From 50b06a2b76190170e9f80739f022696755b54b99 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Sat, 15 Jan 2011 10:54:58 -0500 Subject: [PATCH] make the description of tolen_asserts more dire We have a CVE # for this bug. --- changes/tolen_asserts | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/changes/tolen_asserts b/changes/tolen_asserts index 90cdb2d75e..a9834ab669 100644 --- a/changes/tolen_asserts +++ b/changes/tolen_asserts @@ -1,9 +1,8 @@ o Major bugfixes (security) - Fix a heap overflow bug where an adversary could cause heap - corruption. Since the contents of the corruption would need to be - the output of an RSA decryption, we do not think this is easy to - turn in to a remote code execution attack, but everybody should - upgrade anyway. Found by debuger. Bugfix on 0.1.2.10-rc. + corruption. This bug potentially allows remote code execution + attacks. Found by debuger. Fixes CVE-2011-0427. Bugfix on + 0.1.2.10-rc. o Defensive programming - Introduce output size checks on all of our decryption functions.