From ${URL} : Common Vulnerabilities and Exposures assigned an identifier CVE-2013-7295 to the following vulnerability: Name: CVE-2013-7295 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7295 Assigned: 20140117 Reference: https://lists.torproject.org/pipermail/tor-talk/2013-December/031483.html Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors. @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
(In reply to Agostino Sarubbo from comment #0) > > > @maintainer(s): since the fixed package is already in the tree, please let > us know if it is ready for the stabilization or not. It is ready: KEYWORDS="amd64 arm ppc ppc64 sparc x86"
amd64 stable
x86 stable
CVE-2013-7295 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7295): Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors.
arm stable
ppc64 stable
sparc stable
ppc stable. Maintainer(s), please cleanup. Security, please vote.
(In reply to Agostino Sarubbo from comment #8) > ppc stable. > > Maintainer(s), please cleanup. > Security, please vote. Done.
Thanks for your work GLSA vote: no
GLSA vote: no. Closing as [noglsa]