[tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
Louie Cardone-Noott
lcn at fastmail.net
Wed Oct 26 16:24:24 UTC 2016
On Wed, 26 Oct 2016, at 02:04 PM, Zack Weinberg wrote:
> If you're using Debian jessie, you can get an 0.2.8.9 package from
> either backports or the torproject.org repository. I went with
> backports because that let me also pick up a much newer openssl.
>
> zw
Zack,
Interesting, I too recently upgraded to the backports version of tor but
didn't think to do openssl too. The current versions as far as I can
tell are:
jessie, 1.0.1t-1+deb8u5 (https://packages.debian.org/jessie/openssl)
jessie-backports, 1.0.2j-1~bpo8+1
(https://packages.debian.org/jessie-backports/openssl)
Is there such a big difference between these?
Louie
More information about the tor-relays
mailing list