Merge branch 'trove_2020_002_041' into maint-0.4.1

author: Nick Mathewson <nickm@torproject.org> 2020-03-17 15:22:02 -0400
committer: Nick Mathewson <nickm@torproject.org> 2020-03-17 15:22:02 -0400
commit: 3c8a4b8fbdb42b2fa98ddec8b6d7ed3202201eb1 (patch)
tree: 6fbbb068b07232188a6a98e891b7d7a4c18d0638 /changes
parent: cec647ff3eab20c97a744a59b808eb49760acfd3 (diff)
parent: 9163781039b96e859fc102f003a274e9716cc02d (diff)
download: tor-3c8a4b8fbdb42b2fa98ddec8b6d7ed3202201eb1.tar.gz
tor-3c8a4b8fbdb42b2fa98ddec8b6d7ed3202201eb1.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/changes/ticket33119 b/changes/ticket33119
new file mode 100644
index 0000000000..11c20bc7a2
--- /dev/null
+++ b/changes/ticket33119
@@ -0,0 +1,8 @@
+  o Major bugfixes (security, denial-of-service):
+    - Fix a denial-of-service bug that could be used by anyone to consume a
+      bunch of CPU on any Tor relay or authority, or by directories to
+      consume a bunch of CPU on clients or hidden services. Because
+      of the potential for CPU consumption to introduce observable
+      timing patterns, we are treating this as a high-severity security
+      issue.  Fixes bug 33119; bugfix on 0.2.1.5-alpha. We are also tracking
+      this issue as TROVE-2020-002.
author	Nick Mathewson <nickm@torproject.org>	2020-03-17 15:22:02 -0400
committer	Nick Mathewson <nickm@torproject.org>	2020-03-17 15:22:02 -0400
commit	3c8a4b8fbdb42b2fa98ddec8b6d7ed3202201eb1 (patch)
tree	6fbbb068b07232188a6a98e891b7d7a4c18d0638 /changes
parent	cec647ff3eab20c97a744a59b808eb49760acfd3 (diff)
parent	9163781039b96e859fc102f003a274e9716cc02d (diff)
download	tor-3c8a4b8fbdb42b2fa98ddec8b6d7ed3202201eb1.tar.gz tor-3c8a4b8fbdb42b2fa98ddec8b6d7ed3202201eb1.zip