[tor-relays] 'critical' security update: Tor 0.2.2.39
Roger Dingledine
arma at mit.edu
Sat Sep 15 11:15:25 UTC 2012
On Sat, Sep 15, 2012 at 12:25:59PM +0200, tagnaq wrote:
> It is quite sad that one has to find out about 'critical' security
> updates [0] via an unrelated thread on tor-talk [1] or the blog [2]
> instead of getting an announcement on tor-announce [3] - where relay
> operators are probably expecting such information.
There, I sent the mail. I'd been waiting a few days to make sure the
new packages weren't broken. Thanks for the kick.
In the spectrum of critical, I wouldn't put this one towards the top.
There's no code execution or privacy or anonymity issues. So yes,
upgrading is definitely a fine idea, but it's not a "cancel your dinner
plans to do it" sort of situation.
> Are tor versions 0.2.3.x and 0.2.4.x affected too?
Yes. I haven't put an 0.2.4.3-alpha out yet (it's an alpha after all).
I should probably do that soon.
--Roger
More information about the tor-relays
mailing list