[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

To: nusenu <nusenu@xxxxxxxxxxxxxxx>
Subject: Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
From: Juuso Lapinlampi <wub@xxxxxxxxxxx>
Date: Wed, 26 Oct 2016 02:39:13 +0000
Cc: tor-relays@xxxxxxxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 25 Oct 2016 22:39:30 -0400
In-reply-to: <f4620b8b-585b-20fa-8295-1a87751d7bad@openmailbox.org>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <f4620b8b-585b-20fa-8295-1a87751d7bad@openmailbox.org>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

On Tue, Oct 25, 2016 at 09:48:00PM +0000, nusenu wrote:
> It is not possible to reliable determine the exact CW fraction
> affected[1] due to the fact that patches were released that didn't
> increase tor's version number.

In the case of OpenBSD, MTier published a binary package (patch) only
yesterday. I had reported them to update on 2016-10-19 to use a patch
from openbsd-ports@ mailing list (net/tor port maintainer).

Consequently, OpenBSD 6.0's -stable has tor-0.2.7.6p1 (vulnerable) and
MTier's binary packages have tor-0.2.7.6p2 (not vulnerable). -snapshots
has tor-0.2.8.9.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
  - From: nusenu

Prev by Author: Re: [tor-relays] Interrogated by Finnish police for alleged idendity crimes, fraud and attempts of fraud
Next by Author: [tor-relays] Interrogated by Finnish police for alleged idendity crimes, fraud and attempts of fraud
Previous by thread: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
Next by thread: Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
Index(es):
- Author
- Thread