[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/release-0.2.2] Actually merge the CVE-2011-2778 log entry into ChangeLog



commit 796563f7f3924fb5f2bed39cd37e1471da657cc4
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Thu Dec 15 13:14:50 2011 -0500

    Actually merge the CVE-2011-2778 log entry into ChangeLog
---
 ChangeLog |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index e1bc545..98fb411 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -32,6 +32,10 @@ Changes in version 0.2.2.35 - 2011-12-16
   longer receive support after some time in early 2011.
 
   o Major bugfixes:
+    - Fix a heap overflow bug that could occur when trying to pull
+      data into the first chunk of a buffer, when that chunk had
+      already had some data drained from it. Fixes CVE-2011-2778;
+      bugfix on 0.2.0.16-alpha. Reported by "Vektor".
     - Initialize Libevent with the EVENT_BASE_FLAG_NOLOCK flag enabled, so
       that it doesn't attempt to allocate a socketpair. This could cause
       some problems on Windows systems with overzealous firewalls. Fix for



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits