[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Polipo bug Re: Tor 0.2.2.21-alpha is out (security patches)

To: or-talk@xxxxxxxxxxxxx
Subject: Polipo bug Re: Tor 0.2.2.21-alpha is out (security patches)
From: "Geoff Down" <geoffdown@xxxxxxxxxxxx>
Date: Thu, 20 Jan 2011 12:56:15 +0000
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Thu, 20 Jan 2011 07:56:21 -0500
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=messagingengine.com; h=message-id:from:to:mime-version:content-transfer-encoding:content-type:references:subject:in-reply-to:date; s=smtpout; bh=RrvduJD4PohxxJHuAhtgw100y/A=; b=dgiGa4wyM3ocRL1ZwIQYleVcP2RKRdlnP89OLvJ6ygQETMN+NELyuKivvds46+kvPYXBInJLAIzze9jRK9p2KF4IYWSVEBcKnL+Hakaj0M8QlnYvwO3agq57+Bk2ZBibWxg1ERMR/3I2olHE16CiQkRYJuAp8hQ6NwAIdcezKjQ=
In-reply-to: <20110119031157.GH3300@xxxxxxxxxxxxxx>
References: <20110119031157.GH3300@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx


On Tue, 18 Jan 2011 22:11 -0500, "Roger Dingledine" <arma@xxxxxxx>
wrote:
> Tor 0.2.2.21-alpha includes all the patches from Tor 0.2.1.29, which
> continues our recent code security audit work. The main fix resolves
> a remote heap overflow vulnerability that can allow remote code
> execution (CVE-2011-0427). Other fixes address a variety of assert
> and crash bugs, most of which we think are hard to exploit remotely.
> 
> All Tor users should upgrade.

The Polipo in
https://www.torproject.org/dist/vidalia-bundles/vidalia-bundle-0.2.2.21-alpha-0.2.10-ppc-1.dmg
is broken:

dyld: /Applications/Vidalia.app.new/Contents/MacOS/polipo Undefined
symbols:
/Applications/Vidalia.app.new/Contents/MacOS/polipo undefined reference
to ___stderrp expected to be defined in /usr/lib/libSystem.B.dylib
/Applications/Vidalia.app.new/Contents/MacOS/polipo undefined reference
to ___stdoutp expected to be defined in /usr/lib/libSystem.B.dylib
Trace/BPT trap

(I renamed the app folder - the old version is working fine with the new
Tor binary).
GD

-- 
http://www.fastmail.fm - Email service worth paying for. Try it for free

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Follow-Ups:
- Re: Polipo bug Re: Tor 0.2.2.21-alpha is out (security patches)
  - From: Erinn Clark

References:
- Tor 0.2.2.21-alpha is out (security patches)
  - From: Roger Dingledine

Prev by Author: Re: Double log entries?
Next by Author: Re: Polipo bug Re: Tor 0.2.2.21-alpha is out (security patches)
Previous by thread: Tor 0.2.2.21-alpha is out (security patches)
Next by thread: Re: Polipo bug Re: Tor 0.2.2.21-alpha is out (security patches)
Index(es):
- Author
- Thread