Merge branch 'maint-0.4.2' into release-0.4.2

author: Nick Mathewson <nickm@torproject.org> 2020-03-17 15:22:36 -0400
committer: Nick Mathewson <nickm@torproject.org> 2020-03-17 15:22:36 -0400
commit: a74f620e5281194566bf30a656ddd2f6952656c9 (patch)
tree: 5bc9dc79bb5b29b00363600dcfcfe9c7c6a93714 /changes
parent: 40536768b0414703ab59b718ef3cd74b5811dc61 (diff)
parent: 85141a3a74efb0db29ff98667e83b06208d1c926 (diff)
download: tor-a74f620e5281194566bf30a656ddd2f6952656c9.tar.gz
tor-a74f620e5281194566bf30a656ddd2f6952656c9.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/changes/ticket33119 b/changes/ticket33119
new file mode 100644
index 0000000000..11c20bc7a2
--- /dev/null
+++ b/changes/ticket33119
@@ -0,0 +1,8 @@
+  o Major bugfixes (security, denial-of-service):
+    - Fix a denial-of-service bug that could be used by anyone to consume a
+      bunch of CPU on any Tor relay or authority, or by directories to
+      consume a bunch of CPU on clients or hidden services. Because
+      of the potential for CPU consumption to introduce observable
+      timing patterns, we are treating this as a high-severity security
+      issue.  Fixes bug 33119; bugfix on 0.2.1.5-alpha. We are also tracking
+      this issue as TROVE-2020-002.
author	Nick Mathewson <nickm@torproject.org>	2020-03-17 15:22:36 -0400
committer	Nick Mathewson <nickm@torproject.org>	2020-03-17 15:22:36 -0400
commit	a74f620e5281194566bf30a656ddd2f6952656c9 (patch)
tree	5bc9dc79bb5b29b00363600dcfcfe9c7c6a93714 /changes
parent	40536768b0414703ab59b718ef3cd74b5811dc61 (diff)
parent	85141a3a74efb0db29ff98667e83b06208d1c926 (diff)
download	tor-a74f620e5281194566bf30a656ddd2f6952656c9.tar.gz tor-a74f620e5281194566bf30a656ddd2f6952656c9.zip