Problems while searching for a new upstream version
high
uscan had problems while searching for a new upstream version:
In watchfile debian/watch, reading webpage
http://dist.torproject.org/ failed: 500 Can't connect to dist.torproject.org:443
Standards version of the package is outdated.
high
The package is severely out of date with respect to the Debian Policy.The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.3.0 instead of
3.9.8).
Depends on packages which need a new maintainer
normal
The packages that tor depends on which need a new maintainer are:
CVE-2017-11565: debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the specific pathname would remain the same forever), which allows attackers to bypass intended AppArmor restrictions by leveraging the silent loss of this protection mechanism. NOTE: this does not affect systems, such as default Debian stretch installations, on which Tor startup relies on a systemd unit file (instead of this tor.init script).
![[bug history graph]](https://qa.debian.org/data/bts/graphs/t/tor.png){kind=link}