Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#44482 - [tor][CVE-2015-2928][CVE-201502929] Multiple Security issues in Tor
Attached to Project:
Community Packages
Opened by Christian Rebischke (Shibumi) - Tuesday, 07 April 2015, 04:53 GMT
Last edited by Lukas Fleischer (lfleischer) - Tuesday, 07 April 2015, 05:25 GMT
Opened by Christian Rebischke (Shibumi) - Tuesday, 07 April 2015, 04:53 GMT
Last edited by Lukas Fleischer (lfleischer) - Tuesday, 07 April 2015, 05:25 GMT
|
DetailsHello,
There are 2 new CVEs in Tor: CVE-2015-2928 "disgleirio" discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible. CVE-2015-2929 "DonnchaC" discovered that Tor clients would crash with an assertion failure upon parsing specially crafted hidden service descriptors. Both Issues are fixed with version 0.2.5.12. best regards Christian Rebischke |
This task depends upon
Closed by Lukas Fleischer (lfleischer)
Tuesday, 07 April 2015, 05:25 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in 0.2.5.12-1.
Tuesday, 07 April 2015, 05:25 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in 0.2.5.12-1.
Comment by Christian Rebischke (Shibumi) -
Tuesday, 07 April 2015, 04:58 GMT
Reference: http://seclists.org/oss-sec/2015/q2/56