Polipo bug Re: Tor 0.2.2.21-alpha is out (security patches)
Geoff Down
geoffdown at fastmail.net
Thu Jan 20 12:56:15 UTC 2011
On Tue, 18 Jan 2011 22:11 -0500, "Roger Dingledine" <arma at mit.edu>
wrote:
> Tor 0.2.2.21-alpha includes all the patches from Tor 0.2.1.29, which
> continues our recent code security audit work. The main fix resolves
> a remote heap overflow vulnerability that can allow remote code
> execution (CVE-2011-0427). Other fixes address a variety of assert
> and crash bugs, most of which we think are hard to exploit remotely.
>
> All Tor users should upgrade.
The Polipo in
https://www.torproject.org/dist/vidalia-bundles/vidalia-bundle-0.2.2.21-alpha-0.2.10-ppc-1.dmg
is broken:
dyld: /Applications/Vidalia.app.new/Contents/MacOS/polipo Undefined
symbols:
/Applications/Vidalia.app.new/Contents/MacOS/polipo undefined reference
to ___stderrp expected to be defined in /usr/lib/libSystem.B.dylib
/Applications/Vidalia.app.new/Contents/MacOS/polipo undefined reference
to ___stdoutp expected to be defined in /usr/lib/libSystem.B.dylib
Trace/BPT trap
(I renamed the app folder - the old version is working fine with the new
Tor binary).
GD
--
http://www.fastmail.fm - Email service worth paying for. Try it for free
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list