diff options
| author | Nick Mathewson <nickm@torproject.org> | 2016-10-17 16:31:40 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2016-10-17 16:31:40 -0400 |
| commit | 702c1dcf7b4b659a94c8cc5f1d81d34fc1aeae3f (patch) | |
| tree | 1150afe1a8b90415cd591c3505238241f8f16fa9 /ChangeLog | |
| parent | 8b0755c9bb296ae210e83b88e099d52e40b6f2aa (diff) | |
| download | tor-702c1dcf7b4b659a94c8cc5f1d81d34fc1aeae3f.tar.gz tor-702c1dcf7b4b659a94c8cc5f1d81d34fc1aeae3f.zip | |
Bump master to 0.2.9.4-alpha-dev
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 25 |
1 files changed, 25 insertions, 0 deletions
@@ -1,3 +1,28 @@ +Changes in version 0.2.9.5-rc - 2016-1?-?? + + +Changes in version 0.2.8.9 - 2016-10-17 + Tor 0.2.8.9 backports a fix for a security hole in previous versions + of Tor that would allow a remote attacker to crash a Tor client, + hidden service, relay, or authority. All Tor users should upgrade to + this version, or to 0.2.9.4-alpha. Patches will be released for older + versions of Tor. + + o Major features (security fixes, also in 0.2.9.4-alpha): + - Prevent a class of security bugs caused by treating the contents + of a buffer chunk as if they were a NUL-terminated string. At + least one such bug seems to be present in all currently used + versions of Tor, and would allow an attacker to remotely crash + most Tor instances, especially those compiled with extra compiler + hardening. With this defense in place, such bugs can't crash Tor, + though we should still fix them as they occur. Closes ticket + 20384 (TROVE-2016-10-001). + + o Minor features (geoip): + - Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2 + Country database. + + Changes in version 0.2.9.4-alpha - 2016-10-17 Tor 0.2.9.4-alpha fixes a security hole in previous versions of Tor that would allow a remote attacker to crash a Tor client, hidden |