Red Hat Bugzilla – Bug 499438
tor 0.2.0.34 update
Last modified: 2009-07-03 15:46:48 EDT
It would be appreciated if the package maintainer would monitor for updates more closely; this security update was announced some three months ago - 2009-02-08
Enrico was on it within two days:
but the builds aren't getting pushed to updates-testing. Could somebody please kick the proper lever?
accordingly documentation, updates should be pushed when karma at
reaches a critical level. But I do not have a clue how it can be modified, and the CLI bodhi client does not work.
Does this help? I'm not a fedora project package contributor (yet), but I found:
"From here your update is in a 'Pending' state. When you are satisfied with the details of your update, you then must chose to "Push to Testing" or "Push to Stable"."
Looks like progress is also being made on F11 update: http://koji.fedoraproject.org/koji/packageinfo?packageID=4002
Thanks, Chris. Kevin Kofler mentioned to me that all the bodhi functions should be available via the web interface, as implied in the link Chris posted.
It looks like there was a bodhi malfunction here. Luke Macken is going to push this back to testing and investigate why it regressed. We ought to get a message here when it hits, then as testers we can provide the karma it needs to get out to updates.
Tor 0.2.0.35 is released. Changes in version 0.2.0.35 - 2009-06-24
o Security fix:
- Avoid crashing in the presence of certain malformed descriptors.
Found by lark, and by automated fuzzing.
- Fix an edge case where a malicious exit relay could convince a
controller that the client's DNS question resolves to an internal IP
address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.
[*duck and cover*] :-)
tor-0.2.0.35-1.fc11 has been submitted as an update for Fedora 11.
tor-0.2.0.35-1.fc10 has been submitted as an update for Fedora 10.
tor-0.2.0.35-1.fc9 has been submitted as an update for Fedora 9.
Dang, that was fast! Nice! Thanks!
tor-0.2.0.35-1.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update tor'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-7061
tor-0.2.0.35-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
tor-0.2.0.35-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
Cool, it looks like bodhi is working again. Thanks Enrico!
tor-0.2.0.35-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.