Delivery-Date: Fri, 12 Feb 2016 14:38:15 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 2DE721E0B25;
	Fri, 12 Feb 2016 14:38:14 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id E3A1838A5C;
	Fri, 12 Feb 2016 19:38:09 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 0C945386E1
 for <tor-talk@lists.torproject.org>; Fri, 12 Feb 2016 19:38:06 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id VgOXJxSg7M0l for <tor-talk@lists.torproject.org>;
 Fri, 12 Feb 2016 19:38:05 +0000 (UTC)
Received: from mail-lf0-x22e.google.com (mail-lf0-x22e.google.com
 [IPv6:2a00:1450:4010:c07::22e])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id A20B220EE9
 for <tor-talk@lists.torproject.org>; Fri, 12 Feb 2016 19:38:05 +0000 (UTC)
Received: by mail-lf0-x22e.google.com with SMTP id j78so57985543lfb.1
 for <tor-talk@lists.torproject.org>; Fri, 12 Feb 2016 11:38:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=dvVy8650WJrmj96GFKCkA0EJ50vszSMwS00K2wgwgus=;
 b=CweH34ZBkgSw/FnTf4Jd1AArV5D8Z7e7x1tjVPFBUhQbOn57tAc5QyB6/0WEGkEQSA
 yc7us1xJx2llNeyS5ycwoiBp0x3Ect5zdh59la6vj4IWWR3M/8QBYvnJEOJJgzmrqEU/
 HVOrnmiFrOLDxUy9J1WXbrsFLSlAObfS1ry6u/2vlrOmNZ2BCtBNVCoq40RqB3GDA/Xp
 B0VfSLAqrkM75FgI+W6B7Nwq1TLPyo0sklRv4rmlkpJyAodRiK1juiOacA9SP6iUPmWV
 VtNofGMrj47Gr5amaJu7PkUSGTBb4hh0KOK4xPLYUnyCb38TIbxQoiwUEJiRd5GmSHZG
 QDZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:content-type;
 bh=dvVy8650WJrmj96GFKCkA0EJ50vszSMwS00K2wgwgus=;
 b=Qo4FgeNV6q0qVfqb1lM6QAZ+iTcs4FAx0aMWL19l22Q/l12YR7NKkf65Afb7AdFhoO
 acz+xwzDVxcZhaFGEf01+NOsSHnqZ3zujCWC5HbKraiFDzB0L5/D9+T/OHb9VZXGevOt
 SPa+N84D9/ESbEnCC6YfDQTZXtGhjRzS3Ybowc8cZq0EAmsHyRnR8MqmH8fWDcdaFND2
 6Tflg4ooFTMo2I/yBdZ/57DWXfa8N5+bRqf3tSQ8AJprsazKUTNBPMCpH2G7myviuqf6
 dO3x92pjK+pQ1S9mBSCmkVvr3nW94XpX3fKyvfLvcLmxjDZ4WwvGovjqm4OCubPXFpa0
 emRw==
X-Gm-Message-State: AG10YOSsGC5Gf6mvGdgVSvJ4qLXp2bhRe+RlkkWG3hDPf7wHfAvLgiRf4YLhYbCv0qRW90mwPPN7K4JcyNhIXw==
MIME-Version: 1.0
X-Received: by 10.25.150.7 with SMTP id y7mr1391493lfd.155.1455305882543; Fri,
 12 Feb 2016 11:38:02 -0800 (PST)
Received: by 10.112.50.179 with HTTP; Fri, 12 Feb 2016 11:38:02 -0800 (PST)
In-Reply-To: <56BD7E7D.7000903@torproject.org>
References: <1639231455258005@web3h.yandex.ru>
 <56BD7E7D.7000903@torproject.org>
Date: Fri, 12 Feb 2016 14:38:02 -0500
Message-ID: <CAJ5w9HXj1x+NDNomfgOgNQ+qDkiNnMsaWRaM2KsK4rCpWrogDg@mail.gmail.com>
From: Soul Plane <soulplane11@gmail.com>
To: tor-talk@lists.torproject.org
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] Is Tor Browser 5.5.1 vulnerable to any of the
 graphite font vulnerabilities?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Fri, Feb 12, 2016 at 1:41 AM, Georg Koppen <gk@torproject.org> wrote:

> Cain Ungothep:
> >> I would
> >> like to know if Tor Browser 5.5.1 is vulnerable. Thanks
> >
> > Looks like it is:
> >
> >
> https://gitweb.torproject.org/builders/tor-browser-bundle.git/commit/?id=7a36dbece35a307675f396a019dccf6e431efb44
> >
> > That build corresponds to a branch which includes the commit that
> > supposedly fixed bug 1246093, and this commit was only pushed less than
> > 48 hours ago.
>
> Indeed. We plan to get at least a new stable version (5.5.2) out today
> which is based on Firefox ESR 38.6.1. Mozilla released 38.6.1 just to
> address the Graphite vulnerabilities.
>


Thanks, I have downloaded version 5.5.2.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

