diff options
| author | Nick Mathewson <nickm@torproject.org> | 2020-03-17 15:21:48 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2020-03-17 15:21:48 -0400 |
| commit | fe3d8ec38e3c4c2a992280c2847cdd8e05f81d36 (patch) | |
| tree | a4039be9d8029660588942dd4982525f96d86d5f /changes | |
| parent | 089e57d22f7c5e755a2d88d0b102207f7207ee27 (diff) | |
| parent | f958b537abc1285dd627c03f091dc94a5d17995a (diff) | |
| download | tor-fe3d8ec38e3c4c2a992280c2847cdd8e05f81d36.tar.gz tor-fe3d8ec38e3c4c2a992280c2847cdd8e05f81d36.zip | |
Merge branch 'trove_2020_002_035' into maint-0.3.5
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/ticket33119 | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/changes/ticket33119 b/changes/ticket33119 new file mode 100644 index 0000000000..11c20bc7a2 --- /dev/null +++ b/changes/ticket33119 @@ -0,0 +1,8 @@ + o Major bugfixes (security, denial-of-service): + - Fix a denial-of-service bug that could be used by anyone to consume a + bunch of CPU on any Tor relay or authority, or by directories to + consume a bunch of CPU on clients or hidden services. Because + of the potential for CPU consumption to introduce observable + timing patterns, we are treating this as a high-severity security + issue. Fixes bug 33119; bugfix on 0.2.1.5-alpha. We are also tracking + this issue as TROVE-2020-002. |