[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/release-0.3.5] Add changes file for #30040.

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/release-0.3.5] Add changes file for #30040.
From: teor@xxxxxxxxxxxxxx
Date: Mon, 12 Aug 2019 03:13:19 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 11 Aug 2019 23:18:18 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: George Kadianakis <desnacked@xxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 2cdc6b2005d2ad09b44cf9a455a70f258e7f6fca
Author: George Kadianakis <desnacked@xxxxxxxxxx>
Date:   Tue Apr 9 17:30:14 2019 +0300

    Add changes file for #30040.
---
 changes/bug30040 | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/changes/bug30040 b/changes/bug30040
new file mode 100644
index 000000000..7d80528a1
--- /dev/null
+++ b/changes/bug30040
@@ -0,0 +1,9 @@
+  o Minor bugfixes (security):
+    - Fix a potential double free bug when reading huge bandwidth files. The
+      issue is not exploitable in the current Tor network because the
+      vulnerable code is only reached when directory authorities read bandwidth
+      files, but bandwidth files come from a trusted source (usually the
+      authorities themselves). Furthermore, the issue is only exploitable in
+      rare (non-POSIX) 32-bit architectures which are not used by any of the
+      current authorities. Fixes bug 30040; bugfix on 0.3.5.1-alpha. Bug found
+      and fixed by Tobias Stoeckmann.



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/maint-0.3.5] Merge remote-tracking branch 'tor-github/pr/1221' into combined31343_31374_029
Next by Author: [tor-commits] [tor/release-0.3.5] Move bandwidth-file-headers line to appear in the correct vote section
Previous by thread: [tor-commits] [tor/release-0.3.5] changes: Ticket 29241 is actually a bug on NSS in 0.3.5.1-alpha
Next by thread: [tor-commits] [tor/release-0.3.5] Prevent double free on huge files with 32 bit.
Index(es):
- Author
- Thread