[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #20431 [Core Tor/DirAuth]: do not recommend vulnerable tor versions - update "recommended versions"

Subject: Re: [tor-bugs] #20431 [Core Tor/DirAuth]: do not recommend vulnerable tor versions - update "recommended versions"
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sun, 23 Oct 2016 15:08:06 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 23 Oct 2016 11:08:16 -0400
In-reply-to: <051.3bf105b3394bd50b14362283f2336032@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.3bf105b3394bd50b14362283f2336032@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#20431: do not recommend vulnerable tor versions - update "recommended versions"
------------------------------+---------------------
 Reporter:  cypherpunks       |          Owner:
     Type:  defect            |         Status:  new
 Priority:  Medium            |      Milestone:
Component:  Core Tor/DirAuth  |        Version:
 Severity:  Normal            |     Resolution:
 Keywords:                    |  Actual Points:
Parent ID:                    |         Points:
 Reviewer:                    |        Sponsor:
------------------------------+---------------------

Comment (by cypherpunks):

 current set of recommended versions https://consensus-
 health.torproject.org/ :
 {{{
 server-versions 0.2.4.26, 0.2.4.27, 0.2.5.11, 0.2.5.12, 0.2.6.5-rc,
 0.2.6.6, 0.2.6.7, 0.2.6.8, 0.2.6.9, 0.2.6.10, 0.2.7.1-alpha,
 0.2.7.2-alpha, 0.2.7.3-rc, 0.2.7.4-rc, 0.2.7.5, 0.2.7.6, 0.2.8.1-alpha,
 0.2.8.2-alpha, 0.2.8.3-alpha, 0.2.8.4-rc, 0.2.8.5-rc, 0.2.8.6, 0.2.8.7,
 0.2.8.8, 0.2.8.9, 0.2.9.1-alpha, 0.2.9.2-alpha, 0.2.9.3-alpha,
 0.2.9.4-alpha
 }}}

 can be reduced to:
 {{{
 server-versions 0.2.4.27, 0.2.5.12, 0.2.8.9, 0.2.9.4-alpha
 }}}

 backported version:
 https://security-tracker.debian.org/tracker/CVE-2016-8860

 any other backported version we should include?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20431#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #20431 [Core Tor/DirAuth]: do not recommend vulnerable tor versions - update "recommended versions"
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #20490 [Applications/Tor Browser]: Backport fix for assertion failure due to patch for #20441 (bug 1311275)
Next by Author: Re: [tor-bugs] #20039 [Metrics/metrics-lib]: integrate `DescriptorIndexCollector` in a fully backward-compatible way
Previous by thread: Re: [tor-bugs] #20431 [Core Tor/DirAuth]: do not recommend vulnerable tor versions - update "recommended versions"
Next by thread: Re: [tor-bugs] #20431 [Core Tor/DirAuth]: do not recommend vulnerable tor versions - update "recommended versions"
Index(es):
- Author
- Thread