Hi all, In September the Tor Browser team made three releases: Tor Browser 6.0.5[1], 6.5a3[2], and 6.5a3-hardened[3].
Tor Browser 6.0.5 got released ahead of schedule on September 16 to fix a public security vulnerability in Firefox[4] that affected Tor Browser as well. Additionally, with the switch to ESR 45.4.0 Tor Browser 6.0.5 closed a number of other serious Firefox vulnerabilities[5]. Furthermore, we included an updated Tor version (0.2.8.7) and HTTPS-Everywhere 5.2.4 + minor enhancements and bug fixes. The alpha releases (6.5a3 and 6.5a3-hardened) contain a number of improvements in addition to those that made it into Tor Browser 6.0.5. Noteworthy enhancements are unix domain socket support for Tor Browser (on Linux and OS X a unix domain socket is used for controller <-> tor connections by default)[6] and moving the Referer spoofing for .onion domains out of Torbutton into Firefox code[7]. Apart from the above mentioned releases we mainly worked on SponsorU related tickets and helped Mozilla upstreaming our patches. The full list of tickets closed by the Tor Browser team in September is accessible using the TorBrowserTeam201609 tag in our bug tracker[8]. For October no releases are scheduled. Rather, we intend to focus on our remaining SponsorU tasks[9] and plan to address the unix domain socket and signing related bugs that got uncovered by our alpha releases[10][11][12]. If there is time to address further bug reports and enhancement requests the tickets being on our radar for this month can be seen with the TorBrowserTeam201610 tag in our bug tracker[13]. Georg [1] https://blog.torproject.org/blog/tor-browser-605-released [2] https://blog.torproject.org/blog/tor-browser-65a3-released [3] https://blog.torproject.org/blog/tor-browser-65a3-hardened-released [4] http://seclists.org/dailydave/2016/q3/51 [5] https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/ [6] See: https://bugs.torproject.org/14270 and closed child tickets 14271, 14272, and 14273. [7] https://bugs.torproject.org/17334 [8] https://trac.torproject.org/projects/tor/query?status=closed&keywords=~TorBrowserTeam201609 [9] https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201610&sponsor=SponsorU&order=priority [10] https://bugs.torproject.org/20210 [11] https://bugs.torproject.org/20185 [12] https://bugs.torproject.org/20182 [13] https://trac.torproject.org/projects/tor/query?keywords=~TorBrowserTeam201610
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-reports mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-reports
