[tor-bugs] #20431 [Core Tor/DirAuth]: do not recommend vulnerable tor versions - update "recommended versions"
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Oct 23 15:08:06 UTC 2016
#20431: do not recommend vulnerable tor versions - update "recommended versions"
------------------------------+---------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/DirAuth | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------+---------------------
Comment (by cypherpunks):
current set of recommended versions https://consensus-
health.torproject.org/ :
{{{
server-versions 0.2.4.26, 0.2.4.27, 0.2.5.11, 0.2.5.12, 0.2.6.5-rc,
0.2.6.6, 0.2.6.7, 0.2.6.8, 0.2.6.9, 0.2.6.10, 0.2.7.1-alpha,
0.2.7.2-alpha, 0.2.7.3-rc, 0.2.7.4-rc, 0.2.7.5, 0.2.7.6, 0.2.8.1-alpha,
0.2.8.2-alpha, 0.2.8.3-alpha, 0.2.8.4-rc, 0.2.8.5-rc, 0.2.8.6, 0.2.8.7,
0.2.8.8, 0.2.8.9, 0.2.9.1-alpha, 0.2.9.2-alpha, 0.2.9.3-alpha,
0.2.9.4-alpha
}}}
can be reduced to:
{{{
server-versions 0.2.4.27, 0.2.5.12, 0.2.8.9, 0.2.9.4-alpha
}}}
backported version:
https://security-tracker.debian.org/tracker/CVE-2016-8860
any other backported version we should include?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20431#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list