Tor 0.1.2.16 is released, fixes a critical security vulnerability
Todd Zullinger
tmz at pobox.com
Sat Aug 18 18:53:42 UTC 2007
Justin Conover wrote:
> Not sure if this should be in bugzilla or were.
Yeah, bugzilla is generally the best place for this sort of thing.
For security problems, it's also worth checking the fedora-security
module in CVS to see if the problem is known. In this case it is:
http://cvs.fedora.redhat.com/viewcvs/fedora-security/audit/fc7?root=fedora&view=markup
The line:
CVE-2007-4174 VULNERABLE (tor, fixed 0.1.2.16)
indicates that the version in the repository is known to be vulnerable
and that the issue was fixed in upstream release 0.1.2.16.
I also checked in the F7 update manager, Bodhi, and I see that
tor-0.1.2.16-1.fc7 was submitted on 2007-08-02. For some reason the
update is marked as pending still (as are 0.1.2.14 and 0.1.2.15).
Something seems amiss there.
You can find the updated packages in the F7 build system (though they
are unsigned, FYI):
http://koji.fedoraproject.org/koji/buildinfo?buildID=12656
I'll ask on fedora-maintainers if there's a reason for the tor updates
not being pushed for weeks and weeks.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Between two evils, I always pick the one I never tried before.
-- Mae West
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20070818/295b520c/attachment-0002.bin
More information about the users
mailing list