make the description of tolen_asserts more dire

We have a CVE # for this bug.
author: Nick Mathewson <nickm@torproject.org> 2011-01-15 10:54:58 -0500
committer: Nick Mathewson <nickm@torproject.org> 2011-01-15 11:49:26 -0500
commit: 50b06a2b76190170e9f80739f022696755b54b99 (patch)
tree: 4eb0e564f362626b0e99fe8d9b08d1c2304ff346
parent: 115782bdbe42e4b3d5cb386d2939a883bc381d12 (diff)
download: tor-50b06a2b76190170e9f80739f022696755b54b99.tar.gz
tor-50b06a2b76190170e9f80739f022696755b54b99.zip
1 files changed, 3 insertions, 4 deletions
diff --git a/changes/tolen_asserts b/changes/tolen_asserts
index 90cdb2d75e..a9834ab669 100644
--- a/changes/tolen_asserts
+++ b/changes/tolen_asserts
@@ -1,9 +1,8 @@
   o Major bugfixes (security)
     - Fix a heap overflow bug where an adversary could cause heap
-      corruption.  Since the contents of the corruption would need to be
-      the output of an RSA decryption, we do not think this is easy to
-      turn in to a remote code execution attack, but everybody should
-      upgrade anyway.  Found by debuger.  Bugfix on 0.1.2.10-rc.
+      corruption.  This bug potentially allows remote code execution
+      attacks.  Found by debuger.  Fixes CVE-2011-0427.  Bugfix on
+      0.1.2.10-rc.
   o Defensive programming
     - Introduce output size checks on all of our decryption functions.
author	Nick Mathewson <nickm@torproject.org>	2011-01-15 10:54:58 -0500
committer	Nick Mathewson <nickm@torproject.org>	2011-01-15 11:49:26 -0500
commit	50b06a2b76190170e9f80739f022696755b54b99 (patch)
tree	4eb0e564f362626b0e99fe8d9b08d1c2304ff346
parent	115782bdbe42e4b3d5cb386d2939a883bc381d12 (diff)
download	tor-50b06a2b76190170e9f80739f022696755b54b99.tar.gz tor-50b06a2b76190170e9f80739f022696755b54b99.zip