[Bug 219941] New: Tor < 0.1.1.26 has security problem
bugzilla at redhat.com
bugzilla at redhat.com
Sun Dec 17 11:54:48 UTC 2006
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219941
Summary: Tor < 0.1.1.26 has security problem
Product: Fedora Extras
Version: fc6
Platform: All
URL: http://archives.seul.org/or/announce/Dec-
2006/msg00000.html
OS/Version: Linux
Status: NEW
Severity: urgent
Priority: urgent
Component: tor
AssignedTo: enrico.scholz at informatik.tu-chemnitz.de
ReportedBy: roozbeh at farsiweb.info
QAContact: extras-qa at fedoraproject.org
CC: extras-qa at fedoraproject.org,fedora-security-
list at redhat.com
Description of problem:
Tor 0.1.1.26 fixes a serious privacy bug for people who use the
HttpProxyAuthenticator config option: Tor would send your proxy auth
directly to the directory server when you're tunnelling directory
requests through Tor. Specifically, this happens when publishing or
accessing hidden services, or when you have set FascistFirewall or
ReachableAddresses and you're accessing a directory server that's not
reachable directly.
Version-Release number of selected component (if applicable):
tor-0.1.1.25-1.fc6
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the security
mailing list