lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <N1-RgoLqqpPqk@Safe-mail.net>
Date: Mon, 19 Mar 2012 12:33:03 -0400
From: CXySuYg5DuKktzX@...e-mail.net
To: bugtraq@...urityfocus.com
Subject: Tor Browser Bundle for Linux (2.2.35-8) "EVIL bug"

"There is an EVIL bug in at least the Linux (2.2.35-8) Tor Browser Bundle start-tor-browser script. It will log things like domain names to a file in the root of the browser bundle."

https://trac.torproject.org/projects/tor/ticket/5417

Ticket #5417 (new defect)

RelativeLink.sh in Tor browser bundle has small typo causing debug mode to be always turned on

Reported by: cypherpunks
Priority: critical
Component: Tor bundles/installation

Description

TBB starts in debug mode disregardless of --debug switch used or not. This is caused by small bug on line 208 on RelativeLink.sh, where it says

if [ "${debug}" ];

where it should say

if [ "${debug}" == 1];

or

if [ ${debug} -eq 1 ];

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ