025.
 
-  - [CVE-2025-46598][]: CPU DoS from unconfirmed transaction processing. This
+  - [CPU DoS from unconfirmed transaction processing][CVE-2025-46598]: This
     bug would cause resource exhaustion when processing an unconfirmed
-    transaction. Patches for the first three vulnerabilities have also been included
+    transaction. This bug was reported to the mailing list by Antoine Poinsot in April 2025. Pieter Wuille, Anthony Towns, and Antoine Poinsot implemented and merged the mitigation in August 2025.
+
+  Patches for the first three vulnerabilities have also been included
     in [Bitcoin Core 29.1][] and later minor releases.
 
 ## Selected Q&A from Bitcoin Stack Exchange
@@ -148,7 +152,7 @@ repo], and [BINANAs][binana repo]._
 
 [poinsot disc]: https://groups.google.com/g/bitcoindev/c/sBpCgS_yGws
 [Bitcoin Core 30.0]: https://bitcoincore.org/en/releases/30.0/
-[disc pol]: https://bitcoincore.org/en/security-advisories/
+[news306 disc pol]: /en/newsletters/2024/06/07/#upcoming-disclosure-of-vulnerabilities-affecting-old-versions-of-bitcoin-core
 [CVE-2025-54604]: https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-54604/
 [CVE-2025-54605]: https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-54605/
 [CVE-2025-46597]: https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-46597/