[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #22962 [Core Tor/Tor]: Clarify the security severity of issues that make denial of service easier

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #22962 [Core Tor/Tor]: Clarify the security severity of issues that make denial of service easier
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 30 Nov 2017 21:15:37 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 30 Nov 2017 16:15:50 -0500
In-reply-to: <044.41a269f4ba512b523360b946f1cc9be0@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.41a269f4ba512b523360b946f1cc9be0@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#22962: Clarify the security severity of issues that make denial of service easier
--------------------------+------------------------------------
 Reporter:  teor          |          Owner:  nickm
     Type:  task          |         Status:  accepted
 Priority:  Medium        |      Milestone:  Tor: 0.3.3.x-final
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:  docs policy   |  Actual Points:
Parent ID:  #22948        |         Points:
 Reviewer:                |        Sponsor:  SponsorV
--------------------------+------------------------------------

Comment (by teor):

 Seems sensible to me.
 Are we worried that memory disclosure vulnerabilities will ever de-
 anonymise users?
 Remote crashes against clients aren't in our existing list, should they be
 high or critical?

 The last sentence in the critical section should read "… any ability to
 regain root privileges would be critical-severity."

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22962#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #24274 [Metrics/Atlas]: Add a search box at the top right corner of the new Atlas page
Next by Author: Re: [tor-bugs] #24118 [Core Tor/Tor]: spec: Update dir-spec.txt with HS v3 consensus param
Previous by thread: Re: [tor-bugs] #22962 [Core Tor/Tor]: Clarify the security severity of issues that make denial of service easier
Next by thread: Re: [tor-bugs] #22962 [Core Tor/Tor]: Clarify the security severity of issues that make denial of service easier
Index(es):
- Author
- Thread