[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] [tor/release-0.2.1] final changelog cleanup. it'll do.



commit 2cb9ed2cd3e39b9a8a065b4c49747d121e4914fc
Author: Roger Dingledine <arma@xxxxxxxxxxxxxx>
Date:   Sat Jan 15 19:43:34 2011 -0500

    final changelog cleanup. it'll do.
---
 ChangeLog |   26 ++++++++++++++------------
 1 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1fb2570..e1abfc1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,8 +1,8 @@
 Changes in version 0.2.1.29 - 2011-01-15
   Tor 0.2.1.29 continues our recent code security audit work. The main
   fix resolves a remote heap overflow vulnerability that can allow remote
-  code execution (CVE-2011-0427). Other fixes address a variety of assert
-  and crash bugs, most of which we think are hard to exploit remotely.
+  code execution. Other fixes address a variety of assert and crash bugs,
+  most of which we think are hard to exploit remotely.
 
   o Major bugfixes (security):
     - Fix a heap overflow bug where an adversary could cause heap
@@ -11,10 +11,12 @@ Changes in version 0.2.1.29 - 2011-01-15
       0.1.2.10-rc.
     - Prevent a denial-of-service attack by disallowing any
       zlib-compressed data whose compression factor is implausibly
-      high. Fixes part of bug 2324; reported by "doors".
-    - Zero out a few more keys in memory before freeing them. Fixes bug
-      2384 and part of bug 2385. These key instances found by
-      "cypherpunks". Bugfix on 0.0.2pre9.
+      high. Fixes part of bug 2324; reported by "doorss".
+    - Zero out a few more keys in memory before freeing them. Fixes
+      bug 2384 and part of bug 2385. These key instances found by
+      "cypherpunks", based on Andrew Case's report about being able
+      to find sensitive data in Tor's memory space if you have enough
+      permissions. Bugfix on 0.0.2pre9.
 
   o Major bugfixes (crashes):
     - Prevent calls to Libevent from inside Libevent log handlers.
@@ -26,11 +28,11 @@ Changes in version 0.2.1.29 - 2011-01-15
       underflow errors there too. Fixes the other part of bug 2324.
     - Fix a bug where we would assert if we ever had a
       cached-descriptors.new file (or another file read directly into
-      memory) of exactly SIZE_T_CEILING bytes. Found by doors; fixes
-      bug 2326; bugfix on 0.2.1.25.
+      memory) of exactly SIZE_T_CEILING bytes. Fixes bug 2326; bugfix
+      on 0.2.1.25. Found by doorss.
     - Fix some potential asserts and parsing issues with grossly
-      malformed router caches. Fixes bug 2352. Found by doorss. Bugfix
-      on Tor 0.2.1.27.
+      malformed router caches. Fixes bug 2352; bugfix on Tor 0.2.1.27.
+      Found by doorss.
 
   o Minor bugfixes (other):
     - Fix a bug with handling misformed replies to reverse DNS lookup
@@ -42,8 +44,8 @@ Changes in version 0.2.1.29 - 2011-01-15
     - Fix a bug where we would declare that we had run out of virtual
       addresses when the address space was only half-exhausted. Bugfix
       on 0.1.2.1-alpha.
-    - Correctly handle the case where AutomapHostsOnResolve is set but no
-      virtual addresses are available. Fixes bug2328, bugfix on
+    - Correctly handle the case where AutomapHostsOnResolve is set but
+      no virtual addresses are available. Fixes bug 2328; bugfix on
       0.1.2.1-alpha. Bug found by doorss.
     - Correctly handle wrapping around to when we run out of virtual
       address space. Found by cypherpunks, bugfix on 0.2.0.5-alpha.