Try to write a trove-2017-001 blurb
This commit is contained in:
parent
84a9ff0feb
commit
956d08fe87
17
ChangeLog
17
ChangeLog
|
@ -1,5 +1,20 @@
|
||||||
Changes in version 0.2.9.9 - 2017-01-23
|
Changes in version 0.2.9.9 - 2017-01-23
|
||||||
Blurb here
|
Tor 0.2.9.9 fixes a denial-of-service bug where an attacker could
|
||||||
|
cause relays and clients (including hidden services) to crash, even if
|
||||||
|
they were not built with the --enable-expensive-hardening option. This
|
||||||
|
bug affects all 0.2.9.x versions, and also affects 0.3.0.1-alpha: all
|
||||||
|
relays running an affected version should upgrade.
|
||||||
|
|
||||||
|
This release also resolves a client-side onion service reachability
|
||||||
|
bug, and relays a pair of small portability issues.
|
||||||
|
|
||||||
|
o Major bugfixes (security):
|
||||||
|
- Downgrade the "-ftrapv" option from "always on" to "only on when
|
||||||
|
--enable-expensive-hardening is provided." This hardening option,
|
||||||
|
like others, can turn survivable bugs into crashes--and having it
|
||||||
|
on by default made a (relatively harmless) integer overflow bug
|
||||||
|
into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001);
|
||||||
|
bugfix on 0.2.9.1-alpha.
|
||||||
|
|
||||||
o Major bugfixes (client, onion service):
|
o Major bugfixes (client, onion service):
|
||||||
- Fix a client-side onion service reachability bug, where multiple
|
- Fix a client-side onion service reachability bug, where multiple
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
o Major bugfixes (security):
|
|
||||||
- Downgrade the "-ftrapv" option from "always on" to "only on when
|
|
||||||
--enable-expensive-hardening is provided." This hardening option, like
|
|
||||||
others, can turn survivable bugs into crashes--and having it on by
|
|
||||||
default made a (relatively harmless) integer overflow bug into a
|
|
||||||
denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); bugfix on
|
|
||||||
0.2.9.1-alpha.
|
|
||||||
|
|
Loading…
Reference in New Issue