Bug 12590 - "Tor Status Area Applet": Update to Tor 0.2.2.35 which fixes a critical heap-overflow issue
: "Tor Status Area Applet": Update to Tor 0.2.2.35 which fixes a critical heap-...
Status: UNCONFIRMED
Product: Tor
UI
: unspecified
: N900 Maemo
: Unspecified critical (vote)
: ---
Assigned To: Philipp Zabel
: general
:
:
:
:
  Show dependency tree
 
Reported: 2012-03-22 17:23 UTC by jbrownfirst
Modified: 2012-03-23 11:50 UTC (History)
1 user (show)

See Also:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description jbrownfirst (reporter) 2012-03-22 17:23:45 UTC
SOFTWARE VERSION: 
(Settings > General > About product)

EXACT STEPS LEADING TO PROBLEM: 
(Explain in detail what you do (e.g. tap on OK) and what you see (e.g. message
Connection Failed appears))
1. The "Tor Status Area Applet" contains a deprecated version of Tor (0.2.2.34
instead 0.2.2.35). 
2. 
3. 

EXPECTED OUTCOME:

ACTUAL OUTCOME: 

REPRODUCIBILITY: 
(always, less than 1/10, 5/10, 9/10)

EXTRA SOFTWARE INSTALLED: 

OTHER COMMENTS:
Comment 1 Andre Klapper maemo.org 2012-03-23 11:07:42 UTC
jbrownfirst: Why did you file this as critical? Were any vulnerabilities fixed?
Please see https://bugs.maemo.org/page.cgi?id=fields.html#importance
Comment 2 jbrownfirst (reporter) 2012-03-23 11:43:49 UTC
Because "Tor 0.2.2.35 fixes a critical heap-overflow security issue in Tor's
buffers code. Absolutely everybody should upgrade."

https://blog.torproject.org/blog/tor-02235-released-security-patches