Mike Perry

**Name of the Vulnerable Software and Affected Versions** Tor versions 0.2.2.x through 0.2.2.7-alpha **Description** The issue allows local users to potentially discover the identities of clients by reading log files when the Tor functions as a directory mirror and detects erroneous client behavior. **Recommendations** For Tor versions 0.2.2.x through 0.2.2.7-alpha, update to version 0.2.2.7-alpha or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Tor versions prior to 0.2.1.22 Tor versions 0.2.2.x prior to 0.2.2.7-alpha **Description** The issue allows remote attackers to obtain sensitive information about bridge identities and bridge descriptors via a dbg-stability.txt directory query when Tor is functioning as a bridge directory authority. **Recommendations** For Tor versions prior to 0.2.1.22, update to version 0.2.1.22 or later. For Tor versions 0.2.2.x prior to 0.2.2.7-alpha, update to version 0.2.2.7-alpha or later.