from the tor release notes:
Changes in version 0.2.2.39 - 2012-09-11
Tor 0.2.2.39 fixes two more opportunities for remotely triggerable
o Security fixes:
- Fix an assertion failure in tor_timegm() that could be triggered
by a badly formatted directory object. Bug found by fuzzing with
Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.
- Do not crash when comparing an address with port value 0 to an
address policy. This bug could have been used to cause a remote
assertion failure by or against directory authorities, or to
allow some applications to crash clients. Fixes bug 6690; bugfix
I have not seen CVE ids for these issues.
Can you assign ids for them?
Is ok to stabilize 0.2.2.39 ?
Please begin stabilization. I'll take care of arm/ppc/ppc64
TARGET: amd64 arm ppc ppc64 sparc x86
stable arm ppc ppc64
Thanks everyone, @security, please vote.
The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x
before 0.2.3.22-rc, does not properly validate time values, which allows
remote attackers to cause a denial of service (assertion failure and daemon
exit) via a malformed directory object, a different vulnerability than
The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before
0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a
denial of service (assertion failure and daemon exit) via a zero-valued port
field that is not properly handled during policy comparison.
GLSA vote: yes.
GLSA Vote: yes. Added to existing request.
This issue was resolved and addressed in
GLSA 201301-03 at http://security.gentoo.org/glsa/glsa-201301-03.xml
by GLSA coordinator Sean Amoss (ackle).