be sure to remember the changes file for #20384

author Roger Dingledine <arma@torproject.org>

Mon, 13 Feb 2017 20:22:36 +0000 (15:22 -0500)

committer Roger Dingledine <arma@torproject.org>

Mon, 13 Feb 2017 20:22:36 +0000 (15:22 -0500)
author Roger Dingledine <arma@torproject.org>
Mon, 13 Feb 2017 20:22:36 +0000 (15:22 -0500)
committer Roger Dingledine <arma@torproject.org>
Mon, 13 Feb 2017 20:22:36 +0000 (15:22 -0500)
diff --git a/changes/bug20384 b/changes/bug20384

new file mode 100644 (file)

index 0000000..591015a
--- /dev/null
+++ b/changes/bug20384
@@ -0,0 +1,10 @@
+  o Major features (security fixes):
+    - Prevent a class of security bugs caused by treating the contents
+      of a buffer chunk as if they were a NUL-terminated string. At
+      least one such bug seems to be present in all currently used
+      versions of Tor, and would allow an attacker to remotely crash
+      most Tor instances, especially those compiled with extra compiler
+      hardening. With this defense in place, such bugs can't crash Tor,
+      though we should still fix them as they occur. Closes ticket
+      20384 (TROVE-2016-10-001).
+
author	Roger Dingledine <arma@torproject.org>
	Mon, 13 Feb 2017 20:22:36 +0000 (15:22 -0500)
committer	Roger Dingledine <arma@torproject.org>
	Mon, 13 Feb 2017 20:22:36 +0000 (15:22 -0500)