explain that bug 5090 allows a post-auth heap overflow

resolves bug 5402.
author: Roger Dingledine <arma@torproject.org> 2012-03-25 23:09:23 -0400
committer: Roger Dingledine <arma@torproject.org> 2012-03-25 23:09:23 -0400
commit: bca8bf62c6683374321cd2a306b6455e441661b9 (patch)
tree: 0d7b55cfe0854d3b779b0c04cf7b380328c0f46d /ChangeLog
parent: fe2b177cfbcdbc2ad851402a9804f9b5f58d93b0 (diff)
download: tor-bca8bf62c6683374321cd2a306b6455e441661b9.tar.gz
tor-bca8bf62c6683374321cd2a306b6455e441661b9.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index 5de4d6323b..a6dc608889 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -43,8 +43,11 @@ Changes in version 0.2.3.13-alpha - 2012-03-1?
     - Detect and reject certain misformed escape sequences in
       configuration values. Previously, these values would cause us
       to crash if received in a torrc file or over an (authenticated)
-      control port. Bug found by Esteban Manchado Velázquez. Patch by
-      "flupzor". Fixes bug 5090; bugfix on 0.2.0.16-alpha.
+      control port. Bug found by Esteban Manchado Velázquez, and
+      independently by Robert Connolly from Matta Consulting who further
+      noted that it allows a post-authentication heap overflow. Patch
+      by "flupzor". Fixes bugs 5090 and 5402 (CVE 2012-1668); bugfix
+      on 0.2.0.16-alpha.
     - Ensure that variables set in Tor's environment cannot override
       environment variables which Tor tries to pass to a managed
       pluggable-transport proxy. Previously, Tor would pass every
author	Roger Dingledine <arma@torproject.org>	2012-03-25 23:09:23 -0400
committer	Roger Dingledine <arma@torproject.org>	2012-03-25 23:09:23 -0400
commit	bca8bf62c6683374321cd2a306b6455e441661b9 (patch)
tree	0d7b55cfe0854d3b779b0c04cf7b380328c0f46d /ChangeLog
parent	fe2b177cfbcdbc2ad851402a9804f9b5f58d93b0 (diff)
download	tor-bca8bf62c6683374321cd2a306b6455e441661b9.tar.gz tor-bca8bf62c6683374321cd2a306b6455e441661b9.zip