On Sun, 21 Nov 2010, Debian FTP Masters wrote: > Processing changes file: tor_0.2.1.26-1~lenny+1_i386.changes > ACCEPT
Oh joy. While this tor will work with an openssl patched to fix CVE-2009-3555 (the renegotiation/rfc5746 thing), it will break with the CVE-2010-3864 fix (TLS extension parsing race), which is already prepared and ready to be released on security.d.o. *sigh* Upstream is currently evaluating a one-line patch in Tor as a workaround for openssl changing its behavior again[0]. I'm really sorry you have to deal with all this mess. Will keep you posted. weasel 0. https://bugs.torproject.org/2204 -- | .''`. ** Debian GNU/Linux ** Peter Palfrader | : :' : The universal http://www.palfrader.org/ | `. `' Operating System | `- http://www.debian.org/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
