Ubuntu
tor package

[edgy sync] Upstream reports security flaw: clients will relay traffic

Bug #58605 reported by Roger Dingledine on 2006-09-02

272

Affects		Status	Importance	Assigned to	Milestone
	tor (Ubuntu)	Fix Released	High	William Grant
	Dapper	Fix Released	Undecided	Martin Pitt

Bug Description

http://archives.seul.org/or/announce/Aug-2006/msg00001.html

We've provided a 0.1.0.18 tarball that should be a safe
replacement for your 0.1.0.16, if you can't upgrade to
the 0.1.1.x tree.

Revision history for this message

William Grant (wgrant) wrote on 2006-09-25:

This affects Hoary, Breezy and Dapper. Current Edgy will be fixed with the sync of 0.1.1.23-1 from Debian Sid in the next couple of days.

Changed in tor:
status:	Unconfirmed → Confirmed

Revision history for this message

William Grant (wgrant) wrote on 2006-09-26:

Sorry, this doesn't affect Hoary.

Changed in tor:
assignee:	nobody → fujitsu
status:	Confirmed → In Progress

Revision history for this message

William Grant (wgrant) wrote on 2006-09-26:

debdiff of fix backported to Breezy's 0.1.0.15-1ubuntu1 Edit (2.5 KiB, text/plain)

Revision history for this message

William Grant (wgrant) wrote on 2006-09-26:

debdiff of fix backported to Dapper's 0.1.0.16-1ubuntu2 Edit (2.5 KiB, text/plain)

Revision history for this message

William Grant (wgrant) wrote on 2006-09-26:

debdiff of fix backported to Breezy's 0.1.0.15-1ubuntu1 (with fixed changelog) Edit (2.6 KiB, text/plain)

Revision history for this message

William Grant (wgrant) wrote on 2006-09-26:

debdiff of fix backported to Dapper's 0.1.0.16-1ubuntu2 (with fixed changelog) Edit (2.6 KiB, text/plain)

Revision history for this message

Martin Pitt (pitti) wrote on 2006-09-27:

Breezy and Dapper patches applied and uploaded. Will be published as soon as they have built.

Changed in tor:
assignee:	nobody → pitti
status:	Unconfirmed → In Progress

Revision history for this message

Martin Pitt (pitti) wrote on 2006-09-27:

Archive admins, please sync 1.1.23 (Debian main) to Edgy (universe) to fix vulnerability.

tor (0.1.1.23-1) unstable; urgency=medium

* New upstream version.

-- Peter Palfrader <email address hidden> Thu, 3 Aug 2006 03:13:24 +0200

Changed in tor:
importance:	Undecided → High

Revision history for this message

Martin Pitt (pitti) wrote on 2006-09-27:

Released *-security. Thank you, William!

Changed in tor:
status:	In Progress → Fix Released

Revision history for this message

Colin Watson (cjwatson) wrote on 2006-09-28:

#10

[Updating] tor (0.1.1.22-1 [Ubuntu] < 0.1.1.23-1 [Debian])
* Trying to add tor...
  - <tor_0.1.1.23-1.dsc: downloading from http://ftp.debian.org/debian/>
  - <tor_0.1.1.23-1.diff.gz: downloading from http://ftp.debian.org/debian/>
  - <tor_0.1.1.23.orig.tar.gz: downloading from http://ftp.debian.org/debian/>
I: tor [universe] -> tor_0.1.1.22-1 [universe].
I: tor [universe] -> tor-dbg_0.1.1.22-1 [universe].

Changed in tor:
status:	In Progress → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicates of this bug

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntutor package

[edgy sync] Upstream reports security flaw: clients will relay traffic

Bug Description

Duplicates of this bug

Other bug subscribers

Patches

Remote bug watches

Ubuntu
tor package