Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2007-1103: tor information disclosure
Product: Fedora Extras
"Tor does not verify a node's uptime and bandwidth advertisements, which allows
remote attackers who operate a low resource node to make false claims of greater
resources, which places the node into use for many circuits and compromises the
anonymity of traffic sources and destinations."
All <= 0.1.1.26 versions reportedly affected. Upstream statement:
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.