mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-19 18:00:33 +01:00
Code Issues Projects Releases Wiki Activity

the 0.2.1.32 changelog got lost in the shuffle

Browse Source
This commit is contained in:
Roger Dingledine 2012-09-07 04:32:14 -04:00
parent 9446efc0df
commit 78a3de1443
2 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
ChangeLog
View File

@ -1595,6 +1595,29 @@ Changes in version 0.2.2.35 - 2011-12-16
by removing an absolute path from makensis.exe command.
Changes in version 0.2.1.32 - 2011-12-16
Tor 0.2.1.32 backports important security and privacy fixes for
oldstable. This release is intended only for package maintainers and
others who cannot use the 0.2.2 stable series. All others should be
using Tor 0.2.2.x or newer.
The Tor 0.2.1.x series will reach formal end-of-life some time in
early 2012; we will stop releasing patches for it then.
o Major bugfixes (also included in 0.2.2.x):
- Correctly sanity-check that we don't underflow on a memory
allocation (and then assert) for hidden service introduction
point decryption. Bug discovered by Dan Rosenberg. Fixes bug 4410;
bugfix on 0.2.1.5-alpha.
- Fix a heap overflow bug that could occur when trying to pull
data into the first chunk of a buffer, when that chunk had
already had some data drained from it. Fixes CVE-2011-2778;
bugfix on 0.2.0.16-alpha. Reported by "Vektor".
o Minor features:
- Update to the December 6 2011 Maxmind GeoLite Country database.
Changes in version 0.2.3.9-alpha - 2011-12-08
Tor 0.2.3.9-alpha introduces initial IPv6 support for bridges, adds
a "DisableNetwork" security feature that bundles can use to avoid

23
ReleaseNotes
View File

@ -315,6 +315,29 @@ Changes in version 0.2.2.35 - 2011-12-16
by removing an absolute path from makensis.exe command.
Changes in version 0.2.1.32 - 2011-12-16
Tor 0.2.1.32 backports important security and privacy fixes for
oldstable. This release is intended only for package maintainers and
others who cannot use the 0.2.2 stable series. All others should be
using Tor 0.2.2.x or newer.
The Tor 0.2.1.x series will reach formal end-of-life some time in
early 2012; we will stop releasing patches for it then.
o Major bugfixes (also included in 0.2.2.x):
- Correctly sanity-check that we don't underflow on a memory
allocation (and then assert) for hidden service introduction
point decryption. Bug discovered by Dan Rosenberg. Fixes bug 4410;
bugfix on 0.2.1.5-alpha.
- Fix a heap overflow bug that could occur when trying to pull
data into the first chunk of a buffer, when that chunk had
already had some data drained from it. Fixes CVE-2011-2778;
bugfix on 0.2.0.16-alpha. Reported by "Vektor".
o Minor features:
- Update to the December 6 2011 Maxmind GeoLite Country database.
Changes in version 0.2.2.34 - 2011-10-26
Tor 0.2.2.34 fixes a critical anonymity vulnerability where an attacker
can deanonymize Tor users. Everybody should upgrade.