The 0.1.2.17 is already in portage. Older version should be removed after this one is stable.
This is public, no need to restrict the bug.
Thanks for the report Gustavo. The advisory isn't very explicit though, it just mentions "important security risks", do you have more details on this? arches, please test and mark stable net-misc/tor-0.1.2.17. Target keywords are: "amd64 ppc ppc64 sparc x86 ~x86-fbsd"
Sorry guys, 0.1.2.17 is not in Portage. I bumped it now myself, with stable x86, I hope you don't mind Gustavo, I just copied the ebuild over.
net-misc/tor-0.1.2.17 1. Emerges on AMD64 2. No collisions, etc.. 3. Browsed some webpages behind tor network using http and dns through socks5. Connected to IRC behind tor network. All working.. Interesting stuff, way better than anonymous proxies. :)
amd64 stable
ppc64 stable
I forgot to commit the 0.1.2.17 version :( Cristian: Thanks for bumping it, that was all that was needed. As far as I can tell the issue solved is related to: http://archives.seul.org/or/announce/Sep-2007/msg00000.html
Security, I think B3 is appropriate here. As far as I understand, a DoS is possible by sending commands to tor configuration.
stable on sparc.
ppc stable
(In reply to comment #8) > Security, I think B3 is appropriate here. As far as I understand, a DoS is > possible by sending commands to tor configuration. > Right. I tend to vote yes.
I tend to vote NO.
hmm, user-assisted, but only a compromise to the privacy of the user. I think this qualifies as a bug rather than a security issue. I vote no.
finally changing my vote to NO and closing without glsa.