#20431: do not recommend vulnerable tor versions - update "recommended versions" ------------------------------+--------------------- Reporter: cypherpunks | Owner: Type: defect | Status: new Priority: Medium | Milestone: Component: Core Tor/DirAuth | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: ------------------------------+---------------------
Comment (by cypherpunks): current set of recommended versions https://consensus- health.torproject.org/ : {{{ server-versions 0.2.4.26, 0.2.4.27, 0.2.5.11, 0.2.5.12, 0.2.6.5-rc, 0.2.6.6, 0.2.6.7, 0.2.6.8, 0.2.6.9, 0.2.6.10, 0.2.7.1-alpha, 0.2.7.2-alpha, 0.2.7.3-rc, 0.2.7.4-rc, 0.2.7.5, 0.2.7.6, 0.2.8.1-alpha, 0.2.8.2-alpha, 0.2.8.3-alpha, 0.2.8.4-rc, 0.2.8.5-rc, 0.2.8.6, 0.2.8.7, 0.2.8.8, 0.2.8.9, 0.2.9.1-alpha, 0.2.9.2-alpha, 0.2.9.3-alpha, 0.2.9.4-alpha }}} can be reduced to: {{{ server-versions 0.2.4.27, 0.2.5.12, 0.2.8.9, 0.2.9.4-alpha }}} backported version: https://security-tracker.debian.org/tracker/CVE-2016-8860 any other backported version we should include? -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20431#comment:2> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs