[tor-packagers] New release: Tor 0.4.5.1-alpha
Nick Mathewson
nickm at torproject.org
Sun Nov 1 21:41:14 UTC 2020
Hi, friends!
There's a new alpha release out today: Tor 0.4.5.1-alpha. The website
hasn't updated yet, but you can find the source at the usual place on
https://dist.torproject.org/ .
Note that I've updated my pgp key with a new expiration date: you may
need to refresh it from the keyservers if it seems to be expired.
Here is a changelog for this release:
https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.4.5.1-alpha
Please note that this release has a fix for a medium-severity issue,
TROVE-2020-005.
The impact of this security issue is that if an adversary steals or
factors a relay's RSA legacy identity key without stealing its Ed25519
identity key, there is a timing-dependent active attack that the
attacker could use to mis-route a small number of circuits through a
TLS connection under the attacker's control. (The attacker could not
use this to read traffic; only to observe traffic patterns.)
We're going to backport this fix, and others, to the supported stable
release series in the next week or so, so it would be great to have
testing on 0.4.5.1-alpha in the meantime.
all best wishes,,
--
Nick
More information about the tor-packagers
mailing list