From 62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 27 Aug 2012 11:52:51 -0400
Subject: Do not assert when comparing a null address/port against a policy

This can create a remote crash opportunity for/against directory
authorities.
---
 changes/bug6690 | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 changes/bug6690

(limited to 'changes')

diff --git a/changes/bug6690 b/changes/bug6690
new file mode 100644
index 000000000..99d42976e
--- /dev/null
+++ b/changes/bug6690
@@ -0,0 +1,7 @@
+  o Major bugfixes (security):
+    - Do not crash when comparing an address with port value 0 to an
+      address policy. This bug could have been used to cause a remote
+      assertion failure by or against directory authorities, or to
+      allow some applications to crash clients. Fixes bug 6690; bugfix
+      on 0.2.1.10-alpha.
+
-- 
cgit v1.2.3