FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0b9f4b5e-5d82-11e7-85df-14dae9d5a9d2tor -- security regression

The Tor Project reports:

Tor 0.3.0.9 fixes a path selection bug that would allow a client to use a guard that was in the same network family as a chosen exit relay. This is a security regression; all clients running earlier versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or 0.3.1.4-alpha.


Discovery 2017-06-29
Entry 2017-06-30
tor
< 0.3.0.9

tor-devel
< 0.3.1.4.a

https://blog.torproject.org/blog/tor-0309-released-security-update-clients
https://blog.torproject.org/blog/tor-0314-alpha-released-security-update-clients
https://lists.torproject.org/pipermail/tor-announce/2017-June/000133.html
CVE-2017-0377
5d1e4f6a-ee4f-11ec-86c2-485b3931c969Tor - Unspecified high severity vulnerability

Tor organization reports:

TROVE-2022-001


Discovery 2022-06-14
Entry 2022-06-17
tor
< 0.4.7.8

https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE
847f16e5-9406-11ed-a925-3065ec8fd3ecsecurity/tor -- SOCKS4(a) inversion bug

The Tor Project reports:

TROVE-2022-002: The SafeSocks option for SOCKS4(a) is inverted leading to SOCKS4 going through

This is a report from hackerone:

We have classified this as medium considering that tor was not defending in-depth for dangerous SOCKS request and so any user relying on SafeSocks 1 to make sure they don't link DNS leak and their Tor traffic wasn't safe afterall for SOCKS4(a). Tor Browser doesn't use SafeSocks 1 and SOCKS4 so at least the likely vast majority of users are not affected.


Discovery 2023-01-12
Entry 2023-01-14
tor
< 0.4.7.13

https://hackerone.com/bugs?subject=torproject&report_id=1784589
https://gitlab.torproject.org/tpo/core/tor/-/issues/40730
36ef8753-d86f-11e7-ad28-0025908740c2tor -- Use-after-free in onion service v2

The Torproject.org reports:

  • TROVE-2017-009: Replay-cache ineffective for v2 onion services
  • TROVE-2017-010: Remote DoS attack against directory authorities
  • TROVE-2017-011: An attacker can make Tor ask for a password
  • TROVE-2017-012: Relays can pick themselves in a circuit path
  • TROVE-2017-013: Use-after-free in onion service v2

Discovery 2017-12-01
Entry 2017-12-14
tor
< 0.3.1.9

https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
CVE-2017-8819