From owner-svn-ports-all@FreeBSD.ORG Wed Jul 30 20:54:22 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A9D7A955; Wed, 30 Jul 2014 20:54:22 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7E06D2463; Wed, 30 Jul 2014 20:54:22 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s6UKsMPR033848; Wed, 30 Jul 2014 20:54:22 GMT (envelope-from cs@svn.freebsd.org) Received: (from cs@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id s6UKsM9Z033847; Wed, 30 Jul 2014 20:54:22 GMT (envelope-from cs@svn.freebsd.org) Message-Id: <201407302054.s6UKsM9Z033847@svn.freebsd.org> From: Carlo Strub Date: Wed, 30 Jul 2014 20:54:22 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r363515 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2014 20:54:22 -0000 Author: cs Date: Wed Jul 30 20:54:21 2014 New Revision: 363515 URL: http://svnweb.freebsd.org/changeset/ports/363515 QAT: https://qat.redports.org/buildarchive/r363515/ Log: tor -- traffic confirmation attack Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Jul 30 20:26:21 2014 (r363514) +++ head/security/vuxml/vuln.xml Wed Jul 30 20:54:21 2014 (r363515) @@ -57,6 +57,42 @@ Notes: --> + + tor -- traffic confirmation attack + + + tor + 0.2.4.23 + + + tor-devel + 0.2.5.6.a + + + + +

The Tor Project reports:

+
Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a + circuit after an inbound RELAY_EARLY cell is received by a client, + which makes it easier for remote attackers to conduct + traffic-confirmation attacks by using the pattern of RELAY and + RELAY_EARLY cells as a means of communicating information about + hidden service names.
+

+ + + + https://lists.torproject.org/pipermail/tor-announce/2014-July/000094.html + https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack + CVE-2014-5117 + + + 2014-07-30 + 2014-07-30 + + + i2p -- Multiple Vulnerabilities