Hello community, here is the log from the commit of package tor for openSUSE:Factory checked in at 2017-12-18 08:57:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tor (Old) and /work/SRC/openSUSE:Factory/.tor.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tor" Mon Dec 18 08:57:22 2017 rev:61 rq:547269 version:0.3.1.9 Changes: -------- --- /work/SRC/openSUSE:Factory/tor/tor.changes 2017-10-26 18:44:33.667455576 +0200 +++ /work/SRC/openSUSE:Factory/.tor.new/tor.changes 2017-12-18 08:57:25.104851086 +0100 @@ -1,0 +2,11 @@ +Fri Dec 1 20:33:08 UTC 2017 - [email protected] + +- tor 0.3.1.9 with the following security fixes that prevent some + traffic confirmation, DoS and other problems (bsc#1070849): + * CVE-2017-8819: Replay-cache ineffective for v2 onion services + * CVE-2017-8820: Remote DoS attack against directory authorities + * CVE-2017-8821: An attacker can make Tor ask for a password + * CVE-2017-8822: Relays can pick themselves in a circuit path + * CVE-2017-8823: Use-after-free in onion service v2 + +------------------------------------------------------------------- Old: ---- tor-0.3.1.8.tar.gz tor-0.3.1.8.tar.gz.asc New: ---- tor-0.3.1.9.tar.gz tor-0.3.1.9.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tor.spec ++++++ --- /var/tmp/diff_new_pack.UJtF4s/_old 2017-12-18 08:57:25.804817296 +0100 +++ /var/tmp/diff_new_pack.UJtF4s/_new 2017-12-18 08:57:25.808817103 +0100 @@ -20,7 +20,7 @@ %define torgroup %{name} %define home_dir %{_localstatedir}/lib/empty Name: tor -Version: 0.3.1.8 +Version: 0.3.1.9 Release: 0 Summary: Anonymizing overlay network for TCP (The onion router) License: BSD-3-Clause ++++++ tor-0.3.1.8.tar.gz -> tor-0.3.1.9.tar.gz ++++++ ++++ 19619 lines of diff (skipped)
