[tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

Juuso Lapinlampi wub at partyvan.eu
Wed Oct 26 02:39:13 UTC 2016


On Tue, Oct 25, 2016 at 09:48:00PM +0000, nusenu wrote:
> It is not possible to reliable determine the exact CW fraction
> affected[1] due to the fact that patches were released that didn't
> increase tor's version number.

In the case of OpenBSD, MTier published a binary package (patch) only
yesterday. I had reported them to update on 2016-10-19 to use a patch
from openbsd-ports@ mailing list (net/tor port maintainer).

Consequently, OpenBSD 6.0's -stable has tor-0.2.7.6p1 (vulnerable) and
MTier's binary packages have tor-0.2.7.6p2 (not vulnerable). -snapshots
has tor-0.2.8.9.


More information about the tor-relays mailing list