diff options
author | Roger Dingledine <arma@torproject.org> | 2012-10-20 13:54:36 -0400 |
---|---|---|
committer | Roger Dingledine <arma@torproject.org> | 2012-10-20 13:54:36 -0400 |
commit | 922fb087f90ce4c421fc800651ffbea515ccbd86 (patch) | |
tree | 932dc43604d66ecfe6ae93454f350ab404899cab | |
parent | abfaf217fbe1e538a0954c48cee6c6c613e3c3bd (diff) | |
download | tor-922fb087f90ce4c421fc800651ffbea515ccbd86.tar.gz tor-922fb087f90ce4c421fc800651ffbea515ccbd86.zip |
shift the categories around a bit
-rw-r--r-- | ChangeLog | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -7,19 +7,19 @@ Changes in version 0.2.3.23-rc - 2012-10-20 - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory authority. Closes ticket 5749. - o Major bugfixes (security): + o Major bugfixes (security/privacy): - Disable TLS session tickets. OpenSSL's implementation was giving our TLS session keys the lifetime of our TLS context objects, when perfect forward secrecy would want us to discard anything that could decrypt a link connection as soon as the link connection was closed. Fixes bug 7139; bugfix on all versions of Tor linked against OpenSSL 1.0.0 or later. Found by Florent Daignière. - - o Major bugfixes: - Discard extraneous renegotiation attempts once the V3 link protocol has been initiated. Failure to do so left us open to a remotely triggerable assertion failure. Fixes CVE-2012-2249; bugfix on 0.2.3.6-alpha. Reported by "some guy from France". + + o Major bugfixes: - Fix a possible crash bug when checking for deactivated circuits in connection_or_flush_from_first_active_circuit(). Fixes bug 6341; bugfix on 0.2.2.7-alpha. Bug report and fix received pseudonymously. |