Remote assert in hidden service client code

There is a remote assert in the HS client code, found by DonnCha. Details to follow; adding now so there is a bug number.

changed milestone to %Tor: 0.2.4.x-final

added 2016-bug-retrospective CVE-assigned component::core tor/tor milestone::Tor: 0.2.4.x-final priority::very high resolution::fixed status::closed type::defect labels

7b5f558da4542ecce992a8bdb65851fd4a1713bc and dc3cb0008085d173800724304573dc4ed341c793 have the fix.

Fixed in master, 0.2.6.7, 0.2.5.12 and 0.2.4.27, with tags and signed tarballs available for releases.

Trac:
Resolution: N/A to fixed
Status: new to closed

This is CVE-2015-2929

Trac:
Keywords: N/A deleted, CVE-assigned added

Marking for bug retrospective based on Priority.

Trac:
Keywords: N/A deleted, 2016-bug-retrospective added

Mark more tickets for bug retrospective based on hand-review of changelogs from 0.2.5 onwards.

closed

mentioned in issue #15729 (moved)

moved to tpo/core/tor#15601 (closed)