Tor 0.2.1.22 is released (security fix)
Roger Dingledine
arma at mit.edu
Thu Jan 21 05:18:58 UTC 2010
Tor 0.2.1.22 rotates two of the seven v3 directory authority keys and
locations, due to a security breach of some of the Torproject servers:
http://archives.seul.org/or/talk/Jan-2010/msg00161.html
It also fixes a privacy problem in bridge directory authorities -- it
would tell you its whole history of bridge descriptors if you make the
right directory request.
Everybody should upgrade:
https://www.torproject.org/easy-download
(Tor Browser Bundle updates coming in the next few days, hopefully.)
Changes in version 0.2.1.22 - 2010-01-19
o Directory authority changes:
- Rotate keys (both v3 identity and relay identity) for moria1
and gabelmoo.
o Major bugfixes:
- Stop bridge directory authorities from answering dbg-stability.txt
directory queries, which would let people fetch a list of all
bridge identities they track. Bugfix on 0.2.1.6-alpha.
------------------------------------------------------------------------
This is the Tor announcements list. If you want to unsubscribe, send
mail to majordomo at seul.org with "unsubscribe or-announce" as your message.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-announce/attachments/20100121/55919c0a/attachment.pgp>
More information about the tor-announce
mailing list