[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18



On Wednesday 31 October 2007 15:34:18 Gregory Fleischer (Lists) wrote:
> Versions of the Vidalia bundle prior to 0.1.2.18 install Privoxy with
> an insecure configuration file.  Both Windows and Mac OS X versions
> are affected.  The installed 'config.txt' file ('config' on Mac OS X)
> had the following option values set to 1:
>
>    - enable-remote-toggle
>    - enable-edit-actions
>
<snip>
>
> In order to allow time for people to upgrade, additional attack
> details and sample code will be withheld for a couple of days.

TorK is affected by this too. There should be a 0.22 available before Friday.

Attachment: signature.asc
Description: This is a digitally signed message part.