[tor/release-0.2.3] move 0.2.2.39 changelog forward - tor-commits

11 Sep 2012

commit e2fd67fc56af15a392dc8e0963f0c29f50cb55bb
Author: Roger Dingledine arma@torproject.org
Date:   Tue Sep 11 14:30:11 2012 -0400
move 0.2.2.39 changelog forward
---
 ChangeLog    |   15 +++++++++++++++
 ReleaseNotes |   15 +++++++++++++++
 2 files changed, 30 insertions(+), 0 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a1165aa..a5cc499 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,21 @@ Changes in version 0.2.3.22-rc - 2012-09-11
       on 0.2.2.23-alpha.
+Changes in version 0.2.2.39 - 2012-09-11
+  Tor 0.2.2.39 fixes two more opportunities for remotely triggerable
+  assertions.
+
+  o Security fixes:
+    - Fix an assertion failure in tor_timegm() that could be triggered
+      by a badly formatted directory object. Bug found by fuzzing with
+      Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.
+    - Do not crash when comparing an address with port value 0 to an
+      address policy. This bug could have been used to cause a remote
+      assertion failure by or against directory authorities, or to
+      allow some applications to crash clients. Fixes bug 6690; bugfix
+      on 0.2.1.10-alpha.
+
+
 Changes in version 0.2.3.21-rc - 2012-09-05
   Tor 0.2.3.21-rc is the fourth release candidate for the Tor 0.2.3.x
   series. It fixes a trio of potential security bugs, fixes a bug where
diff --git a/ReleaseNotes b/ReleaseNotes
index 0d710d9..f452257 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -3,6 +3,21 @@ This document summarizes new features and bugfixes in each stable release
 of Tor. If you want to see more detailed descriptions of the changes in
 each development snapshot, see the ChangeLog file.
+Changes in version 0.2.2.39 - 2012-09-11
+  Tor 0.2.2.39 fixes two more opportunities for remotely triggerable
+  assertions.
+
+  o Security fixes:
+    - Fix an assertion failure in tor_timegm() that could be triggered
+      by a badly formatted directory object. Bug found by fuzzing with
+      Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.
+    - Do not crash when comparing an address with port value 0 to an
+      address policy. This bug could have been used to cause a remote
+      assertion failure by or against directory authorities, or to
+      allow some applications to crash clients. Fixes bug 6690; bugfix
+      on 0.2.1.10-alpha.
+
+
 Changes in version 0.2.2.38 - 2012-08-12
   Tor 0.2.2.38 fixes a remotely triggerable crash bug, and fixes a timing
   attack that could in theory leak path information.

    