Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

torbrowser: 6.0.6 -> 6.0.7 #20831

Merged
merged 1 commit into from
Dec 1, 2016
Merged

torbrowser: 6.0.6 -> 6.0.7 #20831

merged 1 commit into from
Dec 1, 2016
+3 −3

Conversation

mbbx6spp
Copy link
Contributor

@mbbx6spp mbbx6spp commented Dec 1, 2016

Motivation for this change

Security update to Tor Browser released last night, addressing vulnerability that is known to affect Windows. While no known Linux exploits are known it is prudent to keep up to date.

Things done
  • Tested using sandboxing
    (nix.useSandbox on NixOS,
    or option build-use-sandbox in nix.conf
    on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

Sorry, something went wrong.

@mbbx6spp
torbrowser: 6.0.6 -> 6.0.7

Verified

This commit was signed with the committer’s verified signature. The key has expired.
grahamc Graham Christensen
GPG key ID: ACA1C1D120C83D5C
Expired
Verified
Learn about vigilant mode
75cdbf4
@mention-bot
Copy link

@mbbx6spp, thanks for your PR! By analyzing the history of the files in this pull request, we identified @joachifm, @offlinehacker and @jgillich to be potential reviewers.

@7c6f434c 7c6f434c merged commit 0fe7d32 into NixOS:master Dec 1, 2016
@7c6f434c
Copy link
Member

7c6f434c commented Dec 1, 2016

As far as I understood, the Windows exploit would be applicable to Linux if the original authors could be bothered to write the second payload. The exploit may even exist in the wild, just at smaller scale…

@grahamc
Copy link
Member

grahamc commented Dec 1, 2016

Backporting.

@grahamc grahamc added 1.severity: security Issues which raise a security issue, or PRs that fix one 9.needs: port to stable A PR needs a backport to the stable release. labels Dec 1, 2016
@grahamc
Copy link
Member

grahamc commented Dec 1, 2016

805022c

@samueldr samueldr removed the 9.needs: port to stable A PR needs a backport to the stable release. label Apr 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@mbbx6spp @mention-bot @7c6f434c @grahamc @samueldr