From 76bf91fa1af834806e22314e148813644345795b Mon Sep 17 00:00:00 2001 From: mh Date: Dec 03 2017 16:57:52 +0000 Subject: update to upstream release 0.3.1.9. Fixes: * CVE-2017-8819: Replay-cache ineffective for v2 onion services * CVE-2017-8820: Remote DoS attack against directory authorities * CVE-2017-8821: An attacker can make Tor ask for a password * CVE-2017-8822: Relays can pick themselves in a circuit path * CVE-2017-8823: Use-after-free in onion service v2 --- diff --git a/sources b/sources index 4f5227c..b942af7 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (tor-0.3.1.8.tar.gz) = 0c2d5f6e444815f0812b0f8bb2102f2013c890375cf20b62025d0704e8ee7742bbf7173764795e3e63606a47d0695a5a982c318c55a30ca50600eb6de5b94b16 -SHA512 (tor-0.3.1.8.tar.gz.asc) = d97f0776e3e90b0d101a3eb7c35d305c0a93500a0fcc037c3d3f3cfcdf0ee79ff9e8d86fbdc6d60f9f6fbbe842c3abafbca43deaab33d729f1f8279485e4be2a +SHA512 (tor-0.3.1.9.tar.gz) = c22557251272595c65b2fade485020d76de16f5bb826d4a47d7bd093b7336dad42e8e2b8a3e0c56d9a10e62f0a5b1596c4b10cd578bf6da17f058f3d4e356f66 +SHA512 (tor-0.3.1.9.tar.gz.asc) = d786c7d6f6eefe206ee2e4f0a70874ae329c8168be64e9586c85cb0e7fed871d0d07718efe1503a6a3e05092a962d3c134b3d6098104dc9efae239e116c739c6 diff --git a/tor.spec b/tor.spec index d54ac2e..81a6158 100644 --- a/tor.spec +++ b/tor.spec @@ -19,7 +19,7 @@ %endif Name: tor -Version: 0.3.1.8 +Version: 0.3.1.9 Release: 1%{?dist} Group: System Environment/Daemons License: BSD @@ -172,6 +172,14 @@ fi %changelog +* Sun Dec 03 2017 Marcel Härry - 0.3.1.9-1 +- update to upstream release 0.3.1.9. Fixes: +- CVE-2017-8819: Replay-cache ineffective for v2 onion services +- CVE-2017-8820: Remote DoS attack against directory authorities +- CVE-2017-8821: An attacker can make Tor ask for a password +- CVE-2017-8822: Relays can pick themselves in a circuit path +- CVE-2017-8823: Use-after-free in onion service v2 + * Wed Oct 25 2017 Marcel Härry - 0.3.1.8-1 - update to upstream release 0.3.1.8