[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tor-talk] Security releases tomorrow for Tor



Hello!

I'm sending this message to announce that we will be releasing new
stable and versions of Tor tomorrow, to fix 5 security bugs.  I
apologise for the short notice; we've had to move up our intended
release date in order to try to match with release deadlines for
downstream projects.

We have classified 3 of these bugs as Medium and 2 as High, per draft
security process at
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy
.  The most serious bugs are a pair of denial-of-service issues, which
we treat as high security because of the possibility of escalating
them for traffic-analysis purposes.

Note that only the following series are supported, and only they will
receive updates: 0.2.5, 0.2.8, 0.2.9, 0.3.0, 0.3.1, and 0.3.2.  0.2.8
and 0.3.0 will become unsupported in January; 0.2.5 will become
unsupported in May.

best wishes,
-- 
Nick
-- 
tor-talk mailing list - tor-talk AT lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk