Tor 0.1.0.11 is released: security fix for servers
Roger Dingledine
arma at mit.edu
Fri Jul 1 21:02:24 UTC 2005
Tor 0.1.0.11 fixes a security problem where servers disregard their exit
policies in some circumstances. All server operators running 0.1.0.x or
later are advised to upgrade to 0.1.0.11 [1], downgrade to 0.0.9.10 [2],
or move to the latest Tor CVS [3]. Clients are not affected by this bug.
[1] http://tor.eff.org/download.html
[2] http://tor.eff.org/dist/
[3] http://tor.eff.org/developers.html
o Bugfixes on 0.1.0.x:
- Fix major security bug: servers were disregarding their
exit policies if clients behaved unexpectedly.
- Make OS X init script check for missing argument, so we don't
confuse users who invoke it incorrectly.
- Fix a seg fault in "tor --hash-password foo".
- The MAPADDRESS control command was broken.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-announce/attachments/20050701/90505be1/attachment.pgp>
More information about the tor-announce
mailing list