Tor 1.2.16 - Security hole

2007-08-08 Thread Peter Thoenen
I hate to call Rui out in public but he is the maintainer here and very non responsive to private emails about this. Tor 1.1.x has BEEN DEPRECIATED from before the time 4.1 STABLE was released (you were notified of this also Rui) and all version earlier than 1.2.15 suffer a remote code

Re: Tor 1.2.16 - Security hole

2007-08-08 Thread Will Maier
On Wed, Aug 08, 2007 at 11:47:56AM -0400, Peter Thoenen wrote: I hate to call Rui out in public but he is the maintainer here and very non responsive to private emails about this. A fix (up to 0.1.2.16) was committed to -current yesterday; it was MFCed this morning.

Re: Tor 1.2.16 - Security hole

2007-08-08 Thread Peter Valchev
On 8/8/07, Peter Thoenen [EMAIL PROTECTED] wrote: I hate to call Rui out in public but he is the maintainer here and very non responsive to private emails about this. Tor 1.1.x has BEEN DEPRECIATED from before the time 4.1 STABLE was released (you were notified of this also Rui) and all

Re: Tor 1.2.16 - Security hole

2007-08-08 Thread Nikns Siankin
On Wed, Aug 08, 2007 at 11:47:56AM -0400, Peter Thoenen wrote: I hate to call Rui out in public but he is the maintainer here and very non responsive to private emails about this. Tor 1.1.x has BEEN DEPRECIATED from before the time 4.1 STABLE was released (you were notified of this also Rui) and

Re: Tor 1.2.16 - Security hole

2007-08-08 Thread Theo de Raadt
I agree with you on this -current/-stable thingy. This ports tree soft locking shit *how we care about -stable users* is bullshit, when outdated/security vulnerable stuff is even in -current and it takes ages to backport and make packages of needed security updates... I see there no logic,

Re: Tor 1.2.16 - Security hole

2007-08-08 Thread Nikolay Sturm
* Peter Thoenen [2007-08-08]: Tor 1.1.x has BEEN DEPRECIATED from before the time 4.1 STABLE was Tor 1.2 only came out around the release of 4.1 and no update was marked a security update, so there was no reason to update the -stable ports. We have our policies and we do have them for a good

Tor 1.2.16 - Security hole

2007-08-08 Thread Julian Frede
I am sorry do get my hands dirty with a thread like that but I just can't help my self. The only thing I thought of when reading peters post was: Why the hell didn't he send a patch to the maintainer? -Julian -- Lubarsky's Law of Cybernetic Entomology: There's always one more bug.

Re: Tor 1.2.16 - Security hole

2007-08-08 Thread Jacob Yocom-Piatt
Julian Frede wrote: I am sorry do get my hands dirty with a thread like that but I just can't help my self. The only thing I thought of when reading peters post was: Why the hell didn't he send a patch to the maintainer? because he's busy sucking on a bag of dicks. -Julian --