group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #20718
[Bug 1731698] Re: [SRU] Tor 0.2.9.13 and 0.3.0.12
Sorry about the delay. I've added the tasks for Xenial and Artful. We're
going to ignore Zesty due to its EOL.
@Simon are you planning on bumping those to the releases that have been
released since?
If so, I'll wait a bit before uploading those, if not, let me know and
I'll upload those.
** Also affects: tor (Ubuntu Artful)
Importance: Undecided
Status: New
** Also affects: tor (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: tor (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: tor (Ubuntu Xenial)
Status: New => Triaged
** Changed in: tor (Ubuntu Artful)
Status: New => Triaged
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1731698
Title:
[SRU] Tor 0.2.9.13 and 0.3.0.12
Status in tor package in Ubuntu:
Fix Released
Status in tor source package in Xenial:
Triaged
Status in tor source package in Artful:
Triaged
Bug description:
Micro versions of Tor were recently released to address some security
problems (CVE-2017-0380/TROVE-2017-008) and crashes. The new releases
also include directory authority changes.
[Test Case]
1) Setup Tor:
$ sudo apt-get install tor
2) Check if the Tor network is usable:
$ torsocks wget -qO - https://ifconfig.co
192.0.2.1
3) Check that the IP returned by https://ifconfig.co is NOT the one
assigned by you ISP.
4) If you got a different IP it means wget used the Tor network
successfully
5) Repeat with the -proposed package
[Regression Potential]
Unfortunately, I don't know what regression could be introduced by
those micro version upgrades (0.2.9.11->0.2.9.13 and
0.3.0.10->0.3.0.12). Debian shipped 0.2.9.12 some time ago and I
didn't find any regression in their bug tracker. Unfortunately, Debian
no longer ship the 0.3.0.x branch as they moved to 0.3.1.x so the
version in Artful saw less "in the wild" testing.
I also looked at the upstream bug tracker and didn't find any relevant
regression introduced by those new versions.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+subscriptions