Summary: | <net-misc/tor-0.2.1.28: remote heap overflow (CVE-2010-1676) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | cnu <bshalm> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | blueness, fauli, glsamaker |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://blog.torproject.org/blog/tor-02128-released-security-patches | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
cnu
2010-12-21 20:06:40 UTC
*** Bug 346759 has been marked as a duplicate of this bug. *** Thanks for the pointer. Arches please stabilise net-misc/tor-0.2.1.28. Target: "amd64 arm ppc ppc64 sparc x86 ~x86-fbsd" amd64 ok x86 stable amd64 done. Thanks Agostino arm/sparc stable ppc64 done ppc done; closing as last arch (In reply to comment #8) > ppc done > Thank you, Brent. However, please do not close security bugs. Our policy [1] requires that we publish security advisories in many cases, and it isn't until that has happened that we can close the bug. Feel free to ping me if you have any questions. Thanks again. [1] http://www.gentoo.org/security/en/vulnerability-policy.xml GLSA request filed. All vulnerable versions cleaned up, my last action as net-misc/tor maintainer, handing over to blueness and ciiph. (In reply to comment #10) > All vulnerable versions cleaned up, my last action as net-misc/tor maintainer, > handing over to blueness and ciiph. > Heh, beat me to it! Thanks Christian. I'm closing this one since no more vulnerable versions are on the tree. (In reply to comment #11) > > I'm closing this one since no more vulnerable versions are on the tree. > Please do not close security bugs. Our policy [1] requires that we publish an advisory for some security issues. We will close the bug once that has happened. Feel free to ping me if you have any questions. Thanks. [1] http://www.gentoo.org/security/en/vulnerability-policy.xml Thanks, folks. This has been published as GLSA 201101-02. *** Bug 386211 has been marked as a duplicate of this bug. *** |