[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/release-0.2.2] forward-port the 0.2.1.32 changelog
commit 6fc281ab2d393f9cb55b83254196aa3618646f8e
Author: Roger Dingledine <arma@xxxxxxxxxxxxxx>
Date: Tue Apr 24 10:44:16 2012 -0400
forward-port the 0.2.1.32 changelog
---
ChangeLog | 23 +++++++++++++++++++++++
ReleaseNotes | 23 +++++++++++++++++++++++
2 files changed, 46 insertions(+), 0 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 26ad99c..ff0ef21 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -239,6 +239,29 @@ Changes in version 0.2.2.35 - 2011-12-16
by removing an absolute path from makensis.exe command.
+Changes in version 0.2.1.32 - 2011-12-16
+ Tor 0.2.1.32 backports important security and privacy fixes for
+ oldstable. This release is intended only for package maintainers and
+ others who cannot use the 0.2.2 stable series. All others should be
+ using Tor 0.2.2.x or newer.
+
+ The Tor 0.2.1.x series will reach formal end-of-life some time in
+ early 2012; we will stop releasing patches for it then.
+
+ o Major bugfixes (also included in 0.2.2.x):
+ - Correctly sanity-check that we don't underflow on a memory
+ allocation (and then assert) for hidden service introduction
+ point decryption. Bug discovered by Dan Rosenberg. Fixes bug 4410;
+ bugfix on 0.2.1.5-alpha.
+ - Fix a heap overflow bug that could occur when trying to pull
+ data into the first chunk of a buffer, when that chunk had
+ already had some data drained from it. Fixes CVE-2011-2778;
+ bugfix on 0.2.0.16-alpha. Reported by "Vektor".
+
+ o Minor features:
+ - Update to the December 6 2011 Maxmind GeoLite Country database.
+
+
Changes in version 0.2.2.34 - 2011-10-26
Tor 0.2.2.34 fixes a critical anonymity vulnerability where an attacker
can deanonymize Tor users. Everybody should upgrade.
diff --git a/ReleaseNotes b/ReleaseNotes
index 4b60d48..13bd018 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -123,6 +123,29 @@ Changes in version 0.2.2.35 - 2011-12-16
by removing an absolute path from makensis.exe command.
+Changes in version 0.2.1.32 - 2011-12-16
+ Tor 0.2.1.32 backports important security and privacy fixes for
+ oldstable. This release is intended only for package maintainers and
+ others who cannot use the 0.2.2 stable series. All others should be
+ using Tor 0.2.2.x or newer.
+
+ The Tor 0.2.1.x series will reach formal end-of-life some time in
+ early 2012; we will stop releasing patches for it then.
+
+ o Major bugfixes (also included in 0.2.2.x):
+ - Correctly sanity-check that we don't underflow on a memory
+ allocation (and then assert) for hidden service introduction
+ point decryption. Bug discovered by Dan Rosenberg. Fixes bug 4410;
+ bugfix on 0.2.1.5-alpha.
+ - Fix a heap overflow bug that could occur when trying to pull
+ data into the first chunk of a buffer, when that chunk had
+ already had some data drained from it. Fixes CVE-2011-2778;
+ bugfix on 0.2.0.16-alpha. Reported by "Vektor".
+
+ o Minor features:
+ - Update to the December 6 2011 Maxmind GeoLite Country database.
+
+
Changes in version 0.2.2.34 - 2011-10-26
Tor 0.2.2.34 fixes a critical anonymity vulnerability where an attacker
can deanonymize Tor users. Everybody should upgrade.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits