diff options
| author | Roger Dingledine <arma@torproject.org> | 2014-05-14 15:48:57 -0400 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2014-05-14 15:48:57 -0400 |
| commit | ca085ba3413ee133618550598e5087a8504f9a36 (patch) | |
| tree | 79c6d0704f28aff150026fc34a1979fd35ecaf41 | |
| parent | 0fed6ad45b5b41be354df70dee742e0a3e8357ed (diff) | |
| download | tor-ca085ba3413ee133618550598e5087a8504f9a36.tar.gz tor-ca085ba3413ee133618550598e5087a8504f9a36.zip | |
two small fixes, and downgrade a severity
| -rw-r--r-- | ChangeLog | 18 |
1 files changed, 9 insertions, 9 deletions
@@ -9,16 +9,9 @@ Changes in version 0.2.4.22 - 2014-05-1? o Major bugfixes (security, OOM): - Fix a memory leak that could occur if a microdescriptor parse fails during the tokenizing step. This bug could enable a memory - exhaustion attack by directory servers. Fixes bug #11649; bugfix + exhaustion attack by directory servers. Fixes bug 11649; bugfix on 0.2.2.6-alpha. - o Major bugfixes (configuration, security): - - When running a hidden service, do not allow TunneledDirConns 0: - trying to set that option together with a hidden service would - otherwise prevent the hidden service from running, and also make - it publish its descriptors directly over HTTP. Fixes bug 10849; - bugfix on 0.2.1.1-alpha. - o Major features (security, backport from 0.2.5.4-alpha): - Block authority signing keys that were used on authorities vulnerable to the "heartbleed" bug in OpenSSL (CVE-2014-0160). (We @@ -45,6 +38,13 @@ Changes in version 0.2.4.22 - 2014-05-1? advertising the ECDH (not to be confused with ECDHE) ciphersuites. Resolves ticket 11438. + o Minor bugfixes (configuration, security): + - When running a hidden service, do not allow TunneledDirConns 0: + trying to set that option together with a hidden service would + otherwise prevent the hidden service from running, and also make + it publish its descriptors directly over HTTP. Fixes bug 10849; + bugfix on 0.2.1.1-alpha. + o Minor bugfixes (controller, backport from 0.2.5.4-alpha): - Avoid sending an garbage value to the controller when a circuit is cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha. @@ -78,7 +78,7 @@ Changes in version 0.2.4.22 - 2014-05-1? users. Fixes bug 9686; bugfix on 0.2.4.14-alpha. o Minor bugfixes (compilation): - - Fix a compilation error when compiling with --disable-cuve25519. + - Fix a compilation error when compiling with --disable-curve25519. Fixes bug 9700; bugfix on 0.2.4.17-rc. o Minor bugfixes: |