Home Explore Help
Sign In
sengler
/
tor-parallel-relay-conn
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

The reading-arbitrary-memory bug in June had a CVE too

svn:r5866
Peter Palfrader 19 years ago
parent
ef8787b7ee
commit
17e0d9f238
2 changed files with 8 additions and 5 deletions
Unified View Show Diff Stats
  1. 6 4
      ChangeLog
  2. 2 1
      debian/changelog

+ 6 - 4
ChangeLog
View File 

@@ -740,8 +740,8 @@ Changes in version 0.1.0.15 - 2005-09-23
 
 
 
 Changes in version 0.1.0.14 - 2005-08-08
 
 Changes in version 0.1.0.14 - 2005-08-08
 
   o Bugfixes on 0.1.0.x:
 
   o Bugfixes on 0.1.0.x:
 
-      - Fix the other half of the bug with crypto handshakes.
 
-        (CVE-2005-2643)
 
+      - Fix the other half of the bug with crypto handshakes
 
+        (CVE-2005-2643).
 
       - Fix an assert trigger if you send a 'signal term' via the
 
       - Fix an assert trigger if you send a 'signal term' via the
 
         controller when it's listening for 'event info' messages.
 
         controller when it's listening for 'event info' messages.
 
 
 
@@ -802,7 +802,8 @@ Changes in version 0.1.0.10 - 2005-06-14
 
   o Assert / crash bugs:
 
   o Assert / crash bugs:
 
     - Refuse relay cells that claim to have a length larger than the
 
     - Refuse relay cells that claim to have a length larger than the
 
       maximum allowed. This prevents a potential attack that could read
 
       maximum allowed. This prevents a potential attack that could read
 
-      arbitrary memory (e.g. keys) from an exit server's process.
 
+      arbitrary memory (e.g. keys) from an exit server's process
 
+      (CVE-2005-2050).
 
     - If unofficial Tor clients connect and send weird TLS certs, our
 
     - If unofficial Tor clients connect and send weird TLS certs, our
 
       Tor server triggers an assert. Stop asserting, and start handling
 
       Tor server triggers an assert. Stop asserting, and start handling
 
       TLS errors better in other situations too.
 
       TLS errors better in other situations too.
 
@@ -1128,7 +1129,8 @@ Changes in version 0.0.9.10 - 2005-06-16
 
   o Bugfixes on 0.0.9.x (backported from 0.1.0.10):
 
   o Bugfixes on 0.0.9.x (backported from 0.1.0.10):
 
     - Refuse relay cells that claim to have a length larger than the
 
     - Refuse relay cells that claim to have a length larger than the
 
       maximum allowed. This prevents a potential attack that could read
 
       maximum allowed. This prevents a potential attack that could read
 
-      arbitrary memory (e.g. keys) from an exit server's process.
 
+      arbitrary memory (e.g. keys) from an exit server's process
 
+      (CVE-2005-2050).
 
 
 
 
 
 Changes in version 0.0.9.9 - 2005-04-23
 
 Changes in version 0.0.9.9 - 2005-04-23

+ 2 - 1
debian/changelog
View File 

@@ -202,7 +202,8 @@ tor (0.0.9.10-1) unstable; urgency=high
 
     upload of the 0.0.9.x tree:
 
     upload of the 0.0.9.x tree:
 
     - Refuse relay cells that claim to have a length larger than the
 
     - Refuse relay cells that claim to have a length larger than the
 
       maximum allowed. This prevents a potential attack that could read
 
       maximum allowed. This prevents a potential attack that could read
 
-      arbitrary memory (e.g. keys) from an exit server's process.
 
+      arbitrary memory (e.g. keys) from an exit server's process
 
+      (CVE-2005-2050).
 
 
 
  -- Peter Palfrader <weasel@debian.org>  Thu, 16 Jun 2005 22:56:11 +0200
 
  -- Peter Palfrader <weasel@debian.org>  Thu, 16 Jun 2005 22:56:11 +0200