Don't give the Guard flag to relays without the CVE-2011-2768 fix

author: Robert Ransom <rransom.8774@gmail.com> 2011-10-25 00:24:15 -0700
committer: Sebastian Hahn <sebastian@torproject.org> 2011-10-26 23:42:39 +0200
commit: 00fffbc1a15e2696a89c721d0c94dc333ff419ef (patch)
tree: c6c708806d7a7572867ac17d0787f7480825dfd3 /changes
parent: 4d0f152aadabd431924acb137990081269cffb3d (diff)
download: tor-00fffbc1a15e2696a89c721d0c94dc333ff419ef.tar.gz
tor-00fffbc1a15e2696a89c721d0c94dc333ff419ef.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/changes/issue-2011-10-19L b/changes/issue-2011-10-19L
index 1fefd7267e..b879c9d401 100644
--- a/changes/issue-2011-10-19L
+++ b/changes/issue-2011-10-19L
@@ -19,3 +19,10 @@
       client is connected to a patched relay.  Bugfix on FIXME; found
       by frosty_un.
 
+    - Don't assign the Guard flag to relays running a version of Tor
+      which would use an OR connection on which it has received a
+      CREATE_FAST cell to satisfy an EXTEND request.  Mitigates
+      CVE-2011-2768, by ensuring that clients will not connect
+      directly to any relay which an attacker could probe for an
+      unpatched client's connections.
+
author	Robert Ransom <rransom.8774@gmail.com>	2011-10-25 00:24:15 -0700
committer	Sebastian Hahn <sebastian@torproject.org>	2011-10-26 23:42:39 +0200
commit	00fffbc1a15e2696a89c721d0c94dc333ff419ef (patch)
tree	c6c708806d7a7572867ac17d0787f7480825dfd3 /changes
parent	4d0f152aadabd431924acb137990081269cffb3d (diff)
download	tor-00fffbc1a15e2696a89c721d0c94dc333ff419ef.tar.gz tor-00fffbc1a15e2696a89c721d0c94dc333ff419ef.zip