*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: tor I am the Tor project leader (aka the upstream). In Sept-Oct 2007 there was a thread on ubuntu-devel and ubuntu-motu with the subject "Tor Packages", wherein mako suggested that Ubuntu drop the Tor package from gutsy and hardy, because Tor doesn't provide multiple years of support. See e.g. http://www.mailinglistarchive.com/[email protected]/msg24404.html The conclusion was that there should be an exception for Tor, such that when we abandoned a major release, Ubuntu would switch up to the next stable Tor release. This time has come. Earlier this week we officially dropped support for the Tor 0.1.2.x branch. Since there are many known security problems (including some potential remote exploits that can turn into remote roots in the right circumstances), we recommend that nobody use it. In particular, gutsy is shipping 0.1.2.17: http://packages.ubuntu.com/gutsy/tor and hardy is shipping 0.1.2.19: http://packages.ubuntu.com/hardy/tor The Tor 0.2.0.x branch came out (starting at 0.2.0.30) in July 2008, and has stabilized very well by now. You can read its release notes and updates: http://archives.seul.org/or/announce/Aug-2008/msg00000.html http://archives.seul.org/or/announce/Sep-2008/msg00000.html http://archives.seul.org/or/announce/Dec-2008/msg00000.html http://archives.seul.org/or/announce/Jan-2009/msg00000.html http://archives.seul.org/or/announce/Feb-2009/msg00000.html I notice that Intrepid and Jaunty are also shipping old Tor versions, but they're already within the 0.2.0.x branch so should be easier to upgrade. We have up-to-date debs, made by the Debian maintainer, here: https://wiki.torproject.org/noreply/TheOnionRouter/TorOnDebian So: what's the process for making this happen? ** Affects: tor (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- Tor 0.1.2.x abandoned by upstream https://bugs.launchpad.net/bugs/328442 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
