update to upstream release 0.3.1.9.
Fixes:
* CVE-2017-8819: Replay-cache ineffective for v2 onion services
* CVE-2017-8820: Remote DoS attack against directory authorities
* CVE-2017-8821: An attacker can make Tor ask for a password
* CVE-2017-8822: Relays can pick themselves in a circuit path
* CVE-2017-8823: Use-after-free in onion service v2