whoops; missing changes file for 14013

author Nick Mathewson <nickm@torproject.org>

Tue, 23 Dec 2014 15:55:25 +0000 (10:55 -0500)

committer Nick Mathewson <nickm@torproject.org>

Tue, 23 Dec 2014 15:55:25 +0000 (10:55 -0500)
author Nick Mathewson <nickm@torproject.org>
Tue, 23 Dec 2014 15:55:25 +0000 (10:55 -0500)
committer Nick Mathewson <nickm@torproject.org>
Tue, 23 Dec 2014 15:55:25 +0000 (10:55 -0500)
diff --git a/changes/bug14013 b/changes/bug14013

new file mode 100644 (file)

index 0000000..640cf85
--- /dev/null
+++ b/changes/bug14013
@@ -0,0 +1,6 @@
+  o Major bugfixes:
+    - When reading a hexadecimal, base-32, or base-64 encoded value
+      from a string, always overwrite the complete output buffer. This
+      prevents some bugs where we would look at (but fortunately, not
+      reveal) uninitialized memory on the stack. Fixes bug 14013;
+      bugfix on all versions of Tor.
author	Nick Mathewson <nickm@torproject.org>
	Tue, 23 Dec 2014 15:55:25 +0000 (10:55 -0500)
committer	Nick Mathewson <nickm@torproject.org>
	Tue, 23 Dec 2014 15:55:25 +0000 (10:55 -0500)