diff options
| author | George Kadianakis <desnacked@riseup.net> | 2019-04-09 17:30:14 +0300 |
|---|---|---|
| committer | George Kadianakis <desnacked@riseup.net> | 2019-04-10 12:46:27 +0300 |
| commit | 2cdc6b2005d2ad09b44cf9a455a70f258e7f6fca (patch) | |
| tree | f46f5065b1f2c137b210cb1c174167bf7c56d03a | |
| parent | 9ce0bdd22636a332399d65f280915e899a24b69b (diff) | |
| download | tor-2cdc6b2005d2ad09b44cf9a455a70f258e7f6fca.tar.gz tor-2cdc6b2005d2ad09b44cf9a455a70f258e7f6fca.zip | |
Add changes file for #30040.
| -rw-r--r-- | changes/bug30040 | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/changes/bug30040 b/changes/bug30040 new file mode 100644 index 0000000000..7d80528a10 --- /dev/null +++ b/changes/bug30040 @@ -0,0 +1,9 @@ + o Minor bugfixes (security): + - Fix a potential double free bug when reading huge bandwidth files. The + issue is not exploitable in the current Tor network because the + vulnerable code is only reached when directory authorities read bandwidth + files, but bandwidth files come from a trusted source (usually the + authorities themselves). Furthermore, the issue is only exploitable in + rare (non-POSIX) 32-bit architectures which are not used by any of the + current authorities. Fixes bug 30040; bugfix on 0.3.5.1-alpha. Bug found + and fixed by Tobias Stoeckmann. |