Try to write a trove-2017-001 blurb

ChangeLog

@@ -1,5 +1,20 @@
 Changes in version 0.2.9.9 - 2017-01-23
-  Blurb here
+  Tor 0.2.9.9 fixes a denial-of-service bug where an attacker could
+  cause relays and clients (including hidden services) to crash, even if
+  they were not built with the --enable-expensive-hardening option. This
+  bug affects all 0.2.9.x versions, and also affects 0.3.0.1-alpha: all
+  relays running an affected version should upgrade.
+
+  This release also resolves a client-side onion service reachability
+  bug, and relays a pair of small portability issues.
+
+  o Major bugfixes (security):
+    - Downgrade the "-ftrapv" option from "always on" to "only on when
+      --enable-expensive-hardening is provided." This hardening option,
+      like others, can turn survivable bugs into crashes--and having it
+      on by default made a (relatively harmless) integer overflow bug
+      into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001);
+      bugfix on 0.2.9.1-alpha.
 
   o Major bugfixes (client, onion service):
     - Fix a client-side onion service reachability bug, where multiple

changes/trove-2017-001

@@ -1,8 +0,0 @@
-  o Major bugfixes (security):
-    - Downgrade the "-ftrapv" option from "always on" to "only on when
-      --enable-expensive-hardening is provided."  This hardening option, like
-      others, can turn survivable bugs into crashes--and having it on by
-      default made a (relatively harmless) integer overflow bug into a
-      denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); bugfix on
-      0.2.9.1-alpha.
-