|
@@ -1,10 +0,0 @@
|
|
|
- o Major bugfixes (security):
|
|
|
- - When checking for replays in the INTRODUCE1 cell data for a (legacy)
|
|
|
- hiddden service, correctly detect replays in the RSA-encrypted part of
|
|
|
- the cell. We were previously checking for replays on the entire cell,
|
|
|
- but those can be circumvented due to the malleability of Tor's legacy
|
|
|
- hybrid encryption. This fix helps prevent a traffic confirmation
|
|
|
- attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also
|
|
|
- tracked as TROVE-2017-009 and CVE-2017-8819.
|
|
|
-
|
|
|
-
|