From ChangeLog: ``` 25 o Major bugfixes (TROVE-2022-002, client): 26 - The SafeSocks option had its logic inverted for SOCKS4 and 27 SOCKS4a. It would let the unsafe SOCKS4 pass but not the safe 28 SOCKS4a one. This is TROVE-2022-002 which was reported on 29 Hackerone by "cojabo". Fixes bug 40730; bugfix on 0.3.5.1-alph ```
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ebd93d62b377c717147ceedb1d3947f3539cce2 commit 7ebd93d62b377c717147ceedb1d3947f3539cce2 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-01-13 04:40:04 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-01-13 04:40:04 +0000 net-vpn/tor: add 0.4.7.13 Bug: https://bugs.gentoo.org/890618 Signed-off-by: Sam James <sam@gentoo.org> net-vpn/tor/Manifest | 3 + net-vpn/tor/tor-0.4.7.13.ebuild | 126 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 129 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=945fc2c2e5f0a69c6d4f60f2d2c6035d01251415 commit 945fc2c2e5f0a69c6d4f60f2d2c6035d01251415 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-01-26 21:46:20 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-01-26 21:47:06 +0000 net-vpn/tor: drop 0.4.7.11, 0.4.7.12 Bug: https://bugs.gentoo.org/890618 Signed-off-by: John Helmert III <ajak@gentoo.org> net-vpn/tor/Manifest | 6 -- net-vpn/tor/tor-0.4.7.11.ebuild | 126 ---------------------------------------- net-vpn/tor/tor-0.4.7.12.ebuild | 126 ---------------------------------------- 3 files changed, 258 deletions(-)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=464847c4e70c07cfb07a8715f613e418da18698e commit 464847c4e70c07cfb07a8715f613e418da18698e Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-03 09:53:19 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-03 09:54:23 +0000 [ GLSA 202305-11 ] Tor: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/808681 Bug: https://bugs.gentoo.org/852821 Bug: https://bugs.gentoo.org/890618 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202305-11.xml | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+)