Mandriva Linux Security Advisory 2013-132 - Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected. Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values. Various other vulnerabilities have been addressed.
5ee102c8464d210c11eb70256fe5f9fdeb5edd501b3b5eb68b0590a9bb1f0ee1
Gentoo Linux Security Advisory 201301-3 - Multiple vulnerabilities have been found in Tor, allowing attackers to cause Denial of Service or obtain sensitive information. Versions less than 0.2.3.25 are affected.
1ce5e4fcdcb2acbdce162b2be890b3cc7a74c271c3e1885443f9c9b318d98138
Debian Linux Security Advisory 2548-1 - Severel vulnerabilities have been discovered in Tor, an online privacy tool.
7c12c1bb198059f418d98a783d17c970ceac8c78f4b178312dd97b0621450b41