[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] [tor/release-0.2.1] make the description of tolen_asserts more dire



commit 50b06a2b76190170e9f80739f022696755b54b99
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Sat Jan 15 10:54:58 2011 -0500

    make the description of tolen_asserts more dire
    
    We have a CVE # for this bug.
---
 changes/tolen_asserts |    7 +++----
 1 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/changes/tolen_asserts b/changes/tolen_asserts
index 90cdb2d..a9834ab 100644
--- a/changes/tolen_asserts
+++ b/changes/tolen_asserts
@@ -1,9 +1,8 @@
   o Major bugfixes (security)
     - Fix a heap overflow bug where an adversary could cause heap
-      corruption.  Since the contents of the corruption would need to be
-      the output of an RSA decryption, we do not think this is easy to
-      turn in to a remote code execution attack, but everybody should
-      upgrade anyway.  Found by debuger.  Bugfix on 0.1.2.10-rc.
+      corruption.  This bug potentially allows remote code execution
+      attacks.  Found by debuger.  Fixes CVE-2011-0427.  Bugfix on
+      0.1.2.10-rc.
   o Defensive programming
     - Introduce output size checks on all of our decryption functions.