[tor-packagers] Upcoming security release of tor
David Goulet
dgoulet at torproject.org
Thu Jun 16 12:52:23 UTC 2022
Greetings!
Sorry for the short notice but we had to act fast on this one. Either today or
tomorrow, we'll release 0.4.7.8 with an important security fix. This is
tracked with TROVE-2022-001[0] and at the moment considered "High" severity.
We won't disclose just yet the nature of the issue but we believe it can
easily be exploited remotely for all tor network components (service, client,
relay, authority) hence the choice of severity.
Once the new version is released, we will recommend everyone on the 0.4.7.x
series to upgrade immediately including Tor Browser.
It is unknown if this vulnerability is being exploited in the wild but we know
it is being triggered (intentionally or not) on the network at the moment.
We'll be releasing more information about this issue after the release.
Thank you all for your precious work and help!
David
[0] https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE
--
1FbDnuinhS6KgiGbh7w4iFsvBkngasH4o7C0U5HxYdk=
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-packagers/attachments/20220616/e950cc5c/attachment.sig>
More information about the tor-packagers
mailing list