[tor-bugs] #4788 [Tor Directory Authority]: Reject all relays and bridges running 0.2.0.x

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed Dec 28 02:04:18 UTC 2011


#4788: Reject all relays and bridges running 0.2.0.x
-------------------------------------+--------------------------------------
 Reporter:  rransom                  |          Owner:                    
     Type:  defect                   |         Status:  new               
 Priority:  major                    |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Directory Authority  |        Version:                    
 Keywords:                           |         Parent:                    
   Points:                           |   Actualpoints:                    
-------------------------------------+--------------------------------------

Comment(by nickm):

 If we're killing everything that is vulnerable to CVE-2011-0427 , we
 should also reject 0.2.2.1-alpha through 0.2.2.20-alpha inclusive.  That's
 not much bandwidth (less than 1/1000 of the total); it's also only ~8
 servers.

 If we were feeling bold, we could require that 0.2.2.x tors be 0.2.2.30-rc
 or later; that would reject 9 more servers  and almost no more bandwidth.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4788#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list