-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
It is quite sad that one has to find out about 'critical' security updates [0] via an unrelated thread on tor-talk [1] or the blog [2] instead of getting an announcement on tor-announce [3] - where relay operators are probably expecting such information.
Are tor versions 0.2.3.x and 0.2.4.x affected too?
[0] https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes https://trac.torproject.org/projects/tor/ticket/6811 [1] https://lists.torproject.org/pipermail/tor-talk/2012-September/025525.html [2] https://blog.torproject.org/blog/new-bundles-security-release [3] https://lists.torproject.org/pipermail/tor-announce/