mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
explain that bug 5090 allows a post-auth heap overflow
resolves bug 5402.
This commit is contained in:
parent
fe2b177cfb
commit
bca8bf62c6
@ -43,8 +43,11 @@ Changes in version 0.2.3.13-alpha - 2012-03-1?
|
|||||||
- Detect and reject certain misformed escape sequences in
|
- Detect and reject certain misformed escape sequences in
|
||||||
configuration values. Previously, these values would cause us
|
configuration values. Previously, these values would cause us
|
||||||
to crash if received in a torrc file or over an (authenticated)
|
to crash if received in a torrc file or over an (authenticated)
|
||||||
control port. Bug found by Esteban Manchado Velázquez. Patch by
|
control port. Bug found by Esteban Manchado Velázquez, and
|
||||||
"flupzor". Fixes bug 5090; bugfix on 0.2.0.16-alpha.
|
independently by Robert Connolly from Matta Consulting who further
|
||||||
|
noted that it allows a post-authentication heap overflow. Patch
|
||||||
|
by "flupzor". Fixes bugs 5090 and 5402 (CVE 2012-1668); bugfix
|
||||||
|
on 0.2.0.16-alpha.
|
||||||
- Ensure that variables set in Tor's environment cannot override
|
- Ensure that variables set in Tor's environment cannot override
|
||||||
environment variables which Tor tries to pass to a managed
|
environment variables which Tor tries to pass to a managed
|
||||||
pluggable-transport proxy. Previously, Tor would pass every
|
pluggable-transport proxy. Previously, Tor would pass every
|
||||||
|
Loading…
Reference in New Issue
Block a user