[tbb-bugs] #29158 [Applications/Tor Browser]: Add fix for DSA 4371-1 (apt vulnerability)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jan 24 09:48:49 UTC 2019
#29158: Add fix for DSA 4371-1 (apt vulnerability)
-------------------------------------------+-------------------------------
Reporter: boklm | Owner: tbb-team
Type: defect | Status:
| needs_revision
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam201901, tbb-rbm | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------+-------------------------------
Comment (by boklm):
Replying to [comment:6 gk]:
> The 32bit situation for Linux looks bleak. BUT: I thought we should
start soon with #26323 anyway. I think this bug is a reason to start now-
ish with that effort. I guess we could try to squeeze it into 8.5. boklm:
what do you think?
Yes, I think it should be possible to do #26323 soon.
The new apt package is not available yet for i386 at this time:
http://deb.freexian.com/extended-lts/pool/main/a/apt/
However maybe they will add it later as looking at the file modification
time it seems it is not the first time that the i386 package comes later.
Otherwise we can maybe rebuild the package ourself.
I started working on a patch installing the apt updated packages into the
containers:
https://gitweb.torproject.org/user/boklm/tor-browser-
build.git/commit/?h=bug_29158_v3&id=4672030e7308f852836092ddcfdce76ae90f797b
It is currently installing the packages on stretch too, however since
yesterday they made a stretch point release, so it should not be needed
anymore (but maybe we can add a check to verify that the correct version
was installed).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29158#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list