[tbb-bugs] #27616 [Applications/Tor Browser]: Double-check Rust code for potential proxy bypass in ESR 60
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 19 14:20:24 UTC 2018
#27616: Double-check Rust code for potential proxy bypass in ESR 60
--------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: TorBrowserTeam201810 | Actual Points:
Parent ID: #22176 | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by gk):
I realized that Mozilla imported a ton of updated crates and new ones for
the 60.3.0esr release. I wondered whether our proposed audit strategy can
cope with such a scenario as we ideally want to make sure that those
updates don't include proxy bypasses. If not, it might be worth thinking
about an audit strategy that *does* take such point release updates into
account.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27616#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list