r19725@catbus: nickm | 2008-05-13 08:47:18 -0400

Forward-port: update authority keys affected by Debian OpenSSL bug (See CVE-2008-0166 or http://lists.debian.org/debian-security-announce/2008/msg00152.html ) svn:r14603
author: Nick Mathewson <nickm@torproject.org> 2008-05-13 12:47:27 +0000
committer: Nick Mathewson <nickm@torproject.org> 2008-05-13 12:47:27 +0000
commit: 0b6b356f7131619fb8e5185fe8b75dff0c61cd0e (patch)
tree: 653da877c469cf8717fd057dd476a86c7f91078b /ChangeLog
parent: 5fd1e77b0f30b875e53497e381e559a17ca38ff6 (diff)
download: tor-0b6b356f7131619fb8e5185fe8b75dff0c61cd0e.tar.gz
tor-0b6b356f7131619fb8e5185fe8b75dff0c61cd0e.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index f67d4b0a7f..50261119c5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,11 @@ Changes in version 0.2.1.1-alpha - 2008-??-??
       0.2.0.1-alpha.  Fixes bug 632.
     - List authority signatures as "unrecognized" based on DirServer lines,
       not on cert cache.  Bugfix on 0.2.0.x.
+    - Use new V3 directory authority keys on the Tor26, Gabelmoo, and
+      Moria1 V3 directory authorities.  The old keys were generated with
+      a vulnerable version of Debian's OpenSSL package, and must be
+      considered compromised.  Other authorities' keys were not
+      generated with an affected version of OpenSSL.
 
   o Minor bugfixes:
     - Stop giving double-close warn when we reject an address for client DNS.
author	Nick Mathewson <nickm@torproject.org>	2008-05-13 12:47:27 +0000
committer	Nick Mathewson <nickm@torproject.org>	2008-05-13 12:47:27 +0000
commit	0b6b356f7131619fb8e5185fe8b75dff0c61cd0e (patch)
tree	653da877c469cf8717fd057dd476a86c7f91078b /ChangeLog
parent	5fd1e77b0f30b875e53497e381e559a17ca38ff6 (diff)
download	tor-0b6b356f7131619fb8e5185fe8b75dff0c61cd0e.tar.gz tor-0b6b356f7131619fb8e5185fe8b75dff0c61cd0e.zip