tor 0.2.7.8 changelog

This commit is contained in:
Nick Mathewson 2017-06-08 09:56:15 -04:00
parent 2c57e3e5e9
commit 3db01d3b56
7 changed files with 44 additions and 22 deletions

View File

@ -1,3 +1,25 @@
Changes in version 0.2.7.8 - 2017-06-08
Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to
remotely crash a hidden service with an assertion failure. Anyone
running a hidden service should upgrade to this version, or to some
other version with fixes for TROVE-2017-005. (Versions before 0.3.0
are not affected by TROVE-2017-004.)
o Major bugfixes (hidden service, relay, security):
- Fix a remotely triggerable assertion failure caused by receiving a
BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
on 0.2.2.1-alpha.
o Minor features (geoip):
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
Country database.
o Minor bugfixes (correctness):
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
Changes in version 0.2.7.7 - 2017-03-03
Tor 0.2.7.7 backports a number of security fixes from later Tor
releases. Anybody running Tor 0.2.7.6 or earlier should upgrade to

View File

@ -2,6 +2,28 @@ This document summarizes new features and bugfixes in each stable release
of Tor. If you want to see more detailed descriptions of the changes in
each development snapshot, see the ChangeLog file.
Changes in version 0.2.7.8 - 2017-06-08
Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to
remotely crash a hidden service with an assertion failure. Anyone
running a hidden service should upgrade to this version, or to some
other version with fixes for TROVE-2017-005. (Versions before 0.3.0
are not affected by TROVE-2017-004.)
o Major bugfixes (hidden service, relay, security):
- Fix a remotely triggerable assertion failure caused by receiving a
BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
on 0.2.2.1-alpha.
o Minor features (geoip):
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
Country database.
o Minor bugfixes (correctness):
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
Changes in version 0.2.7.7 - 2017-03-03
Tor 0.2.7.7 backports a number of security fixes from later Tor
releases. Anybody running Tor 0.2.7.6 or earlier should upgrade to

View File

@ -1,3 +0,0 @@
o Minor bugfixes (correctness):
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.

View File

@ -1,4 +0,0 @@
o Minor features:
- Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2
Country database.

View File

@ -1,4 +0,0 @@
o Minor features:
- Update geoip and geoip6 to the March 7 2017 Maxmind GeoLite2
Country database.

View File

@ -1,4 +0,0 @@
o Minor features:
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
Country database.

View File

@ -1,7 +0,0 @@
o Major bugfixes (hidden service, relay, security):
- Fix an assertion failure caused by receiving a BEGIN_DIR cell on
a hidden service rendezvous circuit. Fixes bug 22494, tracked as
TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. Found
by armadev.