Merge branch 'maint-0.2.6' into maint-0.2.7

2 files changed, 18 insertions, 0 deletions

diff --git a/changes/bug20384 b/changes/bug20384
new file mode 100644
index 0000000000..591015ad94
--- /dev/null
+++ b/changes/bug20384
@@ -0,0 +1,10 @@
+  o Major features (security fixes):
+    - Prevent a class of security bugs caused by treating the contents
+      of a buffer chunk as if they were a NUL-terminated string. At
+      least one such bug seems to be present in all currently used
+      versions of Tor, and would allow an attacker to remotely crash
+      most Tor instances, especially those compiled with extra compiler
+      hardening. With this defense in place, such bugs can't crash Tor,
+      though we should still fix them as they occur. Closes ticket
+      20384 (TROVE-2016-10-001).
+
diff --git a/changes/trove-2017-001.2 b/changes/trove-2017-001.2
new file mode 100644
index 0000000000..3ef073cf9f
--- /dev/null
+++ b/changes/trove-2017-001.2
@@ -0,0 +1,8 @@
+  o Major bugfixes (parsing):
+    - Fix an integer underflow bug when comparing malformed Tor versions.
+      This bug is harmless, except when Tor has been built with
+      --enable-expensive-hardening, which would turn it into a crash;
+      or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with
+      -ftrapv by default.
+      Part of TROVE-2017-001. Fixes bug 21278; bugfix on
+      0.0.8pre1. Found by OSS-Fuzz.