[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #30834 [Applications/GetTor]: GetTor depends on Twisted, which has a URL sanitisation vulnerability

To: undisclosed-recipients: ;
Subject: [tor-bugs] #30834 [Applications/GetTor]: GetTor depends on Twisted, which has a URL sanitisation vulnerability
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 11 Jun 2019 00:22:16 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 10 Jun 2019 20:22:26 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#30834: GetTor depends on Twisted, which has a URL sanitisation vulnerability
-------------------------------------+--------------------------
     Reporter:  teor                 |      Owner:  (none)
         Type:  defect               |     Status:  new
     Priority:  Medium               |  Milestone:
    Component:  Applications/GetTor  |    Version:
     Severity:  Normal               |   Keywords:  security-low
Actual Points:                       |  Parent ID:
       Points:                       |   Reviewer:
      Sponsor:                       |
-------------------------------------+--------------------------
 I'm not sure if GetTor is affected, because the vulnerability depends on
 user input being put in URLs:
 https://github.com/torproject/gettor/network/alert/requirements.txt/twisted/open

 Here is a pull request created by GitHub's automated bot:
 https://github.com/torproject/gettor/pull/1/files

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30834>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #30834 [Applications/GetTor]: GetTor depends on Twisted, which has a URL sanitisation vulnerability
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #30834 [Applications/GetTor]: GetTor depends on Twisted, which has a URL sanitisation vulnerability
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #28113 [Core Tor/Tor]: notify systemd if shutdown will be longer than 30 seconds
Next by Author: [tor-bugs] #30801 [Core Tor/Tor]: Investigate running CI with hardened dependencies vs running CI with valgrind
Previous by thread: Re: [tor-bugs] #30833 [Circumvention/BridgeDB]: Update BrideDB's requirements.txt
Next by thread: Re: [tor-bugs] #30834 [Applications/GetTor]: GetTor depends on Twisted, which has a URL sanitisation vulnerability
Index(es):
- Author
- Thread