Tor 0.1.0.11 is released: security fix for servers

loki der quaeler loki-lists at weltschmerz.org
Sat Jul 2 07:57:12 UTC 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


(the recommended versions list hasn't be updated to note this version 
yet, so a [warn] is produced in the log file)


On 1 Jul, 2005, at 23.02, Roger Dingledine wrote:

> Tor 0.1.0.11 fixes a security problem where servers disregard their 
> exit
> policies in some circumstances. All server operators running 0.1.0.x or
> later are advised to upgrade to 0.1.0.11 [1], downgrade to 0.0.9.10 
> [2],
> or move to the latest Tor CVS [3]. Clients are not affected by this 
> bug.
>
> [1] http://tor.eff.org/download.html
> [2] http://tor.eff.org/dist/
> [3] http://tor.eff.org/developers.html
>
>   o Bugfixes on 0.1.0.x:
>     - Fix major security bug: servers were disregarding their
>       exit policies if clients behaved unexpectedly.
>     - Make OS X init script check for missing argument, so we don't
>       confuse users who invoke it incorrectly.
>     - Fix a seg fault in "tor --hash-password foo".
>     - The MAPADDRESS control command was broken.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFCxkjb8ndM5mBofVwRAqYLAKCeyBETtRLN/ye6C2emWsjy3+413ACeMLi9
5j4FMNAIJyufV8JDNJyGtXM=
=62ba
-----END PGP SIGNATURE-----



More information about the tor-talk mailing list