diff options
| author | Fabian Keil <fk@fabiankeil.de> | 2026-03-28 17:23:54 +0000 |
|---|---|---|
| committer | Yuri Victorovich <yuri@FreeBSD.org> | 2026-03-28 17:25:55 +0000 |
| commit | b1c015b7cc8c4d436d82cecda7c0f322091d659b (patch) | |
| tree | e475caa737d5177751a719e55f09c4f1027362ac /graphics/goom/(public-mirror) | |
| parent | 000e016f64cc0b4fb7a483672c98adc451939c6d (diff) | |
Quoting the announcement at:
<https://lists.torproject.org/mailman3/hyperkitty/list/tor-announce@lists.torproject.org/message/MDZTQ6KHN7YPUPE2GQYYQQFNP3KCMK3M/>
Changes in version 0.4.9.6 - 2026-03-25
This is a security release fixing major bugfixes that could possibly lead to
remote crashing relays. We strongly recommend upgrading as soon as possible.
o Major bugfix (security):
- Fix a stack overflow of 11 bytes on malicious CREATED2. This lead
to a remote crash. TROVE-2026-003. Reported-by: Anas Cherni of
Calif.io. Fixes bug 41231; bugfix on 0.4.9.1-alpha.
o Major bugfix (security, conflux):
- Fix a memory compare using the wrong length. This could lead to a
remote crash when using the conflux subsystem. TROVE-2026-004.
Fixes bug 41232; bugfix on 0.4.8.1-alpha.
o Minor bugfixes (security):
- Fix a series of defense in depth security issues found across the
codebase. Fixes bug 41228; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (portability):
- (Hopefully) fix our polyval implementation on big-endian
platforms. Fixes bug 41215; bugfix on 0.4.9.3-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on March 25, 2026.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2026/03/25.
PR: 294064
Diffstat (limited to 'graphics/goom/(public-mirror)')
0 files changed, 0 insertions, 0 deletions