"A security issue that could be used, under certain cases, by an adversary to observe traffic patterns on a limited number of circuits intended for a different relay." From ChangeLog: o Major bugfixes (security, backport from 0.4.5.1-alpha): - When completing a channel, relays now check more thoroughly to make sure that it matches any pending circuits before attaching those circuits. Previously, address correctness and Ed25519 identities were not checked in this case, but only when extending circuits on an existing channel. Fixes bug 40080; bugfix on 0.2.7.2-alpha. Resolves TROVE-2020-005.
Please bump to 0.4.3.7, 0.4.4.6. Already fixed in 0.4.5.1-alpha.
Bumped in https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6027dbb8151494521f2307372a2f843f502425c0. Let us know when ready to stable?
(In reply to Sam James from comment #2) > Bumped in > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=6027dbb8151494521f2307372a2f843f502425c0. > > Let us know when ready to stable? It should be good to go.
x86 stable
amd64 done
arm done
arm64 done
ppc64 done
ppc done all arches done
Please cleanup, thanks!
(In reply to Sam James from comment #10) > Please cleanup, thanks! 0.4.4.5 removed.
Thank you!
GLSA Vote: No Repository is clean, all done!