Please update Tor in older versions of Ubuntu

It probably makes sense to use the packages we have on deb.torproject.org; are we cleared to push those even though they're radically different versions?

I believe tor still has an exception for SRU so we should be able to update it the way we do with clamav. We could just backport the package we already have in natty (it's synced from debian directly). I don't think it makes sense to backport it to dapper, as it's already near EOL, but there should be nothing stopping us from pushing it to hardy-updates. If it's okay with you Jason, I could do that tomorrow or the day after.

Status changed to 'Confirmed' because the bug affects multiple users.

What needs to be done to push this bug forward?

There are security issues with the version of tor in the current Ubuntu release (oneiric). Debian has packaged an update: http://packages.qa.debian.org/t/tor/news/20111028T200707Z.html

It would be nice to get this in Ubuntu.

@kralph:
Absolutely right.

Tor from Oneiric warn us:

[warn] Please upgrade! This version of Tor (0.2.1.30) is obsolete, according to the directory authorities. Recommended versions are: 0.2.1.31,0.2.2.34,0.2.3.6-alpha

There are security issues it this version and Tor should be upgraded as soon as possible.

Thank you for reporting this bug and helping to make Ubuntu better. The package referred to in this bug is in universe or multiverse and reported against a release of Ubuntu (hardy) which no longer receives updates outside of the explicitly supported LTS packages. While the bug against hardy is being marked "Won't Fix" for now, if you are interested feel free to post a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures'

Please feel free to report any other bugs you may find.