Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219941 Summary: Tor < 0.1.1.26 has security problem Product: Fedora Extras Version: fc6 Platform: All URL: http://archives.seul.org/or/announce/Dec- 2006/msg00000.html OS/Version: Linux Status: NEW Severity: urgent Priority: urgent Component: tor AssignedTo: enrico.scholz@xxxxxxxxxxxxxxxxxxxxxxxxx ReportedBy: roozbeh@xxxxxxxxxxxxx QAContact: extras-qa@xxxxxxxxxxxxxxxxx CC: extras-qa@xxxxxxxxxxxxxxxxx,fedora-security- list@xxxxxxxxxx Description of problem: Tor 0.1.1.26 fixes a serious privacy bug for people who use the HttpProxyAuthenticator config option: Tor would send your proxy auth directly to the directory server when you're tunnelling directory requests through Tor. Specifically, this happens when publishing or accessing hidden services, or when you have set FascistFirewall or ReachableAddresses and you're accessing a directory server that's not reachable directly. Version-Release number of selected component (if applicable): tor-0.1.1.25-1.fc6 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
