From efca9ce41c96bb0044f504ced36a2734b1689ee2 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 15 Mar 2021 08:53:36 -0400
Subject: Clarify new intended strategy with TROVE-2021-001

We're going to disable this feature in all versions for now.
---
 changes/ticket40286_minimal | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'changes')

diff --git a/changes/ticket40286_minimal b/changes/ticket40286_minimal
index b8669debaa..6a04ca79eb 100644
--- a/changes/ticket40286_minimal
+++ b/changes/ticket40286_minimal
@@ -1,5 +1,6 @@
-  o Major bugfixes (denial of service):
+  o Major bugfixes (security, denial of service):
     - Disable the dump_desc() function that we used to dump unparseable
       information to disk. It was called incorrectly in several places,
-      in a way that could lead to excessive CPU usage.
-      Fixes bug 40286; bugfix on 0.2.2.1-alpha.
+      in a way that could lead to excessive CPU usage.  Fixes bug 40286;
+      bugfix on 0.2.2.1-alpha. This bug is also tracked as
+      TROVE-2021-001 and CVE-2021-28089.
-- 
cgit v1.2.3-54-g00ecf