Merge branch 'maint-0.2.5' into maint-0.2.6

author: Roger Dingledine <arma@torproject.org> 2017-02-13 15:27:57 -0500
committer: Roger Dingledine <arma@torproject.org> 2017-02-13 15:27:57 -0500
commit: e778a411b9e75ad2c1b46a6624d586a6f4a0c554 (patch)
tree: 9947f8dd3e370e8a6f42a849c80e3c2429413bd0
parent: 43c18b1b7a1a10d36e16393b9f35b519f1c40fa9 (diff)
parent: 144ec3d58cd7358e6563023737a5f91844db93b0 (diff)
download: tor-e778a411b9e75ad2c1b46a6624d586a6f4a0c554.tar.gz
tor-e778a411b9e75ad2c1b46a6624d586a6f4a0c554.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/changes/bug20384 b/changes/bug20384
new file mode 100644
index 0000000000..591015ad94
--- /dev/null
+++ b/changes/bug20384
@@ -0,0 +1,10 @@
+  o Major features (security fixes):
+    - Prevent a class of security bugs caused by treating the contents
+      of a buffer chunk as if they were a NUL-terminated string. At
+      least one such bug seems to be present in all currently used
+      versions of Tor, and would allow an attacker to remotely crash
+      most Tor instances, especially those compiled with extra compiler
+      hardening. With this defense in place, such bugs can't crash Tor,
+      though we should still fix them as they occur. Closes ticket
+      20384 (TROVE-2016-10-001).
+
author	Roger Dingledine <arma@torproject.org>	2017-02-13 15:27:57 -0500
committer	Roger Dingledine <arma@torproject.org>	2017-02-13 15:27:57 -0500
commit	e778a411b9e75ad2c1b46a6624d586a6f4a0c554 (patch)
tree	9947f8dd3e370e8a6f42a849c80e3c2429413bd0
parent	43c18b1b7a1a10d36e16393b9f35b519f1c40fa9 (diff)
parent	144ec3d58cd7358e6563023737a5f91844db93b0 (diff)
download	tor-e778a411b9e75ad2c1b46a6624d586a6f4a0c554.tar.gz tor-e778a411b9e75ad2c1b46a6624d586a6f4a0c554.zip