[tor-packagers] Upcoming security releases in mid-June

Nick Mathewson nickm at torproject.org
Thu Jun 10 13:17:46 UTC 2021


On Tue, Jun 1, 2021 at 2:14 PM Nick Mathewson <nickm at torproject.org> wrote:

> Hello!
>
> In around two weeks–likely on the 14th or 15th­– we plan to put out new
> stable Tor  releases to fix issues in all currently released versions of
> Tor. There are three issues that will be fixed, with severity levels
> between "Medium" and "High" according to our classification system.  The
> most severe issue, by our reckoning, is a denial-of-service issue affecting
> onion service clients.  We'll share more details after people have time to
> patch.
>
> Our security policy:
>
> https://gitlab.torproject.org/legacy/trac/-/wikis/org/teams/NetworkTeam/SecurityPolicy
> Our registry of vulnerabilities:
>    https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE
>
> The new releases will be 0.3.5.15, 0.4.4.9, 0.4.5.9, 0.4.6.5.  The issues
> to be fixed are TROVE-2021-003 through TROVE-2021-006. When these releases
> are out, we will recommend that everybody upgrade, including clients _and_
> relays.
>
> Note that Tor 0.4.4.x reaches its end-of-life on 15 June: this will be the
> last 0.4.4.x release.
>

A reminder: These releases will come out on Monday or Tuesday of this
coming week. (That's June 14 or June 15.)  Everybody should upgrade when
they come out, including clients and relays.

best wishes,
-- 
Nick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-packagers/attachments/20210610/4b266847/attachment.htm>


More information about the tor-packagers mailing list