From aea35fbb1bae0a6451c1f07b5d09c766dd38ec42 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 15 Dec 2011 11:38:00 -0500 Subject: Changelog and blurb for 0.2.1.32 --- ChangeLog | 13 ++++++++++++- changes/buffer_bug | 7 ------- 2 files changed, 12 insertions(+), 8 deletions(-) delete mode 100644 changes/buffer_bug diff --git a/ChangeLog b/ChangeLog index 3e757857ab..912a3d94b2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,10 +1,21 @@ -Changes in version 0.2.1.32 - 201?-??-?? +Changes in version 0.2.1.32 - 2011-12-16 + Tor 0.2.1.32 backports important security and privacy fixes for + oldstable. This release is intended only for package maintainers and + others who cannot use the 0.2.2 stable series. All others should be + using Tor 0.2.2.x or newer. + + The Tor 0.2.1.x series will reach formal end-of-life some time in + early 2012, when we will stop releasing patches for it. o Major bugfixes (also included in 0.2.2.x): - Correctly sanity-check that we don't underflow on a memory allocation (and then assert) for hidden service introduction point decryption. Bug discovered by Dan Rosenberg. Fixes bug 4410; bugfix on 0.2.1.5-alpha. + - Fix a heap overflow bug that could occur when trying to pull + data into the first chunk of a buffer, when that chunk had + already had some data drained from it. Fixes CVE-2011-2778; + bugfix on 0.2.0.16-alpha. Reported by "Vektor". o Minor features: - Update to the December 6 2011 Maxmind GeoLite Country database. diff --git a/changes/buffer_bug b/changes/buffer_bug deleted file mode 100644 index 634f609533..0000000000 --- a/changes/buffer_bug +++ /dev/null @@ -1,7 +0,0 @@ - - o Major bugfixes: - - Fix a heap overflow bug that could occur when trying to pull - data into the first chunk of a buffer, when that chunk had - already had some data drained from it. Fixes CVE-2011-2778; - bugfix on 0.2.0.16-alpha. Reported by "Vektor". - -- cgit v1.2.3-54-g00ecf