[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Tor 0.1.0.11 is released: security fix for servers
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Tor 0.1.0.11 is released: security fix for servers
- From: loki der quaeler <loki-lists@xxxxxxxxxxxxxxx>
- Date: Sat, 2 Jul 2005 09:57:12 +0200
- Delivered-to: archiver@seul.org
- Delivered-to: or-talk-outgoing@seul.org
- Delivered-to: or-talk@seul.org
- Delivery-date: Sat, 02 Jul 2005 03:55:51 -0400
- In-reply-to: <20050701210223.GS29034@localhost.localdomain>
- References: <20050701210223.GS29034@localhost.localdomain>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
(the recommended versions list hasn't be updated to note this version
yet, so a [warn] is produced in the log file)
On 1 Jul, 2005, at 23.02, Roger Dingledine wrote:
Tor 0.1.0.11 fixes a security problem where servers disregard their
exit
policies in some circumstances. All server operators running 0.1.0.x or
later are advised to upgrade to 0.1.0.11 [1], downgrade to 0.0.9.10
[2],
or move to the latest Tor CVS [3]. Clients are not affected by this
bug.
[1] http://tor.eff.org/download.html
[2] http://tor.eff.org/dist/
[3] http://tor.eff.org/developers.html
o Bugfixes on 0.1.0.x:
- Fix major security bug: servers were disregarding their
exit policies if clients behaved unexpectedly.
- Make OS X init script check for missing argument, so we don't
confuse users who invoke it incorrectly.
- Fix a seg fault in "tor --hash-password foo".
- The MAPADDRESS control command was broken.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFCxkjb8ndM5mBofVwRAqYLAKCeyBETtRLN/ye6C2emWsjy3+413ACeMLi9
5j4FMNAIJyufV8JDNJyGtXM=
=62ba
-----END PGP SIGNATURE-----