[tor-bugs] #4788 [Tor Directory Authority]: Reject all relays and bridges running 0.2.0.x

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Thu Dec 29 16:52:29 UTC 2011


#4788: Reject all relays and bridges running 0.2.0.x
-------------------------------------+--------------------------------------
 Reporter:  rransom                  |          Owner:                    
     Type:  defect                   |         Status:  needs_review      
 Priority:  major                    |      Milestone:  Tor: 0.2.3.x-final
Component:  Tor Directory Authority  |        Version:                    
 Keywords:                           |         Parent:                    
   Points:                           |   Actualpoints:                    
-------------------------------------+--------------------------------------

Comment(by nickm):

 Since I don't currently have a reason to reject 0.2.2.21-alpha through
 0.2.2.30-rc (other than "there are not many of them!"), I am going to say
 "no" on that one, and go with the approach from my bug4788 branch.

 So the rejected versions are just going to be "everything that suffers
 from CVE-2011-0427".  That is,

   * Everything ''before'' 0.2.1.30.  [So 0.2.1.30 is the first allowed
 version.]
   * Everything from 0.2.2.1-alpha through 0.2.1.20-alpha (inclusive). [So
 0.2.2.21-alpha is the first allowed 0.2.2.x version.]

 Also, I've merged the bug4788 branch into the repo.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4788#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list