#29158: Add fix for DSA 4371-1 (apt vulnerability) -------------------------------------------+------------------------------- Reporter: boklm | Owner: tbb-team Type: defect | Status: | needs_revision Priority: High | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: TorBrowserTeam201901, tbb-rbm | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------+-------------------------------
Comment (by boklm): Replying to [comment:6 gk]: > The 32bit situation for Linux looks bleak. BUT: I thought we should start soon with #26323 anyway. I think this bug is a reason to start now- ish with that effort. I guess we could try to squeeze it into 8.5. boklm: what do you think? Yes, I think it should be possible to do #26323 soon. The new apt package is not available yet for i386 at this time: http://deb.freexian.com/extended-lts/pool/main/a/apt/ However maybe they will add it later as looking at the file modification time it seems it is not the first time that the i386 package comes later. Otherwise we can maybe rebuild the package ourself. I started working on a patch installing the apt updated packages into the containers: https://gitweb.torproject.org/user/boklm/tor-browser- build.git/commit/?h=bug_29158_v3&id=4672030e7308f852836092ddcfdce76ae90f797b It is currently installing the packages on stretch too, however since yesterday they made a stretch point release, so it should not be needed anymore (but maybe we can add a check to verify that the correct version was installed). -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29158#comment:7> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs