Tor 0.1.0.11 is released: security fix for servers
loki der quaeler
loki-lists at weltschmerz.org
Sat Jul 2 07:57:12 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
(the recommended versions list hasn't be updated to note this version
yet, so a [warn] is produced in the log file)
On 1 Jul, 2005, at 23.02, Roger Dingledine wrote:
> Tor 0.1.0.11 fixes a security problem where servers disregard their
> exit
> policies in some circumstances. All server operators running 0.1.0.x or
> later are advised to upgrade to 0.1.0.11 [1], downgrade to 0.0.9.10
> [2],
> or move to the latest Tor CVS [3]. Clients are not affected by this
> bug.
>
> [1] http://tor.eff.org/download.html
> [2] http://tor.eff.org/dist/
> [3] http://tor.eff.org/developers.html
>
> o Bugfixes on 0.1.0.x:
> - Fix major security bug: servers were disregarding their
> exit policies if clients behaved unexpectedly.
> - Make OS X init script check for missing argument, so we don't
> confuse users who invoke it incorrectly.
> - Fix a seg fault in "tor --hash-password foo".
> - The MAPADDRESS control command was broken.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFCxkjb8ndM5mBofVwRAqYLAKCeyBETtRLN/ye6C2emWsjy3+413ACeMLi9
5j4FMNAIJyufV8JDNJyGtXM=
=62ba
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list