explain that bug 5090 allows a post-auth heap overflow

author Roger Dingledine <arma@torproject.org>

Mon, 26 Mar 2012 03:09:23 +0000 (23:09 -0400)

committer Roger Dingledine <arma@torproject.org>

Mon, 26 Mar 2012 03:09:23 +0000 (23:09 -0400)
author Roger Dingledine <arma@torproject.org>
Mon, 26 Mar 2012 03:09:23 +0000 (23:09 -0400)
committer Roger Dingledine <arma@torproject.org>
Mon, 26 Mar 2012 03:09:23 +0000 (23:09 -0400)
diff --git a/ChangeLog b/ChangeLog

index 5de4d6323b7a1e14e33e06bc014e649c1de05bcf..a6dc608889370cb84cc69537e4732cd816768b30 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -43,8 +43,11 @@ Changes in version 0.2.3.13-alpha - 2012-03-1?
      - Detect and reject certain misformed escape sequences in
        configuration values. Previously, these values would cause us
        to crash if received in a torrc file or over an (authenticated)
-      control port. Bug found by Esteban Manchado Velázquez. Patch by
-      "flupzor". Fixes bug 5090; bugfix on 0.2.0.16-alpha.
+      control port. Bug found by Esteban Manchado Velázquez, and
+      independently by Robert Connolly from Matta Consulting who further
+      noted that it allows a post-authentication heap overflow. Patch
+      by "flupzor". Fixes bugs 5090 and 5402 (CVE 2012-1668); bugfix
+      on 0.2.0.16-alpha.
      - Ensure that variables set in Tor's environment cannot override
        environment variables which Tor tries to pass to a managed
        pluggable-transport proxy. Previously, Tor would pass every
author	Roger Dingledine <arma@torproject.org>
	Mon, 26 Mar 2012 03:09:23 +0000 (23:09 -0400)
committer	Roger Dingledine <arma@torproject.org>
	Mon, 26 Mar 2012 03:09:23 +0000 (23:09 -0400)