shift the categories around a bit
This commit is contained in:
parent
abfaf217fb
commit
922fb087f9
|
@ -7,19 +7,19 @@ Changes in version 0.2.3.23-rc - 2012-10-20
|
|||
- Add Faravahar (run by Sina Rabbani) as the ninth v3 directory
|
||||
authority. Closes ticket 5749.
|
||||
|
||||
o Major bugfixes (security):
|
||||
o Major bugfixes (security/privacy):
|
||||
- Disable TLS session tickets. OpenSSL's implementation was giving
|
||||
our TLS session keys the lifetime of our TLS context objects, when
|
||||
perfect forward secrecy would want us to discard anything that
|
||||
could decrypt a link connection as soon as the link connection
|
||||
was closed. Fixes bug 7139; bugfix on all versions of Tor linked
|
||||
against OpenSSL 1.0.0 or later. Found by Florent Daignière.
|
||||
|
||||
o Major bugfixes:
|
||||
- Discard extraneous renegotiation attempts once the V3 link
|
||||
protocol has been initiated. Failure to do so left us open to
|
||||
a remotely triggerable assertion failure. Fixes CVE-2012-2249;
|
||||
bugfix on 0.2.3.6-alpha. Reported by "some guy from France".
|
||||
|
||||
o Major bugfixes:
|
||||
- Fix a possible crash bug when checking for deactivated circuits
|
||||
in connection_or_flush_from_first_active_circuit(). Fixes bug 6341;
|
||||
bugfix on 0.2.2.7-alpha. Bug report and fix received pseudonymously.
|
||||
|
|
Loading…
Reference in New Issue