[or-cvs] [tor/release-0.2.2] make the description of tolen_asserts more dire

arma at torproject.org arma at torproject.org
Sat Jan 15 22:31:51 UTC 2011

commit 50b06a2b76190170e9f80739f022696755b54b99
Author: Nick Mathewson <nickm at torproject.org>
Date:   Sat Jan 15 10:54:58 2011 -0500

    make the description of tolen_asserts more dire
    We have a CVE # for this bug.
 changes/tolen_asserts |    7 +++----
 1 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/changes/tolen_asserts b/changes/tolen_asserts
index 90cdb2d..a9834ab 100644
--- a/changes/tolen_asserts
+++ b/changes/tolen_asserts
@@ -1,9 +1,8 @@
   o Major bugfixes (security)
     - Fix a heap overflow bug where an adversary could cause heap
-      corruption.  Since the contents of the corruption would need to be
-      the output of an RSA decryption, we do not think this is easy to
-      turn in to a remote code execution attack, but everybody should
-      upgrade anyway.  Found by debuger.  Bugfix on
+      corruption.  This bug potentially allows remote code execution
+      attacks.  Found by debuger.  Fixes CVE-2011-0427.  Bugfix on
   o Defensive programming
     - Introduce output size checks on all of our decryption functions.

More information about the tor-commits mailing list