[Git][security-tracker-team/security-tracker][master] tor DSA

Sun Apr 5 21:55:15 BST 2026


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7c31d634 by Moritz Mühlenhoff at 2026-04-05T22:54:51+02:00
tor DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,8 +1,12 @@
 CVE-2026-XXXX [TROVE-2026-004]
 	- tor 0.4.9.6-1
+	[trixie] - tor 0.4.9.6-0+deb13u1
+	[bookworm] - tor 0.4.9.6-0+deb12u1
 	NOTE: https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.9/ReleaseNotes
 CVE-2025-XXXX [TROVE-2025-015]
 	- tor 0.4.8.22-1
+	[trixie] - tor 0.4.9.6-0+deb13u1
+	[bookworm] - tor 0.4.9.6-0+deb12u1
 	NOTE: https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.9/ReleaseNotes
 CVE-2026-XXXX [Local unprivileged user can trigger an assert in systemd]
 	- systemd 260.1-1
@@ -80354,8 +80358,8 @@ CVE-2025-50255 (Cross Site Request Forgery (CSRF) vulnerability in Smartvista Ba
 	NOT-FOR-US: Smartvista BackOffice SmartVista Suite
 CVE-2025-4444 (A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Im ...)
 	- tor 0.4.8.21-1 (bug #1115744)
-	[trixie] - tor <no-dsa> (Minor issue)
-	[bookworm] - tor <no-dsa> (Minor issue)
+	[trixie] - tor 0.4.9.6-0+deb13u1
+	[bookworm] - tor 0.4.9.6-0+deb12u1
 	[bullseye] - tor <end-of-life> (see DSA 5562)
 	NOTE: https://github.com/chunmianwang/Tordos
 	NOTE: https://forum.torproject.org/t/alpha-and-stable-release-0-4-8-18-and-0-4-9-3-alpha/20578


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[05 Apr 2026] DSA-6200-1 tor - security update
+	[bookworm] - tor 0.4.9.6-0+deb12u1
+	[trixie] - tor 0.4.9.6-0+deb13u1
 [05 Apr 2026] DSA-6199-1 trafficserver - security update
 	{CVE-2025-58136 CVE-2025-65114}
 	[bookworm] - trafficserver 9.2.5+ds-0+deb12u4


=====================================
data/dsa-needed.txt
=====================================
@@ -95,7 +95,5 @@ systemd
 --
 tiff
 --
-tor (jmm)
---
 webkit2gtk (berto)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c31d634f86f2aa2006ed4b5cf813317ffb77f89

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7c31d634f86f2aa2006ed4b5cf813317ffb77f89
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260405/ade83252/attachment.htm>
