[tor-packagers] Fwd: Upcoming stable releases to fix a medium-severity security issue

Nick Mathewson nickm at torproject.org
Wed Feb 20 17:30:14 UTC 2019

---------- Forwarded message ---------
From: Nick Mathewson <nickm at torproject.org>
Date: Wed, Feb 20, 2019 at 12:29 PM
Subject: Upcoming stable releases to fix a medium-severity security issue
To: <tor-talk at lists.torproject.org>


I'm planning to put out new Tor source releases some time Thursday or
Friday.  They will be versions,,, and

These versions will, among the usual array of bugfixes, fix a
medium-severity security issue: a remote denial-of-service attack
vector against relays and clients running version and
later. While we don't currently know an exploit for the issue, we hope
that all affected relays will upgrade.  The issue is traced as
TROVE-2019-001, Tor bug #29168, and CVE-2019-8955.

One more reminder: the 0.3.3.x series was scheduled to reach
end-of-life as of February 22.  We've extended that to February 28,
but after that date, there will be no more security updates for the
0.3.3.x series.  If you need a version that will receive long-term
support, we recommend that you stick with 0.3.5.x, which will be
supported until 2022.

best wishes,

More information about the tor-packagers mailing list