changes file for TROVE-2018-005

author: Nick Mathewson <nickm@torproject.org> 2018-05-22 12:21:00 -0400
committer: Nick Mathewson <nickm@torproject.org> 2018-05-22 12:26:23 -0400
commit: d2bc019053058b09b5552d327106d9fbe0acad56 (patch)
tree: 04b33890b8a7768ee1e18fc6b46331eb1c61c2b3
parent: bc2d6876b3f64497f66eca0ecc150696f476e401 (diff)
download: tor-d2bc019053058b09b5552d327106d9fbe0acad56.tar.gz
tor-d2bc019053058b09b5552d327106d9fbe0acad56.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/changes/TROVE-2018-005 b/changes/TROVE-2018-005
new file mode 100644
index 0000000000..769c653f43
--- /dev/null
+++ b/changes/TROVE-2018-005
@@ -0,0 +1,6 @@
+  o Major bugfixes (security, directory authority, denial-of-service):
+    - Fix a bug that could have allowed an attacker to force a
+      directory authority to use up all its RAM by passing it a
+      maliciously crafted protocol versions string. Fixes bug 25517;
+      bugfix on 0.2.9.4-alpha.  This issue is also tracked as
+      TROVE-2018-005.
author	Nick Mathewson <nickm@torproject.org>	2018-05-22 12:21:00 -0400
committer	Nick Mathewson <nickm@torproject.org>	2018-05-22 12:26:23 -0400
commit	d2bc019053058b09b5552d327106d9fbe0acad56 (patch)
tree	04b33890b8a7768ee1e18fc6b46331eb1c61c2b3
parent	bc2d6876b3f64497f66eca0ecc150696f476e401 (diff)
download	tor-d2bc019053058b09b5552d327106d9fbe0acad56.tar.gz tor-d2bc019053058b09b5552d327106d9fbe0acad56.zip