[tor-bugs] #20431 [Core Tor/DirAuth]: do not recommend vulnerable tor versions - update "recommended versions"

Sat Oct 22 07:41:14 UTC 2016

#20431: do not recommend vulnerable tor versions - update "recommended versions"
----------------------------------+-----------------
     Reporter:  cypherpunks       |      Owner:
         Type:  defect            |     Status:  new
     Priority:  Medium            |  Milestone:
    Component:  Core Tor/DirAuth  |    Version:
     Severity:  Normal            |   Keywords:
Actual Points:                    |  Parent ID:
       Points:                    |   Reviewer:
      Sponsor:                    |
----------------------------------+-----------------
 Most of the tor network runs versions vulnerable to CVE-2016-8860

 for a current CW fraction / version distribution see:
 https://github.com/ornetstats/stats/blob/master/o/version_share.txt

 Dir auths still have vulnerable versions in their recommended version
 string.

 Drop all vulnerable version as soon as an updated TBB is available.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20431>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online