[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
On Tue, Oct 25, 2016 at 09:48:00PM +0000, nusenu wrote:
> It is not possible to reliable determine the exact CW fraction
> affected[1] due to the fact that patches were released that didn't
> increase tor's version number.
In the case of OpenBSD, MTier published a binary package (patch) only
yesterday. I had reported them to update on 2016-10-19 to use a patch
from openbsd-ports@ mailing list (net/tor port maintainer).
Consequently, OpenBSD 6.0's -stable has tor-0.2.7.6p1 (vulnerable) and
MTier's binary packages have tor-0.2.7.6p2 (not vulnerable). -snapshots
has tor-0.2.8.9.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays