Add changes file for #30040.

author George Kadianakis <desnacked@riseup.net>

Tue, 9 Apr 2019 14:30:14 +0000 (17:30 +0300)

committer George Kadianakis <desnacked@riseup.net>

Wed, 10 Apr 2019 09:46:27 +0000 (12:46 +0300)
author George Kadianakis <desnacked@riseup.net>
Tue, 9 Apr 2019 14:30:14 +0000 (17:30 +0300)
committer George Kadianakis <desnacked@riseup.net>
Wed, 10 Apr 2019 09:46:27 +0000 (12:46 +0300)
diff --git a/changes/bug30040 b/changes/bug30040

new file mode 100644 (file)

index 0000000..7d80528
--- /dev/null
+++ b/changes/bug30040
@@ -0,0 +1,9 @@
+  o Minor bugfixes (security):
+    - Fix a potential double free bug when reading huge bandwidth files. The
+      issue is not exploitable in the current Tor network because the
+      vulnerable code is only reached when directory authorities read bandwidth
+      files, but bandwidth files come from a trusted source (usually the
+      authorities themselves). Furthermore, the issue is only exploitable in
+      rare (non-POSIX) 32-bit architectures which are not used by any of the
+      current authorities. Fixes bug 30040; bugfix on 0.3.5.1-alpha. Bug found
+      and fixed by Tobias Stoeckmann.
author	George Kadianakis <desnacked@riseup.net>
	Tue, 9 Apr 2019 14:30:14 +0000 (17:30 +0300)
committer	George Kadianakis <desnacked@riseup.net>
	Wed, 10 Apr 2019 09:46:27 +0000 (12:46 +0300)