Information on source package tor

Available versions

ReleaseVersion
squeeze (security)0.2.2.39-1
squeeze (lts)0.2.4.27-1~deb6u1
wheezy0.2.4.24-1
wheezy (security)0.2.4.27-1
jessie0.2.5.12-1
stretch0.2.5.12-1
sid0.2.6.8-4

Open unimportant issues

BugsqueezewheezyjessiestretchsidDescription
CVE-2009-0654vulnerablevulnerablevulnerablevulnerablevulnerableTor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote ...
CVE-2007-1103vulnerablevulnerablevulnerablevulnerablevulnerableTor does not verify a node's uptime and bandwidth advertisements, ...
CVE-2006-6893vulnerablevulnerablevulnerablevulnerablevulnerableTor allows remote attackers to discover the IP address of a hidden ...

Resolved issues

BugDescription
TEMP-0000000-BBBF43Crypto weakness in Tor's handshaking process
TEMP-0000000-3F0E00tor insufficient authentication on control port
CVE-2015-2929Dos against tor client; client to crash with an assertion failure
CVE-2015-2928DoS against hidden services
CVE-2015-2689Assertion failure in dns.c, possibly connected to UDP DoS attack
CVE-2015-2688relay could crash with an assertion
CVE-2014-5117Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit ...
CVE-2013-7295Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a ...
CVE-2012-5573The connection_edge_process_relay_cell function in or/relay.c in Tor ...
CVE-2012-4922The tor_timegm function in common/util.c in Tor before 0.2.2.39, and ...
CVE-2012-4419The compare_tor_addr_to_addr_policy function in or/policies.c in Tor ...
CVE-2012-3519routerlist.c in Tor before 0.2.2.38 uses a different amount of time ...
CVE-2012-3518The networkstatus_parse_vote_from_string function in routerparse.c in ...
CVE-2012-3517Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might ...
CVE-2012-2250Tor before 0.2.3.24-rc allows remote attackers to cause a denial of ...
CVE-2012-2249Tor before 0.2.3.23-rc allows remote attackers to cause a denial of ...
CVE-2011-4897Tor before 0.2.2.25-alpha, when configured as a relay without the ...
CVE-2011-4896Tor before 0.2.2.24-alpha continues to use a reachable bridge that was ...
CVE-2011-4895Tor before 0.2.2.34, when configured as a bridge, sets up circuits ...
CVE-2011-4894Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort ...
CVE-2011-2778Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow ...
CVE-2011-2769Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE ...
CVE-2011-2768Tor before 0.2.2.34, when configured as a client or bridge, sends a ...
CVE-2011-1924Buffer overflow in the policy_summarize function in or/policies.c in ...
CVE-2011-0493Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow ...
CVE-2011-0492Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote ...
CVE-2011-0491The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before ...
CVE-2011-0490Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to ...
CVE-2011-0427Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before ...
CVE-2011-0016Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not ...
CVE-2011-0015Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not ...
CVE-2010-1676Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before ...
CVE-2010-0385Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when ...
CVE-2010-0384Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory ...
CVE-2010-0383Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated ...
CVE-2009-2426The connection_edge_process_relay_cell_not_open function in ...
CVE-2009-2425Tor before 0.2.0.35 allows remote attackers to cause a denial of ...
CVE-2009-0939Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which ...
CVE-2009-0938Unspecified vulnerability in Tor before 0.2.0.34 allows directory ...
CVE-2009-0937Unspecified vulnerability in Tor before 0.2.0.34 allows directory ...
CVE-2009-0936Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to ...
CVE-2009-0414Unspecified vulnerability in Tor before 0.2.0.33 has unspecified ...
CVE-2008-5398Tor before 0.2.0.32 does not properly process the ...
CVE-2008-5397Tor before 0.2.0.32 does not properly process the (1) User and (2) ...
CVE-2007-4174Tor before 0.1.2.16, when ControlPort is enabled, does not properly ...
CVE-2007-4099Tor before 0.1.2.15 can select a guard node beyond the first listed ...
CVE-2007-4098Tor before 0.1.2.15 does not properly distinguish "streamids from ...
CVE-2007-4097Tor before 0.1.2.15 sends "destroy cells" containing the reason for ...
CVE-2007-4096Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, ...
CVE-2007-3165Tor before 0.1.2.14 can construct circuits in which an entry guard is ...
CVE-2006-4508Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and ...
CVE-2006-3419Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes ...
CVE-2006-3418Tor before 0.1.1.20 does not validate that a server descriptor's ...
CVE-2006-3417Tor client before 0.1.1.20 prefers entry points based on is_fast or ...
CVE-2006-3416** DISPUTED ** ...
CVE-2006-3415Tor before 0.1.1.20 uses improper logic to validate the "OR" ...
CVE-2006-3414Tor before 0.1.1.20 supports server descriptors that contain hostnames ...
CVE-2006-3413The privoxy configuration file in Tor before 0.1.1.20, when run on ...
CVE-2006-3412Tor before 0.1.1.20 does not sufficiently obey certain firewall ...
CVE-2006-3411TLS handshakes in Tor before 0.1.1.20 generate public-private keys ...
CVE-2006-3410Tor before 0.1.1.20 creates "internal circuits" primarily consisting ...
CVE-2006-3409Integer overflow in Tor before 0.1.1.20 allows remote attackers to ...
CVE-2006-3408Unspecified vulnerability in the directory server (dirserver) in Tor ...
CVE-2006-3407Tor before 0.1.1.20 allows remote attackers to spoof log entries or ...
CVE-2006-0414Tor before 0.1.1.20 allows remote attackers to identify hidden ...
CVE-2005-2643Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and ...
CVE-2005-2050Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers ...

Security announcements

DSA / DLADescription
DSA-3216-1tor - security update
DLA-187-1tor - security update
DSA-3203-1tor - security update
DLA-178-1tor - security update
DSA-2993-1tor - security update
DLA-17-1tor - new upstream version
DSA-2548-1tor - several
DSA-2363-1tor - buffer overflow
DSA-2363-1tor - buffer overflow
DSA-2331-1tor - several
DSA-2331-1tor - several
DSA-2148-1tor - several
DSA-2136-1tor - potential code execution

Search for package or bug name: Reporting problems