FS#8117 : Critical security vulnerabilities in tor package

FS#8117 - Critical security vulnerabilities in tor package

Attached to Project: Arch Linux
Opened by Michal Krenek (Mikos) - Monday, 24 September 2007, 22:53 GMT
Last edited by Roman Kyrylych (Romashka) - Friday, 28 September 2007, 07:11 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Simo Leone (neotuli)
Architecture	All
Severity	Critical
Priority	Normal
Reported Version	2007.08.1
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Tor version 0.1.2.14 in Arch Linux extra repository is 4 months old and there are
critical security vulnerabilities in it. Latest version is 0.1.2.17. I have already sent email to simo@archlinux.org (I have found this email address in PKGBUILD), but he didn't answere me. This situation is alarming (critical and remotely exploitable security vulnerability for so long time, even if there are fixed upstream versions for months).

This task depends upon

Closed by Roman Kyrylych (Romashka)
Friday, 28 September 2007, 07:11 GMT
Reason for closing: Fixed

Comment by spiorf (spiorf) - Thursday, 27 September 2007, 10:27 GMT

i just changed the version number in the tor PKGBUILD, and it works. Should be no big deal updating this, since the version change only corrects vulnerabilities.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#8117 - Critical security vulnerabilities in tor package

Details

Loading...