[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/release-0.3.3] add TROVE-2018-005 to changelog and releasenotes
commit b6a88173bbf048cbab87e2bcdd29718a4b5e6837
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Tue May 22 12:37:49 2018 -0400
add TROVE-2018-005 to changelog and releasenotes
---
ChangeLog | 9 ++++++++-
ReleaseNotes | 9 ++++++++-
changes/TROVE-2018-005 | 6 ------
3 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index d31dbbf02..e6d129cf8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,4 @@
-Changes in version 0.3.3.6 - 2018-05-??
+Changes in version 0.3.3.6 - 2018-05-22
Tor 0.3.3.6 is the first stable release in the 0.3.3 series. It
backports several important fixes from the 0.3.4.1-alpha.
@@ -13,6 +13,13 @@ Changes in version 0.3.3.6 - 2018-05-??
Below are the changes since 0.3.3.5-rc. For a list of all changes
since 0.3.2, see the ReleaseNotes file.
+ o Major bugfixes (security, directory authority, denial-of-service):
+ - Fix a bug that could have allowed an attacker to force a
+ directory authority to use up all its RAM by passing it a
+ maliciously crafted protocol versions string. Fixes bug 25517;
+ bugfix on 0.2.9.4-alpha. This issue is also tracked as
+ TROVE-2018-005.
+
o Major bugfixes (directory authorities, security, backport from 0.3.4.1-alpha):
- When directory authorities read a zero-byte bandwidth file, they
would previously log a warning with the contents of an
diff --git a/ReleaseNotes b/ReleaseNotes
index 1772288f2..d63f87ccb 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -2,7 +2,7 @@ This document summarizes new features and bugfixes in each stable release
of Tor. If you want to see more detailed descriptions of the changes in
each development snapshot, see the ChangeLog file.
-Changes in version 0.3.3.6 - 2018-05-??
+Changes in version 0.3.3.6 - 2018-05-22
Tor 0.3.3.6 is the first stable release in the 0.3.3 series. It
backports several important fixes from the 0.3.4.1-alpha.
@@ -21,6 +21,13 @@ Changes in version 0.3.3.6 - 2018-05-??
- When built with Rust, Tor now depends on version 0.2.39 of the
libc crate. Closes tickets 25310 and 25664.
+ o Major bugfixes (security, directory authority, denial-of-service):
+ - Fix a bug that could have allowed an attacker to force a
+ directory authority to use up all its RAM by passing it a
+ maliciously crafted protocol versions string. Fixes bug 25517;
+ bugfix on 0.2.9.4-alpha. This issue is also tracked as
+ TROVE-2018-005.
+
o Major features (denial-of-service mitigation):
- Give relays some defenses against the recent network overload. We
start with three defenses (default parameters in parentheses).
diff --git a/changes/TROVE-2018-005 b/changes/TROVE-2018-005
deleted file mode 100644
index 769c653f4..000000000
--- a/changes/TROVE-2018-005
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes (security, directory authority, denial-of-service):
- - Fix a bug that could have allowed an attacker to force a
- directory authority to use up all its RAM by passing it a
- maliciously crafted protocol versions string. Fixes bug 25517;
- bugfix on 0.2.9.4-alpha. This issue is also tracked as
- TROVE-2018-005.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits