[tor-bugs] #31383 [Applications/Tor Browser]: OpenSSL CVE-2019-1552
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Sep 27 19:20:59 UTC 2019
#31383: OpenSSL CVE-2019-1552
--------------------------------------+-----------------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: needs_information
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+-----------------------------------
Comment (by gk):
Replying to [comment:11 cypherpunks]:
> Doh, looks like you see Windows for the first time :(
Actually, I do not, believe me.
> What do you say when you see `D:\Program Files`?
I was not really talking about that. I was curious why hardcoding *any*
path, like C:\Program Files on a Windows 64bit system, is a vulnerability
and what would it be in that case? That's how I read your comment at
least.
> Also why do you want conflicts between app-local and system-wide
OpenSSL?
Actually, what I want is to resolve this bug. So far, I assumed the path
the OpenSSL project chose would be a good one which is why we followed it.
But we might have been wrong here.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31383#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list