https://bugzilla.novell.com/show_bug.cgi?id=780620 https://bugzilla.novell.com/show_bug.cgi?id=780620#c7 --- Comment #7 from Andreas Stieger <Andreas.Stieger@gmx.de> 2012-09-17 13:33:25 UTC --- Fix for CVE-2012-4922 is actually included in the updated package, the information was not available to me at the time of the report. I will submit an updated package with CVEs lining up in the change log as follows: o Security fixes: - Fix an assertion failure in tor_timegm() that could be triggered by a badly formatted directory object. Bug found by fuzzing with Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc. CVE-2012-4922 - Do not crash when comparing an address with port value 0 to an address policy. This bug could have been used to cause a remote assertion failure by or against directory authorities, or to allow some applications to crash clients. Fixes bug 6690; bugfix on 0.2.1.10-alpha. CVE-2012-4419 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.