Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18
Robert Hogan
robert at roberthogan.net
Wed Oct 31 20:44:28 UTC 2007
On Wednesday 31 October 2007 15:34:18 Gregory Fleischer (Lists) wrote:
> Versions of the Vidalia bundle prior to 0.1.2.18 install Privoxy with
> an insecure configuration file. Both Windows and Mac OS X versions
> are affected. The installed 'config.txt' file ('config' on Mac OS X)
> had the following option values set to 1:
>
> - enable-remote-toggle
> - enable-edit-actions
>
<snip>
>
> In order to allow time for people to upgrade, additional attack
> details and sample code will be withheld for a couple of days.
TorK is affected by this too. There should be a 0.22 available before Friday.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20071031/11038d42/attachment.pgp>
More information about the tor-talk
mailing list