Summary: | <net-misc/tor-0.2.8.6: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | blueness |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://blog.torproject.org/blog/tor-0286-released | ||
Whiteboard: | B2 [glsa cleanup] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-08-11 07:50:24 UTC
I don't understand this report, all of those bugs are ancient. The current stable tor is in the 0.2.7 branch and we're heading towards 0.2.8 next. Those fixes go back to 0.2.5. There's nothing for me to do here. Can you please adivse if I'm missing something? Also, can you start putting the versions that are vulnerable in the title. "net-misc/tor: multiple vulnerabilities" is too vague as it does not specify what versions are affected. | | u | | a a a n p r s | n | | l m r h i m m i p i s p | u s | r | p d a m p a 6 i o p c s 3 a x | s l | e | h 6 r 6 p 6 8 p s p 6 c 9 s r 8 | e o | p | a 4 m 4 a 4 k s 2 c 4 v 0 h c 6 | d t | o --------------+---------------------------------+-----+------- [I]0.2.7.6 | o + + o o o o ~ o + + o o o + + | o 0 | gentoo 0.2.8.6 | o ~ ~ o o o o ~ o ~ ~ o o o ~ ~ | # | gentoo 0.2.9.1_alpha | o ~ ~ o o o o ~ o ~ ~ o o o ~ ~ | o | gentoo The reported problems were all fixed in v0.2.8.6 which appeared in the Gentoo repository via https://gitweb.gentoo.org/repo/gentoo.git/commit/net-misc/tor?id=f13b59b3723707ac4e951f9ce38264c7f8748616. Current stable version is =net-misc/tor-0.2.8.9, vulnerable versions still in repository. New GLSA created. @ Maintainer(s): Please remove <net-misc/tor-0.2.8.6. (In reply to Thomas Deutschmann from comment #2) > > @ Maintainer(s): Please remove <net-misc/tor-0.2.8.6. done This issue was resolved and addressed in GLSA 201612-45 at https://security.gentoo.org/glsa/201612-45 by GLSA coordinator Aaron Bauman (b-man). |