[stable] tor, yet again (was: NEW changes in proposedupdates)
On Sun, 21 Nov 2010, Debian FTP Masters wrote:
> Processing changes file: tor_0.2.1.26-1~lenny+1_i386.changes
> ACCEPT
Oh joy.
While this tor will work with an openssl patched to fix CVE-2009-3555
(the renegotiation/rfc5746 thing), it will break with the CVE-2010-3864
fix (TLS extension parsing race), which is already prepared and ready to
be released on security.d.o. *sigh*
Upstream is currently evaluating a one-line patch in Tor as a workaround
for openssl changing its behavior again[0].
I'm really sorry you have to deal with all this mess. Will keep you
posted.
weasel
0. https://bugs.torproject.org/2204
--
| .''`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/
Reply to: