[tbb-dev] Plan for new TBBs re Openssl bug?

Roger Dingledine arma at mit.edu
Mon Apr 7 21:27:44 UTC 2014

On Mon, Apr 07, 2014 at 04:52:05PM -0400, Tom Ritter wrote:
> This is a server-side attack, so clients don't need to make any
> change,

Unless somebody is certain that the bug can't be triggered against Tor
clients to have them send arbitrary memory to Tor relays (including,
say, past stream history), it seems like we do indeed want new TBBs.

I agree that it appears Tor Browser (which is based on libnss) is


More information about the tbb-dev mailing list