From: Nick Mathewson <nickm@torproject.org>
Date: Sat, 15 Jan 2011 15:54:58 +0000 (-0500)
Subject: make the description of tolen_asserts more dire
X-Git-Tag: tor-0.2.1.29~6^2~6
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=50b06a2b76190170e9f80739f022696755b54b99;p=thirdparty%2Ftor.git

make the description of tolen_asserts more dire

We have a CVE # for this bug.
---

diff --git a/changes/tolen_asserts b/changes/tolen_asserts
index 90cdb2d75e..a9834ab669 100644
--- a/changes/tolen_asserts
+++ b/changes/tolen_asserts
@@ -1,9 +1,8 @@
   o Major bugfixes (security)
     - Fix a heap overflow bug where an adversary could cause heap
-      corruption.  Since the contents of the corruption would need to be
-      the output of an RSA decryption, we do not think this is easy to
-      turn in to a remote code execution attack, but everybody should
-      upgrade anyway.  Found by debuger.  Bugfix on 0.1.2.10-rc.
+      corruption.  This bug potentially allows remote code execution
+      attacks.  Found by debuger.  Fixes CVE-2011-0427.  Bugfix on
+      0.1.2.10-rc.
   o Defensive programming
     - Introduce output size checks on all of our decryption functions.