1
Candidate: CVE-2012-3518
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3518
5
https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html
6
https://trac.torproject.org/projects/tor/ticket/6530
8
The networkstatus_parse_vote_from_string function in routerparse.c in Tor
9
before 0.2.2.38 does not properly handle an invalid flavor name, which
10
allows remote attackers to cause a denial of service (out-of-bounds read
11
and daemon crash) via a crafted (1) vote document or (2) consensus
15
sbeattie> may have been introduced in 0.2.2.6-alpha
17
https://bugzilla.novell.com/show_bug.cgi?id=776642
23
upstream: https://gitweb.torproject.org/tor.git/commitdiff/57e35ad3d91724882c345ac709666a551a977f0f
24
upstream: https://gitweb.torproject.org/tor.git/commitdiff/55f635745afacefffdaafc72cc176ca7ab817546
25
upstream_tor: released (0.2.2.38)
26
hardy_tor: ignored (reached end-of-life)
28
natty_tor: ignored (reached end-of-life)
29
oneiric_tor: ignored (reached end-of-life)
30
precise_tor: ignored (reached end-of-life)
31
precise/esm_tor: DNE (precise was needed)
32
quantal_tor: released (0.2.3.22-rc-1)
33
raring_tor: released (0.2.3.22-rc-1)
34
saucy_tor: released (0.2.3.22-rc-1)
35
trusty_tor: released (0.2.3.22-rc-1)
36
utopic_tor: released (0.2.3.22-rc-1)
37
vivid_tor: released (0.2.3.22-rc-1)
38
vivid/stable-phone-overlay_tor: DNE
39
vivid/ubuntu-core_tor: DNE
40
wily_tor: released (0.2.3.22-rc-1)
41
xenial_tor: released (0.2.3.22-rc-1)
42
yakkety_tor: released (0.2.3.22-rc-1)
43
zesty_tor: released (0.2.3.22-rc-1)
44
devel_tor: released (0.2.3.22-rc-1)