Package: privoxy
Version: 3.0.13-1
Justification: user security hole
Severity: grave
Tags: security
Hi.
Since the last release or so, the config template gives this as an
example for chaining privoxy with Tor:
# To chain Privoxy and Tor, both running on the same system,
# you would use something like:
#
# forward-socks5 / 127.0.0.1:9050 .
AFAIK, it was always the case, that with socks5, DNS resolution
happened locally and not via the proxy (which was the reason one
should use socks4a).
Has this changed?
As this change could render Tor useless,.. and I found no docs whether
the above has change in the meantime... I've marked this bug as
security critical.
Feel free to close, if I'm wrong :-)
Thanks,
Chris.
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30-heisenberg (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages privoxy depends on:
ii adduser 3.110 add and remove users and groups
ii libc6 2.9-20 GNU C Library: Shared libraries
ii libpcre3 7.8-2 Perl 5 Compatible Regular
Expressi
ii logrotate 3.7.7-3 Log rotation utility
ii lsb-base 3.2-22 Linux Standard Base 3.2
init scrip
ii perl 5.10.0-24 Larry Wall's Practical Extraction
ii zlib1g 1:1.2.3.3.dfsg-14 compression library - runtime
Versions of packages privoxy recommends:
ii doc-base 0.9.3 utilities to manage
online documen
privoxy suggests no packages.
-- no debconf information
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
