[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Tor 0.1.2.16 is released, fixes a critical security vulnerability



Justin Conover wrote:
> Not sure if this should be in bugzilla or were.

Yeah, bugzilla is generally the best place for this sort of thing.
For security problems, it's also worth checking the fedora-security
module in CVS to see if the problem is known.  In this case it is:

http://cvs.fedora.redhat.com/viewcvs/fedora-security/audit/fc7?root=fedora&view=markup

The line:

CVE-2007-4174 VULNERABLE (tor, fixed 0.1.2.16)

indicates that the version in the repository is known to be vulnerable
and that the issue was fixed in upstream release 0.1.2.16.

I also checked in the F7 update manager, Bodhi, and I see that
tor-0.1.2.16-1.fc7 was submitted on 2007-08-02.  For some reason the
update is marked as pending still (as are 0.1.2.14 and 0.1.2.15).
Something seems amiss there.

You can find the updated packages in the F7 build system (though they
are unsigned, FYI):

http://koji.fedoraproject.org/koji/buildinfo?buildID=12656

I'll ask on fedora-maintainers if there's a reason for the tor updates
not being pushed for weeks and weeks.

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Between two evils, I always pick the one I never tried before.
    -- Mae West

Attachment: pgpRjtYt07NQn.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]