nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 05:03:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

The reading-arbitrary-memory bug in June had a CVE too

Browse Source 
svn:r5866
This commit is contained in:
Peter Palfrader 2006-01-25 12:26:21 +00:00
parent ef8787b7ee
commit 17e0d9f238
2 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ChangeLog
View File

@ -740,8 +740,8 @@ Changes in version 0.1.0.15 - 2005-09-23
Changes in version 0.1.0.14 - 2005-08-08 Changes in version 0.1.0.14 - 2005-08-08
o Bugfixes on 0.1.0.x: o Bugfixes on 0.1.0.x:
- Fix the other half of the bug with crypto handshakes. - Fix the other half of the bug with crypto handshakes
(CVE-2005-2643) (CVE-2005-2643).
- Fix an assert trigger if you send a 'signal term' via the - Fix an assert trigger if you send a 'signal term' via the
controller when it's listening for 'event info' messages. controller when it's listening for 'event info' messages.
@ -802,7 +802,8 @@ Changes in version 0.1.0.10 - 2005-06-14
o Assert / crash bugs: o Assert / crash bugs:
- Refuse relay cells that claim to have a length larger than the - Refuse relay cells that claim to have a length larger than the
maximum allowed. This prevents a potential attack that could read maximum allowed. This prevents a potential attack that could read
arbitrary memory (e.g. keys) from an exit server's process. arbitrary memory (e.g. keys) from an exit server's process
(CVE-2005-2050).
- If unofficial Tor clients connect and send weird TLS certs, our - If unofficial Tor clients connect and send weird TLS certs, our
Tor server triggers an assert. Stop asserting, and start handling Tor server triggers an assert. Stop asserting, and start handling
TLS errors better in other situations too. TLS errors better in other situations too.
@ -1128,7 +1129,8 @@ Changes in version 0.0.9.10 - 2005-06-16
o Bugfixes on 0.0.9.x (backported from 0.1.0.10): o Bugfixes on 0.0.9.x (backported from 0.1.0.10):
- Refuse relay cells that claim to have a length larger than the - Refuse relay cells that claim to have a length larger than the
maximum allowed. This prevents a potential attack that could read maximum allowed. This prevents a potential attack that could read
arbitrary memory (e.g. keys) from an exit server's process. arbitrary memory (e.g. keys) from an exit server's process
(CVE-2005-2050).
Changes in version 0.0.9.9 - 2005-04-23 Changes in version 0.0.9.9 - 2005-04-23

3
debian/changelog vendored
View File

@ -202,7 +202,8 @@ tor (0.0.9.10-1) unstable; urgency=high
upload of the 0.0.9.x tree: upload of the 0.0.9.x tree:
- Refuse relay cells that claim to have a length larger than the - Refuse relay cells that claim to have a length larger than the
maximum allowed. This prevents a potential attack that could read maximum allowed. This prevents a potential attack that could read
arbitrary memory (e.g. keys) from an exit server's process. arbitrary memory (e.g. keys) from an exit server's process
(CVE-2005-2050).
-- Peter Palfrader <weasel@debian.org> Thu, 16 Jun 2005 22:56:11 +0200 -- Peter Palfrader <weasel@debian.org> Thu, 16 Jun 2005 22:56:11 +0200