Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 256078 (CVE-2009-0414) - net-misc/tor<0.2.0.33 Unspecified heap corruption issue (CVE-2009-0414)
Summary: net-misc/tor<0.2.0.33 Unspecified heap corruption issue (CVE-2009-0414)
Status: RESOLVED FIXED
Alias: CVE-2009-0414
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major
Assignee: Gentoo Security
URL: https://blog.torproject.org/blog/tor-...
Whiteboard: B1? [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-01-23 11:55 UTC by Stefan Behte (RETIRED)
Modified: 2009-04-08 22:49 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-01-23 11:55:35 UTC
Security fixes:
    * Fix a heap-corruption bug that may be remotely triggerable on
      some platforms. Reported by Ilja van Sprundel.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-01-23 11:57:38 UTC
I don't know, if we're one of those platforms, thus rating B1?
Comment 2 Christian Faulhammer (RETIRED) gentoo-dev 2009-01-24 09:30:55 UTC
Normally I wanted to ask arches to mark 2.0.32-r1 stable today...but we will do with a different version. :)

Ebuild in the tree, arches please mark net-misc/tor-2.0.33 stable.
Comment 3 Brent Baude (RETIRED) gentoo-dev 2009-01-24 18:13:44 UTC
ppc64 done
Comment 4 Ferris McCormick (RETIRED) gentoo-dev 2009-01-24 18:31:05 UTC
Sparc stable.
Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev 2009-01-24 18:41:06 UTC
ppc stable
Comment 6 Markus Meier gentoo-dev 2009-01-25 13:56:12 UTC
amd64/x86 stable, all arches done.
Comment 7 Stefan Behte (RETIRED) gentoo-dev Security 2009-01-25 14:42:44 UTC
glsa request filed, if we're not affected, the request will be withdrawn.
Comment 8 Christian Faulhammer (RETIRED) gentoo-dev 2009-01-26 22:49:43 UTC
All vulnerable versions removed, we still have bug 250018 open.
Comment 9 Christian Faulhammer (RETIRED) gentoo-dev 2009-02-08 22:30:01 UTC
(In reply to comment #7)
> glsa request filed, if we're not affected, the request will be withdrawn.

 Any new information if we are affected

Comment 10 Robert Buchholz (RETIRED) gentoo-dev 2009-02-08 23:58:05 UTC
Not as far as I have seen, no :-/
Comment 11 Jesse Adelman 2009-02-12 22:36:39 UTC
Hrm, since this bug is still open, here's a new security fix for Tor, 0.2.0.34.

https://blog.torproject.org/blog/tor-0.2.0.34-stable-released

Yep, I searched for another bug, but searching for "tor" in bugzilla, well, it doesn't exactly narrow the results. Apologies if another bug exists. :)
Comment 12 Robert Buchholz (RETIRED) gentoo-dev 2009-02-13 17:02:25 UTC
(In reply to comment #11)
> Hrm, since this bug is still open, here's a new security fix for Tor, 0.2.0.34.
> 
> https://blog.torproject.org/blog/tor-0.2.0.34-stable-released
> 
> Yep, I searched for another bug, but searching for "tor" in bugzilla, well, it
> doesn't exactly narrow the results. Apologies if another bug exists. :)

It does now, bug 258833.
Comment 13 svrmarty 2009-02-15 13:21:22 UTC
higher version needed,

see bug #258833
Comment 14 Robert Buchholz (RETIRED) gentoo-dev 2009-04-08 22:49:29 UTC
GLSA 200904-11