blob: 4e159e4c9fb4c8e3dc15cd1fd54d2bc16ce6794d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
<define-tag description>LTS security update</define-tag>
<define-tag moreinfo>
<p>The Tor version previously in Debian squeeze, 0.2.2.39, is no longer
supported by upstream.</p>
<p>This update brings the currently stable version of Tor, 0.2.4.23, to
Debian squeeze.</p>
<p>Changes include use of stronger cryptographic primitives, always
clearing bignums before freeing them to avoid leaving key material in
memory, mitigating several linkability vectors such as by disabling
client-side DNS caches, blacklisting authority signing keys potentially
compromised due to heartbleed, updating the list of directory
authorities, and much more.</p>
<p>We recommend that you upgrade your tor packages.</p>
<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in tor version 0.2.4.23-1~deb6u1</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/lts/security/2014/dla-17.data"
# $Id$
|
