As http://archives.seul.org/or/announce/Aug-2005/msg00001.html says, there's an important security-update for tor (0.1.0.14).
*** Bug 102246 has been marked as a duplicate of this bug. ***
Full details at: http://archives.seul.org/or/announce/Aug-2005/msg00002.html Versions affected: stable versions up through 0.1.0.13 and experimental versions up through 0.1.1.4-alpha. Impact: Tor clients can completely lose anonymity, confidentiality, and data integrity if the first Tor server in their path is malicious. Specifically, if the Tor client chooses a malicious Tor server for her first hop in the circuit, that server can learn all the keys she negotiates for the rest of the circuit (or just spoof the whole circuit), and then read and/or modify all her traffic over that circuit. Solution: upgrade to at least Tor 0.1.0.14 or 0.1.1.5-alpha.
Created attachment 65861 [details] torrc.sample-0.1.0.14.patch
Created attachment 65862 [details] tor-0.1.0.14.ebuild Updated ebuild, changes: - libevent dependancy (libevent-1.1a is not stable on all archs) - Ported torrc-patch
Created attachment 65863 [details] Patch with correct paths
I'm adding to portage now as x86 and amd64. Now we need ppc ppc64 sparc.
Arches, please test tor-0.1.0.14 and mark stable. Note the dependency to libevent-1.1a that needs to be stabled on some arches, too. Thanks!
This is a duplicate of Bug 97141
stable on ppc64
Stable on ppc.
Stable on SPARC.
Ready for GLSA vote. I vote yes.
I tend to vote YES.
also vote YES
GLSA 200508-16