Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 917142 (TROVE-2023-006)

Summary: <net-vpn/tor-0.4.8.9: Denial of service for onion services
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: ajak, sam
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://gitlab.torproject.org/tpo/core/tor/-/issues/40883
Whiteboard: B3 [stable?]
Package list:
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-11-10 21:58:59 UTC 
See https://gitlab.torproject.org/tpo/core/tor/-/commit/be751a46e3941d9e6af093a307107db443b2968c. Fixed in 0.4.8.9.

"""
  o Major bugfixes (onion service, TROVE-2023-006):
    - Fix a possible hard assert on a NULL pointer when recording a failed
      rendezvous circuit on the service side for the MetricsPort. Fixes bug
      40883; bugfix on 0.4.8.1-alpha
"""
Comment 1 Larry the Git Cow gentoo-dev 2023-11-11 08:28:12 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b219dc7626045415543a42224dca905572f3129

commit 2b219dc7626045415543a42224dca905572f3129
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-11-11 08:24:49 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-11-11 08:27:32 +0000

    net-vpn/tor: add 0.4.8.9
    
    Bug: https://bugs.gentoo.org/917142
    Signed-off-by: Sam James <sam@gentoo.org>

 net-vpn/tor/Manifest           |   3 +
 net-vpn/tor/tor-0.4.8.9.ebuild | 177 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 180 insertions(+)