Re: Tor 0.1.2.16 is released, fixes a critical security vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Justin Conover wrote:
> Not sure if this should be in bugzilla or were.

Yeah, bugzilla is generally the best place for this sort of thing.
For security problems, it's also worth checking the fedora-security
module in CVS to see if the problem is known.  In this case it is:

http://cvs.fedora.redhat.com/viewcvs/fedora-security/audit/fc7?root=fedora&view=markup

The line:

CVE-2007-4174 VULNERABLE (tor, fixed 0.1.2.16)

indicates that the version in the repository is known to be vulnerable
and that the issue was fixed in upstream release 0.1.2.16.

I also checked in the F7 update manager, Bodhi, and I see that
tor-0.1.2.16-1.fc7 was submitted on 2007-08-02.  For some reason the
update is marked as pending still (as are 0.1.2.14 and 0.1.2.15).
Something seems amiss there.

You can find the updated packages in the F7 build system (though they
are unsigned, FYI):

http://koji.fedoraproject.org/koji/buildinfo?buildID=12656

I'll ask on fedora-maintainers if there's a reason for the tor updates
not being pushed for weeks and weeks.

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Between two evils, I always pick the one I never tried before.
    -- Mae West

Attachment: pgpVkqRT1CrD7.pgp
Description: PGP signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux