[e-privacy] Tor 0.2.1.28 - fix di sicurezza

[Marco A. Calamari]

-------- Forwarded Message --------
From: Roger Dingledine <arma at mit.edu>
To: or-announce at torproject.org
Subject: Tor 0.2.1.28 is released (security patches)
Date: Mon, 20 Dec 2010 08:58:30 -0500

Tor 0.2.1.28 does some code cleanup to reduce the risk of remotely
exploitable bugs. Thanks to Willem Pinckaers for notifying us of the
issue. The Common Vulnerabilities and Exposures project has assigned
CVE-2010-1676 to this issue.

We also took this opportunity to change the IP address for one of our
directory authorities, and to update the geoip database we ship.

All Tor users should upgrade.

https://www.torproject.org/download/download

Changes in version 0.2.1.28 - 2010-12-17
  o Major bugfixes:
    - Fix a remotely exploitable bug that could be used to crash instances
      of Tor remotely by overflowing on the heap. Remote-code execution
      hasn't been confirmed, but can't be ruled out. Everyone should
      upgrade. Bugfix on the 0.1.1 series and later.

  o Directory authority changes:
    - Change IP address and ports for gabelmoo (v3 directory authority).

  o Minor features:
    - Update to the December 1 2010 Maxmind GeoLite Country database.

------------------------------------------------------------------------

This is the Tor announcements list. If you want to unsubscribe, send
mail to majordomo at seul.org with "unsubscribe or-announce" as your message.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.winstonsmith.org/pipermail/e-privacy/attachments/20101221/10b53718/attachment.pgp>