tor - Debian Package Tracker

general

source: tor (main)
version: 0.4.8.16-1
maintainer: Peter Palfrader (DMD)
arch: all any
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.4.5.16-1
o-o-sec: 0.4.5.16-1
oldstable: 0.4.7.16-1
old-sec: 0.4.7.16-1
old-bpo: 0.4.8.14-1~bpo12+1
stable: 0.4.8.16-1
testing: 0.4.8.16-1
unstable: 0.4.8.16-1

versioned links

0.4.5.16-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.4.7.16-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.4.8.14-1~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.4.8.16-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

tor (33 bugs: 0, 21, 12, 0)
tor-geoipdb (1 bugs: 0, 1, 0, 0)

action needed

A new upstream version is available: 0.4.9.3-alpha high

A new upstream version 0.4.9.3-alpha is available, you should consider packaging it.

Created: 2024-12-07 Last update: 2025-10-25 01:30

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-4444: A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered difficult. Upgrading to version 0.4.8.18 and 0.4.9.3-alpha is recommended to address this issue. It is recommended to upgrade the affected component.

Created: 2025-09-19 Last update: 2025-09-19 21:00

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2025-4444: A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered difficult. Upgrading to version 0.4.8.18 and 0.4.9.3-alpha is recommended to address this issue. It is recommended to upgrade the affected component.

Created: 2025-09-19 Last update: 2025-09-19 21:00

lintian reports 1 error and 13 warnings high

Lintian reports 1 error and 13 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-04-10 Last update: 2025-09-10 15:04

Depends on packages which need a new maintainer normal

The packages that tor depends on which need a new maintainer are:

docbook-xml (#802368)
- Build-Depends: docbook-xml
docbook-xsl (#802370)
- Build-Depends: docbook-xsl

Created: 2023-09-01 Last update: 2025-10-25 01:00

7 bugs tagged patch in the BTS normal

The BTS contains patches fixing 7 bugs (8 if counting merged bugs), consider including or untagging them.

Created: 2025-01-06 Last update: 2025-10-25 00:31

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 0.4.8.17-1, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit d836c5f3b00ddd1a0273a5adaf7b67756070818d
Merge: a830b8b3485 76b685c29e5
Author: Gabriel Filion <lelutin@torproject.org>
Date:   Thu Oct 9 13:27:30 2025 -0400

    Merge branch 'debian-ci' into debian-main

commit 76b685c29e58f24ab0a460cdc2a2b9c091c60a77
Author: Gabriel Filion <lelutin@torproject.org>
Date:   Thu Oct 9 13:24:30 2025 -0400

    Add ubuntu plucky to build job (tpo/tpa/team#42331)

commit a830b8b348541b1c6318f3bfae12dd6898c637ab
Author: Gabriel Filion <lelutin@torproject.org>
Date:   Thu Oct 9 13:14:47 2025 -0400

    Add ubuntu plucky to build jobs

commit c64c5273af17966e7f490d66f3bd64cf7c056059
Merge: 6e9334b1909 5459f25e723
Author: Jérôme Charaoui <jerome@riseup.net>
Date:   Mon Sep 22 10:48:14 2025 -0400

    Merge branch 'debian-ci' into debian-main

commit 6e9334b1909567dc8a8e29ed223c918fed68e513
Author: Jérôme Charaoui <jerome@riseup.net>
Date:   Mon Sep 22 10:47:42 2025 -0400

    drop focal from source packages, eol

commit 5459f25e723e6f13347ac6ba04d2faeb97bc2239
Author: Jérôme Charaoui <jerome@riseup.net>
Date:   Mon Sep 22 10:45:30 2025 -0400

    drop focal from build matrix (eol)

commit 01b8086be1648ad16b7251a93ed9c7867ebc313b
Merge: 0a95afb9733 135bc858454
Author: Jérôme Charaoui <jerome@riseup.net>
Date:   Tue Sep 16 18:16:51 2025 -0400

    Merge branch 'debian-ci' into debian-main

commit 0a95afb973354a4f77ed55df1b13f93885d26736
Author: Jérôme Charaoui <jerome@riseup.net>
Date:   Tue Sep 16 18:15:14 2025 -0400

    fix typo

commit 199e72b3d4cb282562ecdd64330c8f512541f76b
Author: Jérôme Charaoui <jerome@riseup.net>
Date:   Tue Sep 16 18:13:27 2025 -0400

    drop bullseye builds
    
    see tpo/tpa/base-images#19

commit 135bc858454baed44e16892c67896d94a422e91a
Author: Jérôme Charaoui <jerome@riseup.net>
Date:   Tue Sep 16 17:45:33 2025 -0400

    drop bullseye from build jobs

commit e060556c7bed7d8dd1db442ff11b26af36f34083
Merge: 0e1d9faad9e b6f5225e6e9
Author: Jérôme Charaoui <jerome@riseup.net>
Date:   Mon Sep 15 10:05:51 2025 -0400

    Merge branch 'debian-ci' into debian-main

commit 0e1d9faad9e224b86a5ab798a2a4c4518f6fb526
Author: Jérôme Charaoui <jerome@riseup.net>
Date:   Mon Sep 15 10:04:30 2025 -0400

    build for plucky, retire oracular (tpo/tpa/team#42180)

commit b6f5225e6e965105e0dd9748d1bbd54c1d6afa07
Author: Jérôme Charaoui <jerome@riseup.net>
Date:   Mon Sep 15 09:56:08 2025 -0400

    add ubuntu plucky (tpo/tpa/team#42180)
    
    also drop oracular which is eol

commit 60593bc18b785a622387589369d177cd1f6a71d3
Author: Jérôme Charaoui <jerome@riseup.net>
Date:   Tue Sep 9 09:13:31 2025 -0400

    update backport builds, fix source build job

commit b67a47a61c345ac4f8970964373e458d3913221a
Author: Jérôme Charaoui <jerome@riseup.net>
Date:   Thu Aug 21 20:32:54 2025 -0400

    add missing forky entry

commit 437caa7880fc1113a72951cca2c6d68d62e188a2
Merge: bea28ca13b4 09fba125ccb
Author: Gabriel Filion <lelutin@torproject.org>
Date:   Thu Aug 21 17:15:36 2025 -0400

    Merge branch '42256_forky_build_sources' into debian-main
    
    took out buster that was still present on debian-main

commit bea28ca13b4f625867580c8c173c1091aa1e74b5
Merge: 8081c7fc9a0 4b9a40c564a
Author: Gabriel Filion <lelutin@torproject.org>
Date:   Thu Aug 21 17:10:19 2025 -0400

    Merge branch 'debian-ci' into debian-main

commit 4b9a40c564a3af28bc552283d51db410f98ab7a8
Merge: 4159833b49b 46bdb74309c
Author: Gabriel Filion <lelutin@torproject.org>
Date:   Thu Aug 21 17:08:35 2025 -0400

    Merge branch '42256_ci_forky' into debian-ci

commit 4159833b49bc147b6fd84c5b89461db3ca356a3a
Author: Jérôme Charaoui <jerome@riseup.net>
Date:   Thu Aug 21 10:30:20 2025 -0400

    fix ci pipelines by installing adduser
    
    the previous commit was missing this bit

commit 46bdb74309c40cbfd36afec81f6f0b75d01ea2e3
Author: Gabriel Filion <lelutin@torproject.org>
Date:   Tue Aug 12 15:41:04 2025 -0400

    Add suite 'forky' to CI matrix (tpo/tpa/team#42256)
    
    This change show come together with tpo/core/debian/tor!2

commit 09fba125ccba733abccfce9907719b09b9058b7d
Author: Gabriel Filion <lelutin@torproject.org>
Date:   Tue Aug 12 15:32:29 2025 -0400

    Add 'forky' suite (tpo/tpa/team#42256)

commit 8081c7fc9a0d0d9c8e5ba5f8507f1f9ce3dbabf0
Author: Jérôme Charaoui <jerome@riseup.net>
Date:   Tue Apr 15 10:30:01 2025 -0400

    d/tests: drop unzip from onionshare deps

commit e53ca8e39246217e110b746250194b777720a88f
Author: Gauthier Jolly <contact@gjolly.fr>
Date:   Tue Apr 15 10:27:45 2025 -0400

    d/tests: fix setup-onion-service

commit 55c35236729eda610d644445acb729438b1da045
Merge: c51faf8104b e59490e56be
Author: Jérôme Charaoui <jerome@riseup.net>
Date:   Tue Apr 15 09:53:56 2025 -0400

    Merge branch 'debian-ci' into debian-main

commit c51faf8104b3496750189a93cbc979d8dd869608
Merge: 639426ccce0 5f2d65591e5
Author: Jérôme Charaoui <jerome@riseup.net>
Date:   Mon Mar 10 23:43:53 2025 -0400

    Merge branch 'debian-ci' into debian-main

commit 639426ccce07c795a78ef61aae7064bf0f19abf6
Author: Jérôme Charaoui <jerome@riseup.net>
Date:   Mon Mar 10 23:43:32 2025 -0400

    drop eol debian and ubuntu releases

commit 0990d6f31f8c89fe9cc042ca250b0044d0c4bc53
Author: Alexander Færøy <ahf@torproject.org>
Date:   Sun Oct 27 22:11:08 2024 +0100

    Add Ubuntu 24.10 (Oracular Oriole) and Noble Numbat (24.04 LTS).

commit 19ff377afc4907b2135dbf05b802756d92ed2a55
Merge: df2b25de966 4a5068e8b32
Author: Peter Palfrader <peter@palfrader.org>
Date:   Mon Oct 28 20:12:55 2024 +0100

    Merge branch 'debian-ci' into debian
    
    * debian-ci:
      Do not build Noble and Oracular on i386.
      Add noble and oracular to the Debian CI.
      Mark safe directories before cloning.

Created: 2024-08-20 Last update: 2025-10-24 22:00

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2025-4444: (needs triaging) A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered difficult. Upgrading to version 0.4.8.18 and 0.4.9.3-alpha is recommended to address this issue. It is recommended to upgrade the affected component.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-09-19 Last update: 2025-09-19 21:00

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2025-4444: (needs triaging) A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered difficult. Upgrading to version 0.4.8.18 and 0.4.9.3-alpha is recommended to address this issue. It is recommended to upgrade the affected component.

You can find information about how to handle this issue in the security team's documentation.

Created: 2025-09-19 Last update: 2025-09-19 21:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.4.0).

Created: 2019-09-29 Last update: 2025-03-29 16:28

news

[rss feed]

[2025-04-02] tor 0.4.8.16-1 MIGRATED to testing (Debian testing watch)
[2025-03-29] Accepted tor 0.4.8.16-1 (source) into unstable (Jérôme Charaoui) (signed by: weasel@debian.org)
[2025-02-27] Accepted tor 0.4.8.14-1~bpo12+1 (source) into stable-backports (Debian FTP Masters) (signed by: weasel@debian.org)
[2025-02-27] tor 0.4.8.14-1 MIGRATED to testing (Debian testing watch)
[2025-02-24] Accepted tor 0.4.8.14-1 (source) into unstable (Peter Palfrader) (signed by: weasel@debian.org)
[2024-12-25] Accepted tor 0.4.8.13-2~bpo12+1 (source) into stable-backports (Debian FTP Masters) (signed by: weasel@debian.org)
[2024-11-03] tor 0.4.8.13-2 MIGRATED to testing (Debian testing watch)
[2024-11-01] Accepted tor 0.4.8.13-2 (source) into unstable (Peter Palfrader) (signed by: weasel@debian.org)
[2024-10-30] Accepted tor 0.4.8.13-1 (source) into unstable (Peter Palfrader) (signed by: weasel@debian.org)
[2024-08-23] tor 0.4.8.12-1.1 MIGRATED to testing (Debian testing watch)
[2024-08-20] Accepted tor 0.4.8.12-1.1 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-06-19] Accepted tor 0.4.8.12-1~bpo11+1 (source) into oldstable-backports-sloppy (Debian FTP Masters) (signed by: weasel@debian.org)
[2024-06-14] Accepted tor 0.4.8.12-1~bpo12+1 (source) into stable-backports (Debian FTP Masters) (signed by: weasel@debian.org)
[2024-06-09] tor 0.4.8.12-1 MIGRATED to testing (Debian testing watch)
[2024-06-06] Accepted tor 0.4.8.12-1 (source) into unstable (Peter Palfrader) (signed by: weasel@debian.org)
[2024-05-21] Accepted tor 0.4.8.11-1~bpo11+1 (source) into oldstable-backports-sloppy (Debian FTP Masters) (signed by: weasel@debian.org)
[2024-05-03] Accepted tor 0.4.8.11-1~bpo12+1 (source) into stable-backports (Debian FTP Masters) (signed by: weasel@debian.org)
[2024-05-03] tor 0.4.8.11-1 MIGRATED to testing (Debian testing watch)
[2024-04-12] Accepted tor 0.4.8.11-1 (source) into unstable (Peter Palfrader) (signed by: weasel@debian.org)
[2024-02-06] Accepted tor 0.4.8.10-1~bpo11+1 (source) into oldstable-backports-sloppy (Debian FTP Masters) (signed by: weasel@debian.org)
[2024-01-28] Accepted tor 0.4.8.10-1~bpo12+1 (source) into stable-backports (Debian FTP Masters) (signed by: weasel@debian.org)
[2023-12-13] tor 0.4.8.10-1 MIGRATED to testing (Debian testing watch)
[2023-12-10] Accepted tor 0.4.8.10-1 (source) into unstable (Peter Palfrader) (signed by: weasel@debian.org)
[2023-12-07] Accepted tor 0.4.8.9-1~bpo11+1 (source amd64 all) into oldstable-backports-sloppy (Debian FTP Masters) (signed by: weasel@debian.org)
[2023-11-27] Accepted tor 0.4.8.9-1~bpo12+1 (source amd64 all) into stable-backports (Debian FTP Masters) (signed by: weasel@debian.org)
[2023-11-24] Accepted tor 0.4.7.16-1 (source) into proposed-updates (Debian FTP Masters) (signed by: weasel@debian.org)
[2023-11-22] Accepted tor 0.4.7.16-1 (source) into stable-security (Debian FTP Masters) (signed by: weasel@debian.org)
[2023-11-13] tor 0.4.8.9-1 MIGRATED to testing (Debian testing watch)
[2023-11-10] Accepted tor 0.4.8.9-1 (source) into unstable (Peter Palfrader) (signed by: weasel@debian.org)
[2023-11-08] tor 0.4.8.8-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 35 37
RC: 0
I&N: 23
M&W: 12 14
F&P: 0
patch: 7 8

links

homepage
lintian (1, 13)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.4.8.16-1
17 bugs