[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor 0.1.0.11 is released: security fix for servers



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


(the recommended versions list hasn't be updated to note this version yet, so a [warn] is produced in the log file)



On 1 Jul, 2005, at 23.02, Roger Dingledine wrote:

Tor 0.1.0.11 fixes a security problem where servers disregard their exit
policies in some circumstances. All server operators running 0.1.0.x or
later are advised to upgrade to 0.1.0.11 [1], downgrade to 0.0.9.10 [2],
or move to the latest Tor CVS [3]. Clients are not affected by this bug.


[1] http://tor.eff.org/download.html
[2] http://tor.eff.org/dist/
[3] http://tor.eff.org/developers.html

  o Bugfixes on 0.1.0.x:
    - Fix major security bug: servers were disregarding their
      exit policies if clients behaved unexpectedly.
    - Make OS X init script check for missing argument, so we don't
      confuse users who invoke it incorrectly.
    - Fix a seg fault in "tor --hash-password foo".
    - The MAPADDRESS control command was broken.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFCxkjb8ndM5mBofVwRAqYLAKCeyBETtRLN/ye6C2emWsjy3+413ACeMLi9
5j4FMNAIJyufV8JDNJyGtXM=
=62ba
-----END PGP SIGNATURE-----