[SRU] Tor 0.2.9.14 and 0.3.0.13
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tor (Ubuntu) |
Fix Released
|
Undecided
|
Simon Déziel | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Artful |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Micro versions of Tor were recently released to address some security problems (CVE-2017-
[Test Case]
1) Setup Tor:
$ sudo apt-get install tor
2) Check if the Tor network is usable:
$ torsocks wget -qO - https:/
192.0.2.1
3) Check that the IP returned by https:/
assigned by you ISP.
4) If you got a different IP it means wget used the Tor network successfully
5) Repeat with the -proposed package
[Regression Potential]
Unfortunately, I don't know what regression could be introduced by those micro version upgrades (0.2.9.11->0.2.9.13 and 0.3.0.10-
I also looked at the upstream bug tracker and didn't find any relevant regression introduced by those new versions.
The attachment "tor-16.04.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]