#29171: Redeploy meek-server instances with go1.11.5 ----------------------------------+----------------- Reporter: dcf | Owner: dcf Type: task | Status: new Priority: Medium | Milestone: Component: Obfuscation/meek | Version: Severity: Normal | Keywords: Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | ----------------------------------+----------------- [https://github.com/golang/go/issues/29903 CVE-2019-6486] is a DoS on the implementation of certain elliptic curves, fixed in go1.11.5.
Redeploy servers that use crypto/tls and therefore may be exposed to the bug: - [https://metrics.torproject.org/rs.html#details/8F4541EEE3F2306B7B9FEF1795EC302F6B84DAE8 cymrubridge02] (backend for meek-azure) - starman (throttled meek.bamsoftware.com) - maenad (unthrottled meek.bamsoftware.com) - GAEuploader (gaeuploader.meek.bamsoftware.com) -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29171> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs