← Back to team overview

group.of.nepali.translators team mailing list archive

  1. group.of.nepali.translators team
  2. Mailing list archive
  3. Message #20718

[Bug 1731698] Re: [SRU] Tor 0.2.9.13 and 0.3.0.12

  Thread PreviousDate PreviousThread Next 
Sorry about the delay. I've added the tasks for Xenial and Artful. We're
going to ignore Zesty due to its EOL.

@Simon are you planning on bumping those to the releases that have been
released since?

If so, I'll wait a bit before uploading those, if not, let me know and
I'll upload those.

** Also affects: tor (Ubuntu Artful)
   Importance: Undecided
       Status: New

** Also affects: tor (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Changed in: tor (Ubuntu)
       Status: Confirmed => Fix Released

** Changed in: tor (Ubuntu Xenial)
       Status: New => Triaged

** Changed in: tor (Ubuntu Artful)
       Status: New => Triaged

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1731698

Title:
  [SRU] Tor 0.2.9.13 and 0.3.0.12

Status in tor package in Ubuntu:
  Fix Released
Status in tor source package in Xenial:
  Triaged
Status in tor source package in Artful:
  Triaged

Bug description:
  Micro versions of Tor were recently released to address some security
  problems (CVE-2017-0380/TROVE-2017-008) and crashes. The new releases
  also include directory authority changes.

  [Test Case]

  1) Setup Tor:
  $ sudo apt-get install tor

  2) Check if the Tor network is usable:
  $ torsocks wget -qO - https://ifconfig.co
  192.0.2.1

  3) Check that the IP returned by https://ifconfig.co is NOT the one
     assigned by you ISP.

  4) If you got a different IP it means wget used the Tor network
  successfully

  5) Repeat with the -proposed package

  
  [Regression Potential]

  Unfortunately, I don't know what regression could be introduced by
  those micro version upgrades (0.2.9.11->0.2.9.13 and
  0.3.0.10->0.3.0.12). Debian shipped 0.2.9.12 some time ago and I
  didn't find any regression in their bug tracker. Unfortunately, Debian
  no longer ship the 0.3.0.x branch as they moved to 0.3.1.x so the
  version in Artful saw less "in the wild" testing.

  I also looked at the upstream bug tracker and didn't find any relevant
  regression introduced by those new versions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+subscriptions
  Thread PreviousDate PreviousThread Next