[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17895 [Applications/Tor Browser]: Tor Browser Bundle installer subject to DLL hijacking

Subject: Re: [tor-bugs] #17895 [Applications/Tor Browser]: Tor Browser Bundle installer subject to DLL hijacking
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 22 Apr 2016 07:35:26 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 22 Apr 2016 03:35:35 -0400
In-reply-to: <047.e563a8d35d2a1ce60d8cab26793ecac3@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.e563a8d35d2a1ce60d8cab26793ecac3@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17895: Tor Browser Bundle installer subject to DLL hijacking
-------------------------------------------------+-------------------------
 Reporter:  ericlaw                              |          Owner:  boklm
     Type:  defect                               |         Status:
 Priority:  High                                 |  needs_revision
Component:  Applications/Tor Browser             |      Milestone:
 Severity:  Major                                |        Version:
 Keywords:  tbb-gitian, tbb-security,            |     Resolution:
  TorBrowserTeam201604R                          |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):

 * status:  needs_review => needs_revision


Comment:

 Thanks! This looks good to me. Some nits:

 1) in `mkbundle-windows.sh` look at how we treat binutils, gcclibs and all
 the others: we should rebuild the utils if there is a new NSIS version,
 too. Additionally, we should refresh the link as well in case we are
 skipping the utilities build to make sure we are always use the correct
 version.

 2) We should verify the packages in `verify-tags.sh` as well.

 3) You could add the NSIS packages to `versions.alpha`, too

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17895#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #10534 [Applications/Tor Browser]: Let's not advertise help desk emails directly
Next by Author: Re: [tor-bugs] #18846 [Core Tor/Tor]: Tor never shut up even the user set Log level ERROR.
Previous by thread: Re: [tor-bugs] #17895 [Applications/Tor Browser]: Tor Browser Bundle installer subject to DLL hijacking
Next by thread: Re: [tor-bugs] #17895 [Applications/Tor Browser]: Tor Browser Bundle installer subject to DLL hijacking
Index(es):
- Author
- Thread