From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 5 Feb 2020 17:02:32 +0000 (-0500)
Subject: changes file for 33119 aka TROVE-2020-002
X-Git-Tag: tor-0.4.1.9~3^2~1^2~2^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d0bce65ce2426793a975e691204c3fb2ac667f66;p=thirdparty%2Ftor.git

changes file for 33119 aka TROVE-2020-002
---

diff --git a/changes/ticket33119 b/changes/ticket33119
new file mode 100644
index 0000000000..11c20bc7a2
--- /dev/null
+++ b/changes/ticket33119
@@ -0,0 +1,8 @@
+  o Major bugfixes (security, denial-of-service):
+    - Fix a denial-of-service bug that could be used by anyone to consume a
+      bunch of CPU on any Tor relay or authority, or by directories to
+      consume a bunch of CPU on clients or hidden services. Because
+      of the potential for CPU consumption to introduce observable
+      timing patterns, we are treating this as a high-severity security
+      issue.  Fixes bug 33119; bugfix on 0.2.1.5-alpha. We are also tracking
+      this issue as TROVE-2020-002.