This is not true. The affects of the bug are very sever, and it DOES NOT require the config to be saved! An attacker could still cause you to loose your anonymity.<br>UPDATE, UPDATE, UPDATE.<br><br><br><div><span class="gmail_quote">
On 8/10/07, <b class="gmail_sendername">Florian Reitmeir</b> <<a href="mailto:florian@reitmeir.org">florian@reitmeir.org</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Fri, 10 Aug 2007, Ringo Kamens wrote:<br><br>> As you know, a major security vulnerability was just patched with the<br>> <a href="http://0.1.2.16">0.1.2.16</a> release. I have been using the <a href="http://noreply.org">
noreply.org</a> deb packages but<br>> they didn't update to the newest version (at least not under amd64<br>> feisty). If you are in my situation you can compile from source or<br>> disable your controlport and wait out the storm until a new version is
<br>> released. Is the package maintainer busy or..?<br>> Comrade Ringo Kamens<br><br>the last security issue, is no issue on debian linux, because on debian Tor<br>can't write its config file. And the packager is on holidays in Finowurth,
<br>unil sunday.<br><br>--<br>Florian Reitmeir<br></blockquote></div><br>