Merge branch 'maint-0.2.6' into maint-0.2.7

2024-11-10 13:13:44 +01:00 · 2017-02-13 15:28:50 -05:00 · 2017-02-13 15:28:50 -05:00 · 5c4235888a
commit 5c4235888a
parent 75fe218b16 e778a411b9
1 changed files with 10 additions and 0 deletions
--- a/changes/bug20384
+++ b/changes/bug20384
@ -0,0 +1,10 @@
+  o Major features (security fixes):
+    - Prevent a class of security bugs caused by treating the contents
+      of a buffer chunk as if they were a NUL-terminated string. At
+      least one such bug seems to be present in all currently used
+      versions of Tor, and would allow an attacker to remotely crash
+      most Tor instances, especially those compiled with extra compiler
+      hardening. With this defense in place, such bugs can't crash Tor,
+      though we should still fix them as they occur. Closes ticket
+      20384 (TROVE-2016-10-001).
+