[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #29158 [Applications/Tor Browser]: Add fix for DSA 4371-1 (apt vulnerability)

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #29158 [Applications/Tor Browser]: Add fix for DSA 4371-1 (apt vulnerability)
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 24 Jan 2019 09:48:49 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 24 Jan 2019 04:49:02 -0500
In-reply-to: <045.fab8e5bebcf1b06c1a9cf456c17be8a2@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.fab8e5bebcf1b06c1a9cf456c17be8a2@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#29158: Add fix for DSA 4371-1 (apt vulnerability)
-------------------------------------------+-------------------------------
 Reporter:  boklm                          |          Owner:  tbb-team
     Type:  defect                         |         Status:
                                           |  needs_revision
 Priority:  High                           |      Milestone:
Component:  Applications/Tor Browser       |        Version:
 Severity:  Normal                         |     Resolution:
 Keywords:  TorBrowserTeam201901, tbb-rbm  |  Actual Points:
Parent ID:                                 |         Points:
 Reviewer:                                 |        Sponsor:
-------------------------------------------+-------------------------------

Comment (by boklm):

 Replying to [comment:6 gk]:
 > The 32bit situation for Linux looks bleak. BUT: I thought we should
 start soon with #26323 anyway. I think this bug is a reason to start now-
 ish with that effort. I guess we could try to squeeze it into 8.5. boklm:
 what do you think?

 Yes, I think it should be possible to do #26323 soon.

 The new apt package is not available yet for i386 at this time:
 http://deb.freexian.com/extended-lts/pool/main/a/apt/

 However maybe they will add it later as looking at the file modification
 time it seems it is not the first time that the i386 package comes later.
 Otherwise we can maybe rebuild the package ourself.

 I started working on a patch installing the apt updated packages into the
 containers:
 https://gitweb.torproject.org/user/boklm/tor-browser-
 build.git/commit/?h=bug_29158_v3&id=4672030e7308f852836092ddcfdce76ae90f797b

 It is currently installing the packages on stretch too, however since
 yesterday they made a stretch point release, so it should not be needed
 anymore (but maybe we can add a check to verify that the correct version
 was installed).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29158#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #29158 [Applications/Tor Browser]: Add fix for DSA 4371-1 (apt vulnerability)
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #29056 [Core Tor/Stem]: Implement bandwidth file parser and formater
Next by Author: Re: [tor-bugs] #23882 [Core Tor/Tor]: Investigate implementing a Rust allocator wrapping tor_malloc
Previous by thread: Re: [tor-bugs] #29158 [Applications/Tor Browser]: Add fix for DSA 4371-1 (apt vulnerability)
Next by thread: Re: [tor-bugs] #29158 [Applications/Tor Browser]: Add fix for DSA 4371-1 (apt vulnerability)
Index(es):
- Author
- Thread