[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Tor is released, fixes a critical security vulnerability

Justin Conover wrote:
> Not sure if this should be in bugzilla or were.

Yeah, bugzilla is generally the best place for this sort of thing.
For security problems, it's also worth checking the fedora-security
module in CVS to see if the problem is known.  In this case it is:


The line:

CVE-2007-4174 VULNERABLE (tor, fixed

indicates that the version in the repository is known to be vulnerable
and that the issue was fixed in upstream release

I also checked in the F7 update manager, Bodhi, and I see that
tor- was submitted on 2007-08-02.  For some reason the
update is marked as pending still (as are and
Something seems amiss there.

You can find the updated packages in the F7 build system (though they
are unsigned, FYI):


I'll ask on fedora-maintainers if there's a reason for the tor updates
not being pushed for weeks and weeks.

Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
Between two evils, I always pick the one I never tried before.
    -- Mae West

Attachment: pgpRjtYt07NQn.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]