From e5541996b7a63313820e4ac635a6beac0f09acc8 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 22 May 2018 12:21:00 -0400 Subject: [PATCH] changes file for TROVE-2018-005 --- changes/TROVE-2018-005 | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 changes/TROVE-2018-005 diff --git a/changes/TROVE-2018-005 b/changes/TROVE-2018-005 new file mode 100644 index 000000000..769c653f4 --- /dev/null +++ b/changes/TROVE-2018-005 @@ -0,0 +1,6 @@ + o Major bugfixes (security, directory authority, denial-of-service): + - Fix a bug that could have allowed an attacker to force a + directory authority to use up all its RAM by passing it a + maliciously crafted protocol versions string. Fixes bug 25517; + bugfix on 0.2.9.4-alpha. This issue is also tracked as + TROVE-2018-005.