o Major bugfixes (security): - Fix a possible buffer overrun when using BSD natd support. Bug found by croup. - When sending destroy cells from a circuit's origin, don't include the reason for tearing down the circuit. The spec says we didn't, and now we actually don't. Reported by lodger. - Keep streamids from different exits on a circuit separate. This bug may have allowed other routers on a given circuit to inject cells into streams. Reported by lodger; fixes bug 446. - If there's a never-before-connected-to guard node in our list, never choose any guards past it. This way we don't expand our guard list unless we need to.
Setting status. Humpback, please advise and bump as necessary.
Additional information for tor 0.1.2.16: Changes in version 0.1.2.16 - 2007-08-01 o Major security fixes: - Close immediately after missing authentication on control port; do not allow multiple authentication attempts.
If humpback does not react until monday, I will bump. Sorry, am off for the weekend.
Ok, I bumped it as I my departure has been delayed. It works fine here locally, but arch teams can test more...have fun, I cc. Security, I hope you don't feel stepped on your toes.
"Sorry, we will be later to pick you up." So my weekend holiday is delayed even more. Your luck. So I can test more. x86 stable
ppc stable
ppc64 stable
sparc stable.
amd64 stable (last arch)
This one is ready for glsa decision. Since the natd issue seems to be restricted to *BSD, I vote NO.
Voting NO and closing. Feel free to reopen if you disagree.
