[tor-commits] [tor/release-0.2.2] Actually merge the CVE-2011-2778 log entry into ChangeLog
nickm at torproject.org
nickm at torproject.org
Fri Dec 16 16:59:39 UTC 2011
commit 796563f7f3924fb5f2bed39cd37e1471da657cc4
Author: Nick Mathewson <nickm at torproject.org>
Date: Thu Dec 15 13:14:50 2011 -0500
Actually merge the CVE-2011-2778 log entry into ChangeLog
---
ChangeLog | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index e1bc545..98fb411 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -32,6 +32,10 @@ Changes in version 0.2.2.35 - 2011-12-16
longer receive support after some time in early 2011.
o Major bugfixes:
+ - Fix a heap overflow bug that could occur when trying to pull
+ data into the first chunk of a buffer, when that chunk had
+ already had some data drained from it. Fixes CVE-2011-2778;
+ bugfix on 0.2.0.16-alpha. Reported by "Vektor".
- Initialize Libevent with the EVENT_BASE_FLAG_NOLOCK flag enabled, so
that it doesn't attempt to allocate a socketpair. This could cause
some problems on Windows systems with overzealous firewalls. Fix for
More information about the tor-commits
mailing list