Branch p8 update bulletin.

Package genspec updated to version 1.2.6-alt1 for branch p8 in task 184736.

Неверно выставляется тег в .gear/rules

Package tor updated to version 0.3.0.9-alt1.M80P.1 for branch p8 in task 184902.

Published: 2017-07-02
Modified: 2024-11-21

CVE-2017-0377

Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

https://blog.torproject.org/blog/tor-0309-released-security-update-clients
https://blog.torproject.org/blog/tor-0309-released-security-update-clients
https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients
https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients
https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350
https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350
https://security-tracker.debian.org/CVE-2017-0377
https://security-tracker.debian.org/CVE-2017-0377
https://trac.torproject.org/projects/tor/ticket/22753
https://trac.torproject.org/projects/tor/ticket/22753

Version: 2.1.0

Branch p8 update on 2017-07-04

ALT-BU-2017-3211-1

ALT-PU-2017-1797-1

Closed bugs

Bug #33596

ALT-PU-2017-1800-1

Closed vulnerabilities

CVE-2017-0377