[MacPorts] #52655: tor-devel updated to 0.2.9.4-alpha (includes security fix) (was: tpr-devel updated to 0.2.9.4-alpha (includes security fix))

MacPorts noreply at macports.org
Wed Oct 19 16:16:36 CEST 2016 

#52655: tor-devel updated to 0.2.9.4-alpha (includes security fix)
-----------------------------+---------------------------------
  Reporter:  macports.org@…  |      Owner:  macports-tickets@…
      Type:  update          |     Status:  new
  Priority:  Normal          |  Milestone:
 Component:  ports           |    Version:
Resolution:                  |   Keywords:  haspatch maintainer
      Port:  tor-devel       |
-----------------------------+---------------------------------
Description changed by larryv@…:

Old description:

> Tor 0.2.9.4-alpha fixes a security hole in previous versions of Tor
>   that would allow a remote attacker to crash a Tor client, hidden
>   service, relay, or authority. All Tor users should upgrade to this
>   version, or to 0.2.8.9. Patches will be released for older versions
>   of Tor.
>
>   o Major features (security fixes):
>     - Prevent a class of security bugs caused by treating the contents
>       of a buffer chunk as if they were a NUL-terminated string. At
>       least one such bug seems to be present in all currently used
>       versions of Tor, and would allow an attacker to remotely crash
>       most Tor instances, especially those compiled with extra compiler
>       hardening. With this defense in place, such bugs can't crash Tor,
>       though we should still fix them as they occur. Closes ticket
>       20384 (TROVE-2016-10-001).

New description:

 https://blog.torproject.org/blog/tor-0294-alpha-released-important-fixes

 > Tor 0.2.9.4-alpha fixes a security hole in previous versions of Tor
 > that would allow a remote attacker to crash a Tor client, hidden
 > service, relay, or authority. All Tor users should upgrade to this
 > version, or to 0.2.8.9. Patches will be released for older versions of
 > Tor.
 >
 > - Major features (security fixes):
 >   - Prevent a class of security bugs caused by treating the contents
 >     of a buffer chunk as if they were a NUL-terminated string. At
 >     least one such bug seems to be present in all currently used
 >     versions of Tor, and would allow an attacker to remotely crash
 >     most Tor instances, especially those compiled with extra compiler
 >     hardening. With this defense in place, such bugs can't crash Tor,
 >     though we should still fix them as they occur. Closes ticket 20384
 >     (TROVE-2016-10-001).

--

-- 
Ticket URL: <https://trac.macports.org/ticket/52655#comment:3>
MacPorts <https://www.macports.org/>
Ports system for the Mac operating system

More information about the macports-tickets mailing list