-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 >> I think I have a handle on what they did, and how to fix it. >> We've been trying to find delicate ways to explain that we think >> we know what they did, but also it sure would have been smoother >> if they'd opted to tell us everything. The main reason for trying >> to be delicate is that I don't want to discourage future >> researchers from telling us about neat things that they find. I'm >> currently waiting for them to answer their mail so I can >> proceed. > > I have timed out on them and put out two new releases plus a > security advisory: > https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
thanks! Surprised > to see the fix of a bug that was worth a tor security advisory to be in the "Minor bugfixes" section of the changelog. > o Minor bugfixes: - Warn and drop the circuit if we receive an > inbound 'relay early' cell. Those used to be normal to receive on > hidden service circuits due to bug 1038, but the buggy Tor versions > are long gone from the network so we can afford to resume watching > for them. Resolves the rest of bug 1038; bugfix on 0.2.1.19. So I guess "Minor bugfixes" can have quiet an impact as well then. Will watch 'minor bugfixes' closer in the future ;) -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJT2WwgAAoJEDcK3SCCSvoeTBcP/0//HDaNIhgI7j5K4eIU1Ae8 Pbxx9YJL8NqPv65nI6qRBWOIYTp7nfXYMdOt+yvRN80B/UI1QC8UGx96CKInkDj1 SIPt3BAo+AUTlI4PN2HXxkSaw66Rz9fKNaQsLNit1vlfNuI5VO7SL3mQqmoxOfw4 sUdG1ne6UlmEQNJkoVu7OBlq9+DcjTVy2Hj175Q+wcKZ87jZpX6teVhl/gzm0hfU FYOr9vlMYSwa8rYYrwTEvOinW55yhsazLKyV1Eq/qZM3QWIK1hiN9LhR6xmlirCy Ewl/rZckNvvvB08l/EnifE4nJKwTew047cvCSJh9DBQ7/7BoHnlkNz26gB27JLxi ooz69uilyuY207+3TJpSn2KfEAUyQHG/C81ZPvOX+It7LIuumpfRW22Pr73yHRrZ uzQ10NB7p7VCWZIgGCV5PLRBchk1O/5CIJpsEpKmx/772IUUTMqNlLMYmBekCJiO CCxAi3BgqHsHo0g72J7yoq6hs2hr9dMA7ScmniTH+SqKux5hxdpCl7pM4JE8JNS9 K8R3wVU7Z/xEPqxq9dZyTuat2ASDhKrUP0dq2iNYXWlSOGzj7wOzH2xjkQkgbhSl gJ2QIzYYgrsC0K/UWvWaRBe4S3Ljki40Hhh4SaoPLzSQ0LILD7tEAS5eS03GM58p oKHbtKQwdQ/q8YY4v+Pd =yVXu -----END PGP SIGNATURE----- -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
