commit 922fb087f90ce4c421fc800651ffbea515ccbd86 Author: Roger Dingledine arma@torproject.org Date: Sat Oct 20 13:54:36 2012 -0400

shift the categories around a bit --- ChangeLog | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog index 99989a9..173fed6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,19 +7,19 @@ Changes in version 0.2.3.23-rc - 2012-10-20 - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory authority. Closes ticket 5749.

- o Major bugfixes (security): + o Major bugfixes (security/privacy): - Disable TLS session tickets. OpenSSL's implementation was giving our TLS session keys the lifetime of our TLS context objects, when perfect forward secrecy would want us to discard anything that could decrypt a link connection as soon as the link connection was closed. Fixes bug 7139; bugfix on all versions of Tor linked against OpenSSL 1.0.0 or later. Found by Florent Daignière. - - o Major bugfixes: - Discard extraneous renegotiation attempts once the V3 link protocol has been initiated. Failure to do so left us open to a remotely triggerable assertion failure. Fixes CVE-2012-2249; bugfix on 0.2.3.6-alpha. Reported by "some guy from France". + + o Major bugfixes: - Fix a possible crash bug when checking for deactivated circuits in connection_or_flush_from_first_active_circuit(). Fixes bug 6341; bugfix on 0.2.2.7-alpha. Bug report and fix received pseudonymously.