lavender-release.txt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Subject: Lavender update released

Dear partners,

The patches that resolve the issues comprising Advisory Lavender have been released
in versions 0.32.10 and 0.33.3 of Tendermint, in version 0.37.9 and 0.38.3 of the
Cosmos SDK, and in version 2.0.8 of Gaia. Additionally, All In Bits Inc. provided a
backport targeting Tendermint 0.31.x release series in response to a developer's
reasonable request. This was released in version 0.31.12 of Tendermint.
All releases are now available to the public.

A Common Vulnerabilities and Exposures (CVE) ID has been assigned: CVE-2020-5303
 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5303

The Tendermint team encourages all validators and service providers on
Tendermint-powered networks to update their software to the latest, most secure
version available as quickly as possible.

Please do not hesitate to reach out and ask questions, should you have any.
Thanks

   - AT

- - -- 
Alessio Treglia <alessio@tendermint.com>
Head of EMEA Partnerships
0416 0004 A827 6E40 BB98 90FB E8A4 8AE5 311D 765A

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBBYABKgnbkC7mJD76KSK5TEddloFAl6PQV0ACgkQ6KSK5TEd
dloWqA/9EMV0cm9Nz+qTGx5CaxFKjDmahZj+n/CpN0yM2XwvBYX2CtzUWw0t5oYM
2gPSahbq/9FWpg3OsTKkFTFIwoDY0KS7EvQVCP1BwQk4lRvlJ1Ex9S56sD5IfAOQ
CrSjbFurGPLXh/fTW0+8A935Z4gJOcmuhWBWUdr+P+L6Mwer66k8rTtraXOfr6mS
+h2/XsLSp8HSRfn4DiUG41rKDtIK4Nzj4QW+IOaJhpcKH3qEVZ8Ybwy7MSN/7mVt
kzO0TfW29zPlAdnBWaDqqXgM3r4whqvRXaw2pVmlvJIJ6c6KEhlkfW1iyE48WOOB
ZZE+Q3FK2IDzU4J/j7OtAhQ2B0r4tLrOuMaIqhZBdPhMzKQVyunai0QJH9GYQmDe
MSSwE1XJhDDR8+IE+EyJd3tmXleB+CySX01yepbtd/6EuIUMmLM8S+wdfIpniVl0
QmQYAIkrYslabYa0Ut+6PJ7CVaVHHjB+3jgy8GplzMPO5O3LbYwTrpjEyLJgnq58
QXScHVeuBCTyDwhgBesUKO2mdIC9S2+TcRFP98dA5UpU/V3Njl8A7QiB/eExIh67
loage4FTSxRbKfq64YDKx/4UTVpRv/EdmZFFr6NuLlVMSwbRnGwgp4H5OtkNQ3za
fu1vT9E94xi9wBtzArWefjnR7Rxnfu87JX/rxp5wQ90rV2w9fJ4=
=wKTF
-----END PGP SIGNATURE-----