[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#679224: pu: package tor/

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu


I would like to update the Tor in stable from to

This is an update on Tor's stable tree (instead of its development tree)
and the changes are thus rather conservative.

It fixes a couple of minor security issues, like no longer leaking
uninitialized memory, properly rejecting inputs where the number exceeds
valid values for its storage types, or not adding more bytes to input
buffers while renegotiating.

Furthermore, a few issues are resolved that might affect a user's
anonymity.  These include things such as only building circuits when a
client knows a sufficient number of "exit" nodes, never using a bridge
as an exit, or reusing circuits in an unsafe manner.

Additionaly it updates the list of directory authorities, makes building
with newer and older openssl libraries safer (probably not important for
us) and makes building on a few other platforms more robust.

Tor versions and .37 have been in unstable and testing for a
few weeks now and I am reasonably confident that is fit for
being included in the next point release of squeeze.

May I prepare and upload a tor package?



Reply to: