Changes between Version 70 and Version 71 of TROVE


Ignore:
Timestamp:
Dec 4, 2017, 12:27:32 PM (12 days ago)
Author:
weasel
Comment:

link tracker.

Legend:

Unmodified
Added
Removed
Modified
  • TROVE

    v70 v71  
    1616|| TROVE-2017-007 || #22789 || Medium || 0.2.3.8-alpha || 0.3.0.10, 0.3.1.5-alpha, ''0.2.5.15'', 0.2.8.15, 0.2.9.12 || Remote assertion failure on openbsd || || ||
    1717|| TROVE-2017-008 || #23490 || Medium || 0.2.7.2-alpha || 0.2.8.15, 0.2.9.12, 0.3.0.11, 0.3.1.7 || Stack disclosure in hidden services logs when SafeLogging disabled || CVE-2017-0380 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-0380 tracker], [https://bugs.debian.org/876221 #876221])  ||
    18 || TROVE-2017-009 || #24244 || Medium || 0.2.4 and later || 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha || Replay-cache ineffective for v2 onion services. || CVE-2017-8819 ||
    19 || TROVE-2017-010 || #24245 || Medium || 0.2.9 and later || 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha || Remote DoS attack against directory authorities || CVE-2017-8820 ||
    20 || TROVE-2017-011 || #24246 || High || all Tor versions || 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha || An attacker can make Tor ask for a password || CVE-2017-8821 ||
    21 || TROVE-2017-012 || #24333 || Medium || 0.2.5 and later || 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha || Relays can pick themselves in a circuit path || CVE-2017-8822 ||
    22 || TROVE-2017-013 || #24430 || High || 0.2.7 and later || 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha || Use-after-free in onion service v2 || CVE-2017-8823 ||
     18|| TROVE-2017-009 || #24244 || Medium || 0.2.4 and later || 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha || Replay-cache ineffective for v2 onion services. || CVE-2017-8819 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-8819 tracker] )
     19|| TROVE-2017-010 || #24245 || Medium || 0.2.9 and later || 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha || Remote DoS attack against directory authorities || CVE-2017-8820 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-8820 tracker] )
     20|| TROVE-2017-011 || #24246 || High || all Tor versions || 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha || An attacker can make Tor ask for a password || CVE-2017-8821 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-8821 tracker] )
     21|| TROVE-2017-012 || #24333 || Medium || 0.2.5 and later || 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha || Relays can pick themselves in a circuit path || CVE-2017-8822 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-8822 tracker] )
     22|| TROVE-2017-013 || #24430 || High || 0.2.7 and later || 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, 0.3.2.6-alpha || Use-after-free in onion service v2 || CVE-2017-8823 || (Debian: [https://security-tracker.debian.org/tracker/CVE-2017-8823 tracker] )
    2323
    2424Remember: please get CVE-Ids for everything of severity Medium or higher.  To get a CVE-Id, email weasel with a short description of the issue.