[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Warning to NoReply.org DEB Package Users

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Warning to NoReply.org DEB Package Users
From: "Kyle Williams" <kyle.kwilliams@xxxxxxxxx>
Date: Fri, 10 Aug 2007 15:06:36 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Fri, 10 Aug 2007 18:06:46 -0400
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=js5qno1uvz9deCNCDxPzjqR5D1fFVzym2ApXzpeV+HDG1buYASDOjqgXlOcx6nVbhmJ7R2V0SWXqDblBf0W4US2WaQ88Y2MV4b8OifPa7SJXbKBxH5Wnoy/mNSgIf7iSc8T2Z084mN7lyGPDxks2QaplpGCxH4ZLOyigzswVyOc=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=m8ceuvv06jS9CWv3ZUDwkWNTRtcZmAlVjaL+w7U2NSQNO3YCBeirr15w7EW30KHGnKGjFmUAnKqgzZ2QQK7ZTGjSJX0K3KpjAE3887ii9m7XXjczXPmRQbvqctkBpnEG2UXzqW87zx8ubfFSe0NZ6CK+taA3D6NGmqxudvn4o0o=
In-reply-to: <20070810210559.GG21473@xxxxxxxxxxxxxxx>
References: <3922422b0708101312h7a7c55cbw64390628cc7e2786@xxxxxxxxxxxxxx> <20070810210559.GG21473@xxxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

This is not true. The affects of the bug are very sever, and it DOES NOT require the config to be saved! An attacker could still cause you to loose your anonymity.
UPDATE, UPDATE, UPDATE.

On 8/10/07, Florian Reitmeir <florian@xxxxxxxxxxxx> wrote:

On Fri, 10 Aug 2007, Ringo Kamens wrote:

> As you know, a major security vulnerability was just patched with the
> 0.1.2.16 release. I have been using the noreply.org deb packages but
> they didn't update to the newest version (at least not under amd64
> feisty). If you are in my situation you can compile from source or
> disable your controlport and wait out the storm until a new version is
> released. Is the package maintainer busy or..?
> Comrade Ringo Kamens

the last security issue, is no issue on debian linux, because on debian Tor
can't write its config file. And the packager is on holidays in Finowurth,
unil sunday.

--
Florian Reitmeir

Follow-Ups:
- Re: Warning to NoReply.org DEB Package Users
  - From: Florian Reitmeir
- Re: Warning to NoReply.org DEB Package Users
  - From: Ringo Kamens

References:
- Warning to NoReply.org DEB Package Users
  - From: Ringo Kamens
- Re: Warning to NoReply.org DEB Package Users
  - From: Florian Reitmeir

Prev by Author: Re: Proposal: Two hop paths from entry guards
Next by Author: Re: ModSecurity v2 Apache rules for directory servers
Previous by thread: Re: Warning to NoReply.org DEB Package Users
Next by thread: Re: Warning to NoReply.org DEB Package Users
Index(es):
- Author
- Thread