commit 2d7735ea06b6ff9243d5516a24693941f2575f86 Author: Nick Mathewson nickm@torproject.org Date: Thu Feb 21 10:23:24 2019 -0500
Add TROVE-2019-001 to changelog for 0.3.5.8 --- ChangeLog | 13 +++++++++++++ changes/ticket29168 | 5 ----- 2 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 507981350..d4d0d3587 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,19 @@ Changes in version 0.3.5.8 - 2019-02-21 for an annoying SOCKS-parsing bug that affected users in earlier 0.3.5.x releases.
+ It also includes a fix for a medium-severity security bug affecting Tor + 0.3.2.1-alpha and later. All Tor instances running an affected release + should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha. + + o Major bugfixes (cell scheduler, KIST, security): + - Make KIST consider the outbuf length when computing what it can + put in the outbuf. Previously, KIST acted as though the outbuf + were empty, which could lead to the outbuf becoming too full. It + is possible that an attacker could exploit this bug to cause a Tor + client or relay to run out of memory and crash. Fixes bug 29168; + bugfix on 0.3.2.1-alpha. This issue is also being tracked as + TROVE-2019-001 and CVE-2019-8955. + o Major bugfixes (networking, backport from 0.4.0.2-alpha): - Gracefully handle empty username/password fields in SOCKS5 username/password auth messsage and allow SOCKS5 handshake to diff --git a/changes/ticket29168 b/changes/ticket29168 deleted file mode 100644 index 65c5232f6..000000000 --- a/changes/ticket29168 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (cell scheduler, KIST): - - Make KIST to always take into account the outbuf length when computing - what we can actually put in the outbuf. This could lead to the outbuf - being filled up and thus a possible memory DoS vector. TROVE-2019-001. - Fixes bug 29168; bugfix on 0.3.2.1-alpha.