3 files changed, 24 insertions, 0 deletions

diff --git a/changes/trove-2017-009 b/changes/trove-2017-009
new file mode 100644
index 0000000000..166a5faec6
--- /dev/null
+++ b/changes/trove-2017-009
@@ -0,0 +1,10 @@
+  o Major bugfixes (security):
+    - When checking for replays in the INTRODUCE1 cell data for a (legacy)
+      hiddden service, correctly detect replays in the RSA-encrypted part of
+      the cell. We were previously checking for replays on the entire cell,
+      but those can be circumvented due to the malleability of Tor's legacy
+      hybrid encryption. This fix helps prevent a traffic confirmation
+      attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also
+      tracked as TROVE-2017-009 and CVE-2017-8819.
+
+
diff --git a/changes/trove-2017-011 b/changes/trove-2017-011
new file mode 100644
index 0000000000..82d20d9e78
--- /dev/null
+++ b/changes/trove-2017-011
@@ -0,0 +1,8 @@
+  o Major bugfixes (security):
+    - Fix a denial of service bug where an attacker could use a malformed
+      directory object to cause a Tor instance to pause while OpenSSL would
+      try to read a passphrase from the terminal. (If the terminal was not
+      available, tor would continue running.)  Fixes bug 24246; bugfix on
+      every version of Tor.  Also tracked as TROVE-2017-011 and
+      CVE-2017-8821.  Found by OSS-Fuzz as testcase 6360145429790720.
+
diff --git a/changes/trove-2017-012-part1 b/changes/trove-2017-012-part1
new file mode 100644
index 0000000000..9fccc2cf65
--- /dev/null
+++ b/changes/trove-2017-012-part1
@@ -0,0 +1,6 @@
+  o Major bugfixes (security, relay):
+    - When running as a relay, make sure that we never build a path through
+      ourselves, even in the case where we have somehow lost the version of
+      our descriptor appearing in the consensus. Fixes part of bug 21534;
+      bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012
+      and CVE-2017-8822.