Merge branch 'maint-0.2.5' into maint-0.2.8

author: Nick Mathewson <nickm@torproject.org> 2017-11-30 12:07:59 -0500
committer: Nick Mathewson <nickm@torproject.org> 2017-11-30 12:07:59 -0500
commit: ba4a9cf0c094b7a19e1bf44264b1244a23a4b38e (patch)
tree: bab81ffaf9bf664f4d699db1c99a67636c445032 /changes/trove-2017-011
parent: 3030741b5d24e9ae36e6d72c6a8c7d035fde9d2a (diff)
parent: f49876d66efbc5679ba7d9d9c6538c763b8e06b5 (diff)
download: tor-ba4a9cf0c094b7a19e1bf44264b1244a23a4b38e.tar.gz
tor-ba4a9cf0c094b7a19e1bf44264b1244a23a4b38e.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/changes/trove-2017-011 b/changes/trove-2017-011
new file mode 100644
index 0000000000..82d20d9e78
--- /dev/null
+++ b/changes/trove-2017-011
@@ -0,0 +1,8 @@
+  o Major bugfixes (security):
+    - Fix a denial of service bug where an attacker could use a malformed
+      directory object to cause a Tor instance to pause while OpenSSL would
+      try to read a passphrase from the terminal. (If the terminal was not
+      available, tor would continue running.)  Fixes bug 24246; bugfix on
+      every version of Tor.  Also tracked as TROVE-2017-011 and
+      CVE-2017-8821.  Found by OSS-Fuzz as testcase 6360145429790720.
+
author	Nick Mathewson <nickm@torproject.org>	2017-11-30 12:07:59 -0500
committer	Nick Mathewson <nickm@torproject.org>	2017-11-30 12:07:59 -0500
commit	ba4a9cf0c094b7a19e1bf44264b1244a23a4b38e (patch)
tree	bab81ffaf9bf664f4d699db1c99a67636c445032 /changes/trove-2017-011
parent	3030741b5d24e9ae36e6d72c6a8c7d035fde9d2a (diff)
parent	f49876d66efbc5679ba7d9d9c6538c763b8e06b5 (diff)
download	tor-ba4a9cf0c094b7a19e1bf44264b1244a23a4b38e.tar.gz tor-ba4a9cf0c094b7a19e1bf44264b1244a23a4b38e.zip