add TROVE-2018-005 to changelog and releasenotes

2018-05-22 12:37:49 -04:00 · 2018-05-22 12:37:49 -04:00 · b6a88173bb
parent f177ec2142
commit b6a88173bb
3 changed files with 16 additions and 8 deletions
--- a/9
+++ b/9
@ -1,4 +1,4 @@
-Changes in version 0.3.3.6 - 2018-05-??
+Changes in version 0.3.3.6 - 2018-05-22
  Tor 0.3.3.6 is the first stable release in the 0.3.3 series. It
  backports several important fixes from the 0.3.4.1-alpha.

@ -13,6 +13,13 @@ Changes in version 0.3.3.6 - 2018-05-??
  Below are the changes since 0.3.3.5-rc. For a list of all changes
  since 0.3.2, see the ReleaseNotes file.

+  o Major bugfixes (security, directory authority, denial-of-service):
+    - Fix a bug that could have allowed an attacker to force a
+      directory authority to use up all its RAM by passing it a
+      maliciously crafted protocol versions string. Fixes bug 25517;
+      bugfix on 0.2.9.4-alpha.  This issue is also tracked as
+      TROVE-2018-005.
+
  o Major bugfixes (directory authorities, security, backport from 0.3.4.1-alpha):
    - When directory authorities read a zero-byte bandwidth file, they
      would previously log a warning with the contents of an
--- a/9
+++ b/9
@ -2,7 +2,7 @@ This document summarizes new features and bugfixes in each stable release
 of Tor. If you want to see more detailed descriptions of the changes in
 each development snapshot, see the ChangeLog file.

-Changes in version 0.3.3.6 - 2018-05-??
+Changes in version 0.3.3.6 - 2018-05-22
  Tor 0.3.3.6 is the first stable release in the 0.3.3 series. It
  backports several important fixes from the 0.3.4.1-alpha.

@ -21,6 +21,13 @@ Changes in version 0.3.3.6 - 2018-05-??
    - When built with Rust, Tor now depends on version 0.2.39 of the
      libc crate. Closes tickets 25310 and 25664.

+  o Major bugfixes (security, directory authority, denial-of-service):
+    - Fix a bug that could have allowed an attacker to force a
+      directory authority to use up all its RAM by passing it a
+      maliciously crafted protocol versions string. Fixes bug 25517;
+      bugfix on 0.2.9.4-alpha.  This issue is also tracked as
+      TROVE-2018-005.
+
  o Major features (denial-of-service mitigation):
    - Give relays some defenses against the recent network overload. We
      start with three defenses (default parameters in parentheses).
--- a/changes/TROVE-2018-005
+++ b/changes/TROVE-2018-005
@ -1,6 +0,0 @@
-  o Major bugfixes (security, directory authority, denial-of-service):
-    - Fix a bug that could have allowed an attacker to force a
-      directory authority to use up all its RAM by passing it a
-      maliciously crafted protocol versions string. Fixes bug 25517;
-      bugfix on 0.2.9.4-alpha.  This issue is also tracked as
-      TROVE-2018-005.