minor cleanup on already published changelog text

2011-10-27 20:16:33 -04:00 · 2011-10-27 20:16:33 -04:00 · e234c1cd23
parent abd34f1527
commit e234c1cd23
2 changed files with 10 additions and 10 deletions
--- a/10
+++ b/10
@ -17,11 +17,11 @@ Changes in version 0.2.1.31 - 2011-10-26

  o Privacy/anonymity fixes (also included in 0.2.2.x):
    - Clients and bridges no longer send TLS certificate chains on
-      outgoing OR connections. Previously, each client or bridge
-      would use the same cert chain for all outgoing OR connections
-      for up to 24 hours, which allowed any relay that the client or
-      bridge contacted to determine which entry guards it is using.
-      Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by frosty_un.
+      outgoing OR connections. Previously, each client or bridge would
+      use the same cert chain for all outgoing OR connections until
+      its IP address changes, which allowed any relay that the client
+      or bridge contacted to determine which entry guards it is using.
+      Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un".
    - If a relay receives a CREATE_FAST cell on a TLS connection, it
      no longer considers that connection as suitable for satisfying a
      circuit EXTEND request. Now relays can protect clients from the
--- a/10
+++ b/10
@ -22,11 +22,11 @@ Changes in version 0.2.1.31 - 2011-10-26

  o Privacy/anonymity fixes (also included in 0.2.2.x):
    - Clients and bridges no longer send TLS certificate chains on
-      outgoing OR connections. Previously, each client or bridge
-      would use the same cert chain for all outgoing OR connections
-      for up to 24 hours, which allowed any relay that the client or
-      bridge contacted to determine which entry guards it is using.
-      Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by frosty_un.
+      outgoing OR connections. Previously, each client or bridge would
+      use the same cert chain for all outgoing OR connections until
+      its IP address changes, which allowed any relay that the client
+      or bridge contacted to determine which entry guards it is using.
+      Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un".
    - If a relay receives a CREATE_FAST cell on a TLS connection, it
      no longer considers that connection as suitable for satisfying a
      circuit EXTEND request. Now relays can protect clients from the