Merge branch 'maint-0.2.6' into maint-0.2.7

author: Nick Mathewson <nickm@torproject.org> 2016-12-20 18:23:19 -0500
committer: Nick Mathewson <nickm@torproject.org> 2016-12-20 18:23:19 -0500
commit: 2673b4b7a87bbdc880dd235f490dfb7b8f3c64c9 (patch)
tree: f56513e810222c8dd1af0c6015b6b5b0a37de642 /changes
parent: a9c8a5ff18c1944ddcea0116419edc2f199583b8 (diff)
parent: b6227edae1d8318b694029800a26e17a2a960af5 (diff)
download: tor-2673b4b7a87bbdc880dd235f490dfb7b8f3c64c9.tar.gz
tor-2673b4b7a87bbdc880dd235f490dfb7b8f3c64c9.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/changes/buf-sentinel b/changes/buf-sentinel
new file mode 100644
index 0000000000..7c5b829c19
--- /dev/null
+++ b/changes/buf-sentinel
@@ -0,0 +1,11 @@
+  o Major features (security fixes):
+
+    - Prevent a class of security bugs caused by treating the contents
+      of a buffer chunk as if they were a NUL-terminated string.  At
+      least one such bug seems to be present in all currently used
+      versions of Tor, and would allow an attacker to remotely crash
+      most Tor instances, especially those compiled with extra compiler
+      hardening. With this defense in place, such bugs can't crash Tor,
+      though we should still fix them as they occur. Closes ticket 20384
+      (TROVE-2016-10-001).
+
author	Nick Mathewson <nickm@torproject.org>	2016-12-20 18:23:19 -0500
committer	Nick Mathewson <nickm@torproject.org>	2016-12-20 18:23:19 -0500
commit	2673b4b7a87bbdc880dd235f490dfb7b8f3c64c9 (patch)
tree	f56513e810222c8dd1af0c6015b6b5b0a37de642 /changes
parent	a9c8a5ff18c1944ddcea0116419edc2f199583b8 (diff)
parent	b6227edae1d8318b694029800a26e17a2a960af5 (diff)
download	tor-2673b4b7a87bbdc880dd235f490dfb7b8f3c64c9.tar.gz tor-2673b4b7a87bbdc880dd235f490dfb7b8f3c64c9.zip