[tor-commits] [tor/release-0.2.5] whoops; missing changes file for 14013

nickm at torproject.org nickm at torproject.org
Mon Mar 9 17:37:06 UTC 2015


commit 184a2dbbdd27f958f5ac290fe030d1fac2959157
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue Dec 23 10:55:25 2014 -0500

    whoops; missing changes file for 14013
---
 changes/bug14013 |    6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/changes/bug14013 b/changes/bug14013
new file mode 100644
index 0000000..640cf85
--- /dev/null
+++ b/changes/bug14013
@@ -0,0 +1,6 @@
+  o Major bugfixes:
+    - When reading a hexadecimal, base-32, or base-64 encoded value
+      from a string, always overwrite the complete output buffer. This
+      prevents some bugs where we would look at (but fortunately, not
+      reveal) uninitialized memory on the stack. Fixes bug 14013;
+      bugfix on all versions of Tor.





More information about the tor-commits mailing list