Merge branch 'trove-2017-011_025' into maint-0.2.5

author: Nick Mathewson <nickm@torproject.org> 2017-11-30 12:06:17 -0500
committer: Nick Mathewson <nickm@torproject.org> 2017-11-30 12:06:17 -0500
commit: 08ce39fb0fd50ab0da4201201fa07e7776cb09e7 (patch)
tree: 8f77e38d4999a18f9d25532bd5f06867eb0dab63 /changes/trove-2017-011
parent: a6a0c7a4ecc22a744b123a47d466963f6023a11f (diff)
parent: 1880a6a88e240556a8e6b169f1160aa8220ab0ec (diff)
download: tor-08ce39fb0fd50ab0da4201201fa07e7776cb09e7.tar.gz
tor-08ce39fb0fd50ab0da4201201fa07e7776cb09e7.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/changes/trove-2017-011 b/changes/trove-2017-011
new file mode 100644
index 0000000000..82d20d9e78
--- /dev/null
+++ b/changes/trove-2017-011
@@ -0,0 +1,8 @@
+  o Major bugfixes (security):
+    - Fix a denial of service bug where an attacker could use a malformed
+      directory object to cause a Tor instance to pause while OpenSSL would
+      try to read a passphrase from the terminal. (If the terminal was not
+      available, tor would continue running.)  Fixes bug 24246; bugfix on
+      every version of Tor.  Also tracked as TROVE-2017-011 and
+      CVE-2017-8821.  Found by OSS-Fuzz as testcase 6360145429790720.
+
author	Nick Mathewson <nickm@torproject.org>	2017-11-30 12:06:17 -0500
committer	Nick Mathewson <nickm@torproject.org>	2017-11-30 12:06:17 -0500
commit	08ce39fb0fd50ab0da4201201fa07e7776cb09e7 (patch)
tree	8f77e38d4999a18f9d25532bd5f06867eb0dab63 /changes/trove-2017-011
parent	a6a0c7a4ecc22a744b123a47d466963f6023a11f (diff)
parent	1880a6a88e240556a8e6b169f1160aa8220ab0ec (diff)
download	tor-08ce39fb0fd50ab0da4201201fa07e7776cb09e7.tar.gz tor-08ce39fb0fd50ab0da4201201fa07e7776cb09e7.zip