[tbb-dev] Plan for new TBBs re Openssl bug?
Roger Dingledine
arma at mit.edu
Mon Apr 7 21:27:44 UTC 2014
On Mon, Apr 07, 2014 at 04:52:05PM -0400, Tom Ritter wrote:
> This is a server-side attack, so clients don't need to make any
> change,
Unless somebody is certain that the bug can't be triggered against Tor
clients to have them send arbitrary memory to Tor relays (including,
say, past stream history), it seems like we do indeed want new TBBs.
I agree that it appears Tor Browser (which is based on libnss) is
unaffected.
--Roger
More information about the tbb-dev
mailing list