diff options
| author | Roger Dingledine <arma@torproject.org> | 2012-04-24 10:44:16 -0400 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2012-04-24 10:44:16 -0400 |
| commit | 6fc281ab2d393f9cb55b83254196aa3618646f8e (patch) | |
| tree | 0583930342ee77990c015882645d5a1b16b10912 | |
| parent | ac3f516cd5803dccddadf7e00349b91615d29abb (diff) | |
| download | tor-6fc281ab2d393f9cb55b83254196aa3618646f8e.tar.gz tor-6fc281ab2d393f9cb55b83254196aa3618646f8e.zip | |
forward-port the 0.2.1.32 changelog
| -rw-r--r-- | ChangeLog | 23 | ||||
| -rw-r--r-- | ReleaseNotes | 23 |
2 files changed, 46 insertions, 0 deletions
@@ -239,6 +239,29 @@ Changes in version 0.2.2.35 - 2011-12-16 by removing an absolute path from makensis.exe command. +Changes in version 0.2.1.32 - 2011-12-16 + Tor 0.2.1.32 backports important security and privacy fixes for + oldstable. This release is intended only for package maintainers and + others who cannot use the 0.2.2 stable series. All others should be + using Tor 0.2.2.x or newer. + + The Tor 0.2.1.x series will reach formal end-of-life some time in + early 2012; we will stop releasing patches for it then. + + o Major bugfixes (also included in 0.2.2.x): + - Correctly sanity-check that we don't underflow on a memory + allocation (and then assert) for hidden service introduction + point decryption. Bug discovered by Dan Rosenberg. Fixes bug 4410; + bugfix on 0.2.1.5-alpha. + - Fix a heap overflow bug that could occur when trying to pull + data into the first chunk of a buffer, when that chunk had + already had some data drained from it. Fixes CVE-2011-2778; + bugfix on 0.2.0.16-alpha. Reported by "Vektor". + + o Minor features: + - Update to the December 6 2011 Maxmind GeoLite Country database. + + Changes in version 0.2.2.34 - 2011-10-26 Tor 0.2.2.34 fixes a critical anonymity vulnerability where an attacker can deanonymize Tor users. Everybody should upgrade. diff --git a/ReleaseNotes b/ReleaseNotes index 4b60d48869..13bd018b00 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -123,6 +123,29 @@ Changes in version 0.2.2.35 - 2011-12-16 by removing an absolute path from makensis.exe command. +Changes in version 0.2.1.32 - 2011-12-16 + Tor 0.2.1.32 backports important security and privacy fixes for + oldstable. This release is intended only for package maintainers and + others who cannot use the 0.2.2 stable series. All others should be + using Tor 0.2.2.x or newer. + + The Tor 0.2.1.x series will reach formal end-of-life some time in + early 2012; we will stop releasing patches for it then. + + o Major bugfixes (also included in 0.2.2.x): + - Correctly sanity-check that we don't underflow on a memory + allocation (and then assert) for hidden service introduction + point decryption. Bug discovered by Dan Rosenberg. Fixes bug 4410; + bugfix on 0.2.1.5-alpha. + - Fix a heap overflow bug that could occur when trying to pull + data into the first chunk of a buffer, when that chunk had + already had some data drained from it. Fixes CVE-2011-2778; + bugfix on 0.2.0.16-alpha. Reported by "Vektor". + + o Minor features: + - Update to the December 6 2011 Maxmind GeoLite Country database. + + Changes in version 0.2.2.34 - 2011-10-26 Tor 0.2.2.34 fixes a critical anonymity vulnerability where an attacker can deanonymize Tor users. Everybody should upgrade. |