mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 15:43:32 +01:00
Add changes file for #30040.
This commit is contained in:
parent
9ce0bdd226
commit
2cdc6b2005
9
changes/bug30040
Normal file
9
changes/bug30040
Normal file
@ -0,0 +1,9 @@
|
||||
o Minor bugfixes (security):
|
||||
- Fix a potential double free bug when reading huge bandwidth files. The
|
||||
issue is not exploitable in the current Tor network because the
|
||||
vulnerable code is only reached when directory authorities read bandwidth
|
||||
files, but bandwidth files come from a trusted source (usually the
|
||||
authorities themselves). Furthermore, the issue is only exploitable in
|
||||
rare (non-POSIX) 32-bit architectures which are not used by any of the
|
||||
current authorities. Fixes bug 30040; bugfix on 0.3.5.1-alpha. Bug found
|
||||
and fixed by Tobias Stoeckmann.
|
Loading…
Reference in New Issue
Block a user