From: Roger Dingledine Date: Mon, 7 Mar 2016 18:05:40 +0000 (-0500) Subject: 0.2.5.12 got left out of the changelog somehow X-Git-Tag: tor-0.2.8.2-alpha~79 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=63b4ce1f7e7e87e51c840bd0cc736e66d08aa92f;p=thirdparty%2Ftor.git 0.2.5.12 got left out of the changelog somehow --- diff --git a/ChangeLog b/ChangeLog index 6ab821f9b3..c39ea1973d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1400,6 +1400,30 @@ Changes in version 0.2.4.27 - 2015-04-06 Resolves ticket 15515. +Changes in version 0.2.5.12 - 2015-04-06 + Tor 0.2.5.12 backports two fixes from 0.2.6.7 for security issues that + could be used by an attacker to crash hidden services, or crash clients + visiting hidden services. Hidden services should upgrade as soon as + possible; clients should upgrade whenever packages become available. + + This release also backports a simple improvement to make hidden + services a bit less vulnerable to denial-of-service attacks. + + o Major bugfixes (security, hidden service): + - Fix an issue that would allow a malicious client to trigger an + assertion failure and halt a hidden service. Fixes bug 15600; + bugfix on 0.2.1.6-alpha. Reported by "disgleirio". + - Fix a bug that could cause a client to crash with an assertion + failure when parsing a malformed hidden service descriptor. Fixes + bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC". + + o Minor features (DoS-resistance, hidden service): + - Introduction points no longer allow multiple INTRODUCE1 cells to + arrive on the same circuit. This should make it more expensive for + attackers to overwhelm hidden services with introductions. + Resolves ticket 15515. + + Changes in version 0.2.6.7 - 2015-04-06 Tor 0.2.6.7 fixes two security issues that could be used by an attacker to crash hidden services, or crash clients visiting hidden