[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] 0.2.5.12 got left out of the changelog somehow

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/master] 0.2.5.12 got left out of the changelog somehow
From: arma@xxxxxxxxxxxxxx
Date: Mon, 7 Mar 2016 18:08:08 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 07 Mar 2016 13:08:17 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Roger Dingledine <arma@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 63b4ce1f7e7e87e51c840bd0cc736e66d08aa92f
Author: Roger Dingledine <arma@xxxxxxxxxxxxxx>
Date:   Mon Mar 7 13:05:40 2016 -0500

    0.2.5.12 got left out of the changelog somehow
---
 ChangeLog | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 6ab821f..c39ea19 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1400,6 +1400,30 @@ Changes in version 0.2.4.27 - 2015-04-06
       Resolves ticket 15515.
 
 
+Changes in version 0.2.5.12 - 2015-04-06
+  Tor 0.2.5.12 backports two fixes from 0.2.6.7 for security issues that
+  could be used by an attacker to crash hidden services, or crash clients
+  visiting hidden services. Hidden services should upgrade as soon as
+  possible; clients should upgrade whenever packages become available.
+
+  This release also backports a simple improvement to make hidden
+  services a bit less vulnerable to denial-of-service attacks.
+
+  o Major bugfixes (security, hidden service):
+    - Fix an issue that would allow a malicious client to trigger an
+      assertion failure and halt a hidden service. Fixes bug 15600;
+      bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
+    - Fix a bug that could cause a client to crash with an assertion
+      failure when parsing a malformed hidden service descriptor. Fixes
+      bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
+
+  o Minor features (DoS-resistance, hidden service):
+    - Introduction points no longer allow multiple INTRODUCE1 cells to
+      arrive on the same circuit. This should make it more expensive for
+      attackers to overwhelm hidden services with introductions.
+      Resolves ticket 15515.
+
+
 Changes in version 0.2.6.7 - 2015-04-06
   Tor 0.2.6.7 fixes two security issues that could be used by an
   attacker to crash hidden services, or crash clients visiting hidden

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor-messenger-build/master] Revert 8440bff7
Next by Author: [tor-commits] [webwml/master] Add placeholder for Tor Messenger page
Previous by thread: [tor-commits] [tor-browser-bundle/hardened-builds] Add new HTTPS-Everywhere signing key
Next by thread: [tor-commits] [webwml/master] Note Marcela's irc nick
Index(es):
- Author
- Thread