Security fixes: * Fix a heap-corruption bug that may be remotely triggerable on some platforms. Reported by Ilja van Sprundel.
I don't know, if we're one of those platforms, thus rating B1?
Normally I wanted to ask arches to mark 2.0.32-r1 stable today...but we will do with a different version. :) Ebuild in the tree, arches please mark net-misc/tor-2.0.33 stable.
ppc64 done
Sparc stable.
ppc stable
amd64/x86 stable, all arches done.
glsa request filed, if we're not affected, the request will be withdrawn.
All vulnerable versions removed, we still have bug 250018 open.
(In reply to comment #7) > glsa request filed, if we're not affected, the request will be withdrawn. Any new information if we are affected
Not as far as I have seen, no :-/
Hrm, since this bug is still open, here's a new security fix for Tor, 0.2.0.34. https://blog.torproject.org/blog/tor-0.2.0.34-stable-released Yep, I searched for another bug, but searching for "tor" in bugzilla, well, it doesn't exactly narrow the results. Apologies if another bug exists. :)
(In reply to comment #11) > Hrm, since this bug is still open, here's a new security fix for Tor, 0.2.0.34. > > https://blog.torproject.org/blog/tor-0.2.0.34-stable-released > > Yep, I searched for another bug, but searching for "tor" in bugzilla, well, it > doesn't exactly narrow the results. Apologies if another bug exists. :) It does now, bug 258833.
higher version needed, see bug #258833
GLSA 200904-11