commit d0bce65ce2426793a975e691204c3fb2ac667f66 parent f160212ee855b6899063f2e9355abd59105d6a04 Author: Nick Mathewson <nickm@torproject.org> Date: Wed, 5 Feb 2020 12:02:32 -0500 changes file for 33119 aka TROVE-2020-002 Diffstat:
| A | changes/ticket33119 | | | 8 | ++++++++ |
1 file changed, 8 insertions(+), 0 deletions(-)
diff --git a/changes/ticket33119 b/changes/ticket33119 @@ -0,0 +1,8 @@ + o Major bugfixes (security, denial-of-service): + - Fix a denial-of-service bug that could be used by anyone to consume a + bunch of CPU on any Tor relay or authority, or by directories to + consume a bunch of CPU on clients or hidden services. Because + of the potential for CPU consumption to introduce observable + timing patterns, we are treating this as a high-severity security + issue. Fixes bug 33119; bugfix on 0.2.1.5-alpha. We are also tracking + this issue as TROVE-2020-002.