changes file for 33119 aka TROVE-2020-002

author: Nick Mathewson <nickm@torproject.org> 2020-02-05 12:02:32 -0500
committer: Nick Mathewson <nickm@torproject.org> 2020-02-05 12:02:32 -0500
commit: d0bce65ce2426793a975e691204c3fb2ac667f66 (patch)
tree: c53180d912d4c195397508d0e0ad8d52c6a58cff
parent: f160212ee855b6899063f2e9355abd59105d6a04 (diff)
download: tor-d0bce65ce2426793a975e691204c3fb2ac667f66.tar.gz
tor-d0bce65ce2426793a975e691204c3fb2ac667f66.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/changes/ticket33119 b/changes/ticket33119
new file mode 100644
index 0000000000..11c20bc7a2
--- /dev/null
+++ b/changes/ticket33119
@@ -0,0 +1,8 @@
+  o Major bugfixes (security, denial-of-service):
+    - Fix a denial-of-service bug that could be used by anyone to consume a
+      bunch of CPU on any Tor relay or authority, or by directories to
+      consume a bunch of CPU on clients or hidden services. Because
+      of the potential for CPU consumption to introduce observable
+      timing patterns, we are treating this as a high-severity security
+      issue.  Fixes bug 33119; bugfix on 0.2.1.5-alpha. We are also tracking
+      this issue as TROVE-2020-002.
author	Nick Mathewson <nickm@torproject.org>	2020-02-05 12:02:32 -0500
committer	Nick Mathewson <nickm@torproject.org>	2020-02-05 12:02:32 -0500
commit	d0bce65ce2426793a975e691204c3fb2ac667f66 (patch)
tree	c53180d912d4c195397508d0e0ad8d52c6a58cff
parent	f160212ee855b6899063f2e9355abd59105d6a04 (diff)
download	tor-d0bce65ce2426793a975e691204c3fb2ac667f66.tar.gz tor-d0bce65ce2426793a975e691204c3fb2ac667f66.zip