Source: tor Version: 0.4.8.16-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for tor. CVE-2025-4444[0]: | A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. | Impacted is an unknown function of the component Onion Service | Descriptor Handler. Performing manipulation results in resource | consumption. The attack may be initiated remotely. The attack's | complexity is rated as high. The exploitability is considered | difficult. Upgrading to version 0.4.8.18 and 0.4.9.3-alpha is | recommended to address this issue. It is recommended to upgrade the | affected component. I think for stable this can be fixed via upcoming point releases or piggy-backed later in a future DSA? If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-4444 https://www.cve.org/CVERecord?id=CVE-2025-4444 [1] https://github.com/chunmianwang/Tordos [2] https://forum.torproject.org/t/alpha-and-stable-release-0-4-8-18-and-0-4-9-3-alpha/20578 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
