219863 – security/tor: Update to 0.3.0.8 (Security fixes)

Bug 219863 - security/tor: Update to 0.3.0.8 (Security fixes)

Summary: security/tor: Update to 0.3.0.8 (Security fixes)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Many People
Assignee:	Kurt Jaeger

URL:	https://lists.torproject.org/pipermai...
Keywords:	security

Depends on:
Blocks:

Reported:	2017-06-08 15:42 UTC by nusenu
Modified:	2017-07-25 18:35 UTC (History)
CC List:	3 users (show)

See Also:	219864

Flags:	koobs: maintainer-feedback+ pi: merge-quarterly+

Attachments
patch (836 bytes, patch) 2017-06-08 22:32 UTC, Yuri Victorovich	yuri: maintainer-approval+	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description nusenu 2017-06-08 15:42:55 UTC

0.3.0.8 fixes two remote DoS vulnerabilities related to hidden services:

https://lists.torproject.org/pipermail/tor-talk/2017-June/043244.html

CVEs: 
CVE-2017-0375, CVE-2017-0376

https://dist.torproject.org/tor-0.3.0.8.tar.gz

Comment 1 Yuri Victorovich freebsd_committer

2017-06-08 22:32:54 UTC

Created attachment 183336 [details]
patch

Builds in poudriere.

Comment 2 FStl 2017-06-10 15:04:08 UTC

Please also update the tor version in the 2017Q2 branch from 0.2.9.10 to 0.2.9.11 since that is affected by the same security issue.

Comment 3 Yuri Victorovich freebsd_committer

2017-06-10 21:09:07 UTC

+1

Comment 4 Kubilay Kocak freebsd_committer

2017-06-13 09:40:10 UTC

@Yuri Please confirm QA pass in this and bug 219864

Comment 5 Kubilay Kocak freebsd_committer

2017-06-13 09:59:35 UTC

Has QA confirmation (comment 1)

Comment 6 Kubilay Kocak freebsd_committer

2017-06-14 13:27:21 UTC

Jan has this in progress.

Commit, VuXML & MFH pending

Comment 7 Kubilay Kocak freebsd_committer

2017-06-14 13:28:58 UTC

Oops, I meant Kurt :)

Comment 8 commit-hook freebsd_committer

2017-06-14 19:01:23 UTC

A commit references this bug:

Author: pi
Date: Wed Jun 14 19:00:27 UTC 2017
New revision: 443596
URL: https://svnweb.freebsd.org/changeset/ports/443596

Log:
  security/tor: update 0.3.0.7 -> 0.3.0.8

  PR:		219863
  Submitted by:	Yuri Victorovich <yuri@rawbw.com> (maintainer)
  MFH:		2017Q2
  Relnotes:	https://gitweb.torproject.org/tor.git/plain/ReleaseNotes?id=tor-0.3.0.8
  Security:	CVE-2017-0375, CVE-2017-0376

Changes:
  head/security/tor/Makefile
  head/security/tor/distinfo

Comment 9 commit-hook freebsd_committer

2017-06-16 07:00:43 UTC

A commit references this bug:

Author: pi
Date: Fri Jun 16 06:59:32 UTC 2017
New revision: 443669
URL: https://svnweb.freebsd.org/changeset/ports/443669

Log:
  security/tor: update 0.2.9.10 -> 0.3.0.8

  PR:		219246, 219863
  Submitted by:	Yuri Victorovich <yuri@rawbw.com> (maintainer)
  Approved by:	ports-secteam (miwi, feld)
  MFH:		2017Q2
  Relnotes:	https://gitweb.torproject.org/tor.git/tree/ChangeLog
  Security:	TROVE-2017-002, CVE-2017-0375, CVE-2017-0376

Changes:
  branches/2017Q2/security/tor/Makefile
  branches/2017Q2/security/tor/distinfo
  branches/2017Q2/security/tor/pkg-descr
  branches/2017Q2/security/tor/pkg-plist