Skip to content
Snippets Groups Projects
Commit feb744f0 authored by Nick Mathewson's avatar Nick Mathewson :fire:
Browse files

Add TROVE-2019-001 to changelog for 0.4.0.2-alpha

parent fdcd2f2f
No related branches found
Tags debian-version-0.0.5-1
No related merge requests found
......@@ -3,6 +3,19 @@ Changes in version 0.4.0.2-alpha - 2019-02-21
bugs from earlier versions, including several that had broken
backward compatibility.
 
It also includes a fix for a medium-severity security bug affecting Tor
0.3.2.1-alpha and later. All Tor instances running an affected release
should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha.
o Major bugfixes (cell scheduler, KIST, security):
- Make KIST consider the outbuf length when computing what it can
put in the outbuf. Previously, KIST acted as though the outbuf
were empty, which could lead to the outbuf becoming too full. It
is possible that an attacker could exploit this bug to cause a Tor
client or relay to run out of memory and crash. Fixes bug 29168;
bugfix on 0.3.2.1-alpha. This issue is also being tracked as
TROVE-2019-001 and CVE-2019-8955.
o Major bugfixes (networking):
- Gracefully handle empty username/password fields in SOCKS5
username/password auth messsage and allow SOCKS5 handshake to
o Major bugfixes (cell scheduler, KIST):
- Make KIST to always take into account the outbuf length when computing
what we can actually put in the outbuf. This could lead to the outbuf
being filled up and thus a possible memory DoS vector. TROVE-2019-001.
Fixes bug 29168; bugfix on 0.3.2.1-alpha.
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment