Re: [tor-relays] most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!

On Tue, Oct 25, 2016 at 09:48:00PM +0000, nusenu wrote:

It is not possible to reliable determine the exact CW fraction affected[1] due to the fact that patches were released that didn't increase tor's version number.

In the case of OpenBSD, MTier published a binary package (patch) only yesterday. I had reported them to update on 2016-10-19 to use a patch from openbsd-ports@ mailing list (net/tor port maintainer).

Consequently, OpenBSD 6.0's -stable has tor-0.2.7.6p1 (vulnerable) and MTier's binary packages have tor-0.2.7.6p2 (not vulnerable). -snapshots has tor-0.2.8.9.