[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/release-0.4.2] changes file for 33119 aka TROVE-2020-002
commit d0bce65ce2426793a975e691204c3fb2ac667f66
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Wed Feb 5 12:02:32 2020 -0500
changes file for 33119 aka TROVE-2020-002
---
changes/ticket33119 | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/changes/ticket33119 b/changes/ticket33119
new file mode 100644
index 000000000..11c20bc7a
--- /dev/null
+++ b/changes/ticket33119
@@ -0,0 +1,8 @@
+ o Major bugfixes (security, denial-of-service):
+ - Fix a denial-of-service bug that could be used by anyone to consume a
+ bunch of CPU on any Tor relay or authority, or by directories to
+ consume a bunch of CPU on clients or hidden services. Because
+ of the potential for CPU consumption to introduce observable
+ timing patterns, we are treating this as a high-severity security
+ issue. Fixes bug 33119; bugfix on 0.2.1.5-alpha. We are also tracking
+ this issue as TROVE-2020-002.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits