[tor-packagers] Fwd: Upcoming stable releases to fix a medium-severity security issue
    Nick Mathewson 
    nickm at torproject.org
       
    Wed Feb 20 17:30:14 UTC 2019
    
    
  
---------- Forwarded message ---------
From: Nick Mathewson <nickm at torproject.org>
Date: Wed, Feb 20, 2019 at 12:29 PM
Subject: Upcoming stable releases to fix a medium-severity security issue
To: <tor-talk at lists.torproject.org>
Hi!
I'm planning to put out new Tor source releases some time Thursday or
Friday.  They will be versions 0.3.3.12, 0.3.4.11, 0.3.5.8, and
0.4.0.2-alpha.
These versions will, among the usual array of bugfixes, fix a
medium-severity security issue: a remote denial-of-service attack
vector against relays and clients running version 0.3.2.1-alpha and
later. While we don't currently know an exploit for the issue, we hope
that all affected relays will upgrade.  The issue is traced as
TROVE-2019-001, Tor bug #29168, and CVE-2019-8955.
One more reminder: the 0.3.3.x series was scheduled to reach
end-of-life as of February 22.  We've extended that to February 28,
but after that date, there will be no more security updates for the
0.3.3.x series.  If you need a version that will receive long-term
support, we recommend that you stick with 0.3.5.x, which will be
supported until 2022.
best wishes,
-- 
Nick
    
    
More information about the tor-packagers
mailing list