[tor-announce] Tor Browser 3.6.6 and Tor 0.2.4.24 are released

Roger Dingledine arma at mit.edu
Sat Sep 27 16:55:36 UTC 2014 

The sixth pointfix release of the Tor Browser 3.6 series is available from
the Tor Browser Project page and also from our distribution directory:
https://www.torproject.org/download/download-easy.html
https://www.torproject.org/dist/torbrowser/3.6.6/

This release features important security updates to Firefox:
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox24.8.1

Here is the complete changelog for 3.6.6:
    All Platforms
        Update Tor to tor-0.2.4.24
        Update Firefox to 24.8.1esr
        Update NoScript to 2.6.8.42
        Update HTTPS Everywhere to 4.0.1
        Bug 12998: Prevent intermediate certs from being written to disk
        Update Torbutton to 1.6.12.3
            Bug 13091: Use "Tor Browser" everywhere
            Bug 10804: Workaround fix for some cases of startup hang
    Linux
        Bug 9150: Make RPATH unavailable on Tor binary.

-----------------------------------------------------------------------

Tor 0.2.4.24 fixes a bug that affects consistency and speed when
connecting to hidden services, and it updates the location of one of
the directory authorities.

Changes in version 0.2.4.24 - 2014-09-22
  o Major bugfixes:
    - Clients now send the correct address for their chosen rendezvous
      point when trying to access a hidden service. They used to send
      the wrong address, which would still work some of the time because
      they also sent the identity digest of the rendezvous point, and if
      the hidden service happened to try connecting to the rendezvous
      point from a relay that already had a connection open to it,
      the relay would reuse that connection. Now connections to hidden
      services should be more robust and faster. Also, this bug meant
      that clients were leaking to the hidden service whether they were
      on a little-endian (common) or big-endian (rare) system, which for
      some users might have reduced their anonymity. Fixes bug 13151;
      bugfix on 0.2.1.5-alpha.

  o Directory authority changes:
    - Change IP address for gabelmoo (v3 directory authority).

  o Minor features (geoip):
    - Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
      Country database.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-announce/attachments/20140927/18f6bf7a/attachment.sig>

More information about the tor-announce mailing list