Merge branch 'maint-0.3.1' into release-0.3.1

author: Nick Mathewson <nickm@torproject.org> 2017-11-30 12:07:59 -0500
committer: Nick Mathewson <nickm@torproject.org> 2017-11-30 12:07:59 -0500
commit: d8d52f2b73eca2cfa868d157bdb66d5ba1be5c30 (patch)
tree: 8b2cfb049db6b09488d1e3adbc8d7d04e358d899 /changes/trove-2017-012-part1
parent: 14746dfba26aaac0a2b89a371e26b98e1211cb11 (diff)
parent: ee48eb1eb5e643cd8af2a32df3cf8c48965f6ce4 (diff)
download: tor-d8d52f2b73eca2cfa868d157bdb66d5ba1be5c30.tar.gz
tor-d8d52f2b73eca2cfa868d157bdb66d5ba1be5c30.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/changes/trove-2017-012-part1 b/changes/trove-2017-012-part1
new file mode 100644
index 0000000000..9fccc2cf65
--- /dev/null
+++ b/changes/trove-2017-012-part1
@@ -0,0 +1,6 @@
+  o Major bugfixes (security, relay):
+    - When running as a relay, make sure that we never build a path through
+      ourselves, even in the case where we have somehow lost the version of
+      our descriptor appearing in the consensus. Fixes part of bug 21534;
+      bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012
+      and CVE-2017-8822.
author	Nick Mathewson <nickm@torproject.org>	2017-11-30 12:07:59 -0500
committer	Nick Mathewson <nickm@torproject.org>	2017-11-30 12:07:59 -0500
commit	d8d52f2b73eca2cfa868d157bdb66d5ba1be5c30 (patch)
tree	8b2cfb049db6b09488d1e3adbc8d7d04e358d899 /changes/trove-2017-012-part1
parent	14746dfba26aaac0a2b89a371e26b98e1211cb11 (diff)
parent	ee48eb1eb5e643cd8af2a32df3cf8c48965f6ce4 (diff)
download	tor-d8d52f2b73eca2cfa868d157bdb66d5ba1be5c30.tar.gz tor-d8d52f2b73eca2cfa868d157bdb66d5ba1be5c30.zip