summaryrefslogtreecommitdiff
path: root/changes
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2020-03-17 15:22:02 -0400
committerNick Mathewson <nickm@torproject.org>2020-03-17 15:22:02 -0400
commit3c8a4b8fbdb42b2fa98ddec8b6d7ed3202201eb1 (patch)
tree6fbbb068b07232188a6a98e891b7d7a4c18d0638 /changes
parentcec647ff3eab20c97a744a59b808eb49760acfd3 (diff)
parent9163781039b96e859fc102f003a274e9716cc02d (diff)
downloadtor-3c8a4b8fbdb42b2fa98ddec8b6d7ed3202201eb1.tar.gz
tor-3c8a4b8fbdb42b2fa98ddec8b6d7ed3202201eb1.zip
Merge branch 'trove_2020_002_041' into maint-0.4.1
Diffstat (limited to 'changes')
-rw-r--r--changes/ticket331198
1 files changed, 8 insertions, 0 deletions
diff --git a/changes/ticket33119 b/changes/ticket33119
new file mode 100644
index 0000000000..11c20bc7a2
--- /dev/null
+++ b/changes/ticket33119
@@ -0,0 +1,8 @@
+ o Major bugfixes (security, denial-of-service):
+ - Fix a denial-of-service bug that could be used by anyone to consume a
+ bunch of CPU on any Tor relay or authority, or by directories to
+ consume a bunch of CPU on clients or hidden services. Because
+ of the potential for CPU consumption to introduce observable
+ timing patterns, we are treating this as a high-severity security
+ issue. Fixes bug 33119; bugfix on 0.2.1.5-alpha. We are also tracking
+ this issue as TROVE-2020-002.