Information on source package tor

Available versions

ReleaseVersion
jessie (security)0.2.5.16-1
stretch0.2.9.16-1
stretch (security)0.2.9.15-1
buster0.3.5.8-1
bullseye0.4.0.5-2
sid0.4.0.5-2

Open issues

BugjessiestretchbusterbullseyesidDescription
CVE-2017-11565fixedvulnerable (no DSA)fixedfixedfixeddebian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor wa ...

Open unimportant issues

BugjessiestretchbusterbullseyesidDescription
CVE-2009-0654vulnerablevulnerablevulnerablevulnerablevulnerableTor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attacke ...
CVE-2007-1103vulnerablevulnerablevulnerablevulnerablevulnerableTor does not verify a node's uptime and bandwidth advertisements, whic ...
CVE-2006-6893vulnerablevulnerablevulnerablevulnerablevulnerableTor allows remote attackers to discover the IP address of a hidden ser ...

Resolved issues

BugDescription
TEMP-0000000-BBBF43Crypto weakness in Tor's handshaking process
TEMP-0000000-3F0E00tor insufficient authentication on control port
CVE-2019-8955In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5. ...
CVE-2018-0491A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. ...
CVE-2018-0490An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.1 ...
CVE-2017-8823In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 bef ...
CVE-2017-8822In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 bef ...
CVE-2017-8821In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 bef ...
CVE-2017-8820In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 bef ...
CVE-2017-8819In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 bef ...
CVE-2017-0380The rend_service_intro_established function in or/rendservice.c in Tor ...
CVE-2017-0377Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only con ...
CVE-2017-0376The hidden-service feature in Tor before 0.3.0.8 allows a denial of se ...
CVE-2017-0375The hidden-service feature in Tor before 0.3.0.8 allows a denial of se ...
CVE-2016-8860Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal funct ...
CVE-2016-1254Tor before 0.2.8.12 might allow remote attackers to cause a denial of ...
CVE-2015-2929Dos against tor client; client to crash with an assertion failure
CVE-2015-2928DoS against hidden services
CVE-2015-2689Assertion failure in dns.c, possibly connected to UDP DoS attack
CVE-2015-2688relay could crash with an assertion
CVE-2014-5117Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit ...
CVE-2013-7295Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a ce ...
CVE-2012-5573The connection_edge_process_relay_cell function in or/relay.c in Tor b ...
CVE-2012-4922The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0 ...
CVE-2012-4419The compare_tor_addr_to_addr_policy function in or/policies.c in Tor b ...
CVE-2012-3519routerlist.c in Tor before 0.2.2.38 uses a different amount of time fo ...
CVE-2012-3518The networkstatus_parse_vote_from_string function in routerparse.c in ...
CVE-2012-3517Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might all ...
CVE-2012-2250Tor before 0.2.3.24-rc allows remote attackers to cause a denial of se ...
CVE-2012-2249Tor before 0.2.3.23-rc allows remote attackers to cause a denial of se ...
CVE-2011-4897Tor before 0.2.2.25-alpha, when configured as a relay without the Nick ...
CVE-2011-4896Tor before 0.2.2.24-alpha continues to use a reachable bridge that was ...
CVE-2011-4895Tor before 0.2.2.34, when configured as a bridge, sets up circuits thr ...
CVE-2011-4894Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort ...
CVE-2011-2778Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remo ...
CVE-2011-2769Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE a ...
CVE-2011-2768Tor before 0.2.2.34, when configured as a client or bridge, sends a TL ...
CVE-2011-1924Buffer overflow in the policy_summarize function in or/policies.c in T ...
CVE-2011-0493Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow remo ...
CVE-2011-0492Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote at ...
CVE-2011-0491The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2 ...
CVE-2011-0490Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to L ...
CVE-2011-0427Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0 ...
CVE-2011-0016Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properl ...
CVE-2011-0015Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properl ...
CVE-2010-1676Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0 ...
CVE-2010-0385Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functionin ...
CVE-2010-0384Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirr ...
CVE-2010-0383Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated ...
CVE-2009-2426The connection_edge_process_relay_cell_not_open function in src/or/rel ...
CVE-2009-2425Tor before 0.2.0.35 allows remote attackers to cause a denial of servi ...
CVE-2009-0939Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which h ...
CVE-2009-0938Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirr ...
CVE-2009-0937Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirr ...
CVE-2009-0936Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to c ...
CVE-2009-0414Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impac ...
CVE-2008-5398Tor before 0.2.0.32 does not properly process the ClientDNSRejectInter ...
CVE-2008-5397Tor before 0.2.0.32 does not properly process the (1) User and (2) Gro ...
CVE-2007-4174Tor before 0.1.2.16, when ControlPort is enabled, does not properly re ...
CVE-2007-4099Tor before 0.1.2.15 can select a guard node beyond the first listed ne ...
CVE-2007-4098Tor before 0.1.2.15 does not properly distinguish "streamids from diff ...
CVE-2007-4097Tor before 0.1.2.15 sends "destroy cells" containing the reason for te ...
CVE-2007-4096Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, a ...
CVE-2007-3165Tor before 0.1.2.14 can construct circuits in which an entry guard is ...
CVE-2006-4508Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and 0.1.1 ...
CVE-2006-3419Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_byte ...
CVE-2006-3418Tor before 0.1.1.20 does not validate that a server descriptor's finge ...
CVE-2006-3417Tor client before 0.1.1.20 prefers entry points based on is_fast or is ...
CVE-2006-3416
CVE-2006-3415Tor before 0.1.1.20 uses improper logic to validate the "OR" destinati ...
CVE-2006-3414Tor before 0.1.1.20 supports server descriptors that contain hostnames ...
CVE-2006-3413The privoxy configuration file in Tor before 0.1.1.20, when run on App ...
CVE-2006-3412Tor before 0.1.1.20 does not sufficiently obey certain firewall option ...
CVE-2006-3411TLS handshakes in Tor before 0.1.1.20 generate public-private keys bas ...
CVE-2006-3410Tor before 0.1.1.20 creates "internal circuits" primarily consisting o ...
CVE-2006-3409Integer overflow in Tor before 0.1.1.20 allows remote attackers to exe ...
CVE-2006-3408Unspecified vulnerability in the directory server (dirserver) in Tor b ...
CVE-2006-3407Tor before 0.1.1.20 allows remote attackers to spoof log entries or po ...
CVE-2006-0414Tor before 0.1.1.20 allows remote attackers to identify hidden service ...
CVE-2005-2643Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and ...
CVE-2005-2050Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers t ...

Security announcements

DSA / DLADescription
DSA-4183-1tor - security update
DSA-4054-1tor - security update
DSA-4054-1tor - security update
DSA-3993-1tor - security update
DSA-3877-1tor - security update
DSA-3877-1tor - security update
DLA-982-1tor - security update
DSA-3741-1tor - security update
DLA-754-1tor - security update
DSA-3694-1tor - security update
DLA-663-1tor - security update
DSA-3216-1tor - security update
DLA-187-1tor - security update
DSA-3203-1tor - security update
DLA-178-1tor - security update
DSA-2993-1tor - security update
DLA-17-1tor - new upstream version
DSA-2548-1tor - several
DSA-2363-1tor - buffer overflow
DSA-2363-1tor - buffer overflow
DSA-2331-1tor - several
DSA-2331-1tor - several
DSA-2148-1tor - several
DSA-2136-1tor - potential code execution

Search for package or bug name: Reporting problems