Your message dated Sun, 02 Jul 2017 09:04:51 +0000
with message-id <[email protected]>
and subject line Bug#866799: fixed in tor 0.3.0.9-1
has caused the Debian Bug report #866799,
regarding tor: CVE-2017-0377: TROVE-2017-006: Path selection issue
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
866799: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866799
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: tor
Version: 0.3.0.8-1
Severity: important
Tags: upstream fixed-upstream security
Forwarded: https://trac.torproject.org/projects/tor/ticket/22753
To track the bug in the Debian BTS.
Upstream Bug: https://trac.torproject.org/projects/tor/ticket/22753
https://blog.torproject.org/blog/tor-0309-released-security-update-clients
https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients
> When choosing which guard to use for a circuit, avoid the exit's
> family along with the exit itself. Previously, the new guard selection
> logic avoided the exit, but did not consider its family.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: tor
Source-Version: 0.3.0.9-1
We believe that the bug you reported is fixed in the latest version of
tor, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Peter Palfrader <[email protected]> (supplier of updated tor package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 02 Jul 2017 00:53:02 +0200
Source: tor
Binary: tor tor-dbg tor-geoipdb
Architecture: source
Version: 0.3.0.9-1
Distribution: unstable
Urgency: medium
Maintainer: Peter Palfrader <[email protected]>
Changed-By: Peter Palfrader <[email protected]>
Description:
tor - anonymizing overlay network for TCP
tor-dbg - debugging symbols for Tor
tor-geoipdb - GeoIP database for Tor
Closes: 866799
Changes:
tor (0.3.0.9-1) unstable; urgency=medium
.
* New upstream version, upload 0.3.0.x tree to unstable.
- Fixes TROVE-2017-006: Regression in guard family avoidance
(closes: #866799; CVE-2017-0377).
* Remove debian/README.{polipo,privoxy} as using them is not recommended.
(Torbrowser is the better option for users browsing the web.)
Checksums-Sha1:
d245e306c9641be6e55b90f50314806b9820a646 1820 tor_0.3.0.9-1.dsc
48c6d037d030056256ba6dd8adcc1142613d05d0 5811303 tor_0.3.0.9.orig.tar.gz
ede12620a7bde9c1ac942b096a79422e322308f1 41628 tor_0.3.0.9-1.diff.gz
Checksums-Sha256:
25b65f27fb066bde48d8c81d0d46e872a31aef1e9bcc52dd205e6860b634c969 1820
tor_0.3.0.9-1.dsc
48d4880bf6ccb19ce9af2abde6946d7cf0635cc807548badbf4a221a79581e42 5811303
tor_0.3.0.9.orig.tar.gz
66ac398b08fbfdb5be188d1f245a841ff9ba8e572062e8920f896e554e37e993 41628
tor_0.3.0.9-1.diff.gz
Files:
3f5119dbd44fcac30fe981097a5684e9 1820 net optional tor_0.3.0.9-1.dsc
3e1592efce06ab867db637b03754d0a3 5811303 net optional tor_0.3.0.9.orig.tar.gz
0a789dade551c4a29428026f7c1af128 41628 net optional tor_0.3.0.9-1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJZWLGBAAoJEIYCyCA4cjMfH98H/15m73lWPxYwaxR3y/eHRfrd
woedr8Wc5F0pIXjNIewE5iFZcQK7Z0xUNLHJcNIg1phOTj/K/9tXKpulJvwU5RJe
GwrI/YYxwg4DFqlEmsXoBko8ewI0P/ZK5cerrflnsWnsXqavt4y7CLPrGkGVHvQb
nHCRBt63NCrTby1oWfKlB0/1eiAeV8qzs1OUndqrehn9UJByQllFmW9CxFiYwfeO
DTMvmkcfxwi66T2DesnFTD3E+1HKyBvpWOT8psfCuLt9jpFpnlhCfgaoOQNKbCkU
PsUgtNO1ZYC9efw578wgHqaRn2Th53QO0oqhKziG/7VGfabHcPFlQhuCGxpgB6U=
=EHB3
-----END PGP SIGNATURE-----
--- End Message ---
