Hi, all!
Tomorrow we'll be putting out new releases in all supported series
(0.2.4 through 0.3.1) to fix two vulnerabilities that we have found in
the hidden service code. These vulnerabilities allow an attacker to
cause a hidden service to crash with an assertion failure. We believe
that is the only impact. We are tracking these vulnerabilities as
TROVE-2017-004 and TROVE-2017-005.
For more information about how we handle security issues in Tor, see
our draft policy at:
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy
best wishes,
--
Nick
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
