Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#8117 - Critical security vulnerabilities in tor package
Attached to Project:
Arch Linux
Opened by Michal Krenek (Mikos) - Monday, 24 September 2007, 22:53 GMT
Last edited by Roman Kyrylych (Romashka) - Friday, 28 September 2007, 07:11 GMT
Opened by Michal Krenek (Mikos) - Monday, 24 September 2007, 22:53 GMT
Last edited by Roman Kyrylych (Romashka) - Friday, 28 September 2007, 07:11 GMT
|
DetailsTor version 0.1.2.14 in Arch Linux extra repository is 4 months old and there are
critical security vulnerabilities in it. Latest version is 0.1.2.17. I have already sent email to simo@archlinux.org (I have found this email address in PKGBUILD), but he didn't answere me. This situation is alarming (critical and remotely exploitable security vulnerability for so long time, even if there are fixed upstream versions for months). |
This task depends upon
Comment by spiorf (spiorf) -
Thursday, 27 September 2007, 10:27 GMT
i just changed the version number in the tor PKGBUILD, and it works. Should be no big deal updating this, since the version change only corrects vulnerabilities.