[Frugalware-darcs] homepage-ng: FSA195-tor

voroskoi voroskoi at frugalware.org
Thu Jun 7 12:43:32 CEST 2007


Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=homepage-ng;a=darcs_commitdiff;h=20070607103554-dd049-9ab4b9b1f13b152ece9568866a4eba2814917113.gz;

[FSA195-tor
voroskoi <voroskoi at frugalware.org>**20070607103554] {
hunk ./frugalware/xml/security.xml 29
+	<fsa>
+		<id>195</id>
+		<date>2007-06-07</date>
+		<author>voroskoi</author>
+		<package>tor</package>
+		<vulnerable>0.1.1.26-3terminus1</vulnerable>
+		<unaffected>0.1.2.14-1terminus1</unaffected>
+		<bts>http://bugs.frugalware.org/task/2121</bts>
+		<cve>No CVE for this issue.</cve>
+		<desc>lodger has reported a weakness in Tor, which potentially can be ex=
ploited by malicious people to expose sensitive information. When building =
a circuit, Tor checks if an entry guard is exactly the same as an exit guar=
d, but fails to check if they are also part of the same family. This may we=
aken the Tor security concept and could make it easier to launch certain at=
tacks.</desc>
+	</fsa>
}


More information about the Frugalware-darcs mailing list