]> git.rkrishnan.org Git - tahoe-lafs/tahoe-lafs.git/blobdiff - NEWS.rst
projects / tahoe-lafs / tahoe-lafs.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
merge NEWS about the mutable file bounds fixes with NEWS about work-in-progress
[tahoe-lafs/tahoe-lafs.git] / NEWS.rst
diff --git a/NEWS.rst b/NEWS.rst
index 40ef4b83d33f6d1bad27adac46f6be045bf71d64..b916844436b4853c5435f621c9fd24d16b630461 100644 (file)
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -76,6 +76,17 @@ Compatibility and Dependencies
 .. _`#1438`: http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1438
 
 
+** Security-related Bugfix
+
+ - Fix flaw that would allow a person who knows a storage index of a file to
+   delete shares of that file (#1528).
+ - Remove corner cases in mutable file bounds management which could expose
+   extra lease info or old share data (from prior versions of the mutable
+   file) if someone with write authority to that mutable file exercised these
+   corner cases in a way that no actual Tahoe-LAFS client does. (Probably not
+   exploitable.) (#1528).
+
+
 Release 1.8.2 (2011-01-30)
 --------------------------
 
Unnamed repository; edit this file 'description' to name the repository.