Remote assert in hidden service code

There is a remote assert in the HS server code, reported by disgleirio. Adding this ticket now so that we have a bug number. More info to follow.

changed milestone to %Tor: 0.2.4.x-final

added 2016-bug-retrospective CVE-assigned component::core tor/tor milestone::Tor: 0.2.4.x-final priority::very high resolution::fixed status::closed type::defect labels

49ddd92c115c6943c4602d44f52c22b6f47698e8

Trac:
Description: There is a remote assert in the HS server code, reported by skruffy. Adding this ticket now so that we have a bug number. More info to follow.

to

There is a remote assert in the HS server code, reported by disgleirio. Adding this ticket now so that we have a bug number. More info to follow.

whoops, wrong pseudonym in original comment.

Fixed in master, 0.2.6.7, 0.2.5.12 and 0.2.4.27, with tags and signed tarballs available for releases.

Trac:
Resolution: N/A to fixed
Status: new to closed

This is CVE-2015-2928

Trac:
Keywords: N/A deleted, CVE-assigned added

Marking for bug retrospective based on Priority.

Trac:
Keywords: N/A deleted, 2016-bug-retrospective added

Mark more tickets for bug retrospective based on hand-review of changelogs from 0.2.5 onwards.

closed

moved to tpo/core/tor#15600 (closed)