"Fix a remotely exploitable bug that could be used to crash instances of Tor remotely by overflowing on the heap. Remote-code execution hasn't been confirmed, but can't be ruled out. Everyone should upgrade. Bugfix on the 0.1.1 series and later." saw this on the twitter thing. no idea what it is. Reproducible: Always
*** Bug 346759 has been marked as a duplicate of this bug. ***
Thanks for the pointer. Arches please stabilise net-misc/tor-0.2.1.28. Target: "amd64 arm ppc ppc64 sparc x86 ~x86-fbsd"
amd64 ok
x86 stable
amd64 done. Thanks Agostino
arm/sparc stable
ppc64 done
ppc done; closing as last arch
(In reply to comment #8) > ppc done > Thank you, Brent. However, please do not close security bugs. Our policy [1] requires that we publish security advisories in many cases, and it isn't until that has happened that we can close the bug. Feel free to ping me if you have any questions. Thanks again. [1] http://www.gentoo.org/security/en/vulnerability-policy.xml GLSA request filed.
All vulnerable versions cleaned up, my last action as net-misc/tor maintainer, handing over to blueness and ciiph.
(In reply to comment #10) > All vulnerable versions cleaned up, my last action as net-misc/tor maintainer, > handing over to blueness and ciiph. > Heh, beat me to it! Thanks Christian. I'm closing this one since no more vulnerable versions are on the tree.
(In reply to comment #11) > > I'm closing this one since no more vulnerable versions are on the tree. > Please do not close security bugs. Our policy [1] requires that we publish an advisory for some security issues. We will close the bug once that has happened. Feel free to ping me if you have any questions. Thanks. [1] http://www.gentoo.org/security/en/vulnerability-policy.xml
Thanks, folks. This has been published as GLSA 201101-02.
*** Bug 386211 has been marked as a duplicate of this bug. ***