From ${URL} : An integer overflow vulnerability was found in Tor. The application could crash while comparing malformed Tor versions when built with --enable-expensive-hardening. Upstream bug: https://trac.torproject.org/projects/tor/ticket/21278 Upstream patches: https://gitweb.torproject.org/tor.git/commit/?id=a0ef3cf0880e3cd343977b3fcbd0a2e7572f0cb4 https://gitweb.torproject.org/tor.git/commit/?id=194e31057fbf07d6bdf4b62d26e1a9db334e5f1c Related: https://gitweb.torproject.org/tor.git/commit/?id=1afc2ed956a35b40dfd1d207652af5b50c295da7 Extra fix: https://gitweb.torproject.org/tor.git/commit/?id=02e05bd74dbec614397b696cfcda6525562a4675 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Fix is in 0.3.0.8
Tree is clean. GLSA Vote: No