Your message dated Mon, 26 Dec 2011 16:18:09 +0000
with message-id <[email protected]>
and subject line Bug#648253: fixed in torbutton 1.4.5.1-1
has caused the Debian Bug report #648253,
regarding Torbutton ignores port setting and uses 9050 instead
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
648253: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648253
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: xul-ext-torbutton
Version: 1.4.4.1-1
Tags: security
I run Tor on a low SocksPort to prevent non-root accounts from
impersonating the server. The latest version of Torbutton silently
resets the port to 9050 on every startup. This normally prevents it
from working, but also introduces a security hole because any
unprivileged user could bind to that port and observe web traffic.
A workaround is to set the TOR_SOCKS_PORT environment variable to the
proper number.
- Michael
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.39-2-amd64 (SMP w/1 CPU core)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
xul-ext-torbutton depends on no packages.
Versions of packages xul-ext-torbutton recommends:
ii iceweasel 7.0.1-2
ii tor 0.2.2.34-1
Versions of packages xul-ext-torbutton suggests:
ii privoxy 3.0.17-1
-- no debconf information
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: torbutton
Source-Version: 1.4.5.1-1
We believe that the bug you reported is fixed in the latest version of
torbutton, which is due to be installed in the Debian FTP archive:
iceweasel-torbutton_1.4.5.1-1_all.deb
to main/t/torbutton/iceweasel-torbutton_1.4.5.1-1_all.deb
torbutton_1.4.5.1-1.debian.tar.gz
to main/t/torbutton/torbutton_1.4.5.1-1.debian.tar.gz
torbutton_1.4.5.1-1.dsc
to main/t/torbutton/torbutton_1.4.5.1-1.dsc
torbutton_1.4.5.1.orig.tar.gz
to main/t/torbutton/torbutton_1.4.5.1.orig.tar.gz
xul-ext-torbutton_1.4.5.1-1_all.deb
to main/t/torbutton/xul-ext-torbutton_1.4.5.1-1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jérémy Bobbio <[email protected]> (supplier of updated torbutton package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 26 Dec 2011 16:55:59 +0100
Source: torbutton
Binary: xul-ext-torbutton iceweasel-torbutton
Architecture: source all
Version: 1.4.5.1-1
Distribution: unstable
Urgency: low
Maintainer: Jérémy Bobbio <[email protected]>
Changed-By: Jérémy Bobbio <[email protected]>
Description:
iceweasel-torbutton - transitional dummy package
xul-ext-torbutton - Iceweasel/Firefox extension enabling 1-click toggle of Tor
usage
Closes: 648253
Changes:
torbutton (1.4.5.1-1) unstable; urgency=low
.
* New upstream release:
- Set SOCKS port and host only with recommended settings. (Closes: #648253)
Checksums-Sha1:
c05af64e23069a70e81657782d393d21eb8d2c1c 2085 torbutton_1.4.5.1-1.dsc
6b4e31802ae960f9e7d4066a6be95507c31ee631 571369 torbutton_1.4.5.1.orig.tar.gz
c302d53f0bde55ded3f4929ae9e88a0e13cfb2c8 7817 torbutton_1.4.5.1-1.debian.tar.gz
f71f49d377e9cbaeba3ae0a3db34efd708b75d6e 356058
xul-ext-torbutton_1.4.5.1-1_all.deb
cf7fa2ee304bf1506a10caedfe7c83ff8ad43df8 15542
iceweasel-torbutton_1.4.5.1-1_all.deb
Checksums-Sha256:
67f39e40a59241400f6bd9494eae93cd6f23227facf7478f1542ab8266780142 2085
torbutton_1.4.5.1-1.dsc
1b42caf01a817162c56cd317ff3dc7c9174d4b97b43701f94631c80f6438ede8 571369
torbutton_1.4.5.1.orig.tar.gz
5064a22f4abdefcae966b15e6a6a8ac62c210f644cc9e772ea96448c4cff1ba3 7817
torbutton_1.4.5.1-1.debian.tar.gz
8aa3f7aecedd751dde372d7a5da8e4f4cbc88e2bf66c83d9419a3f199e1e1b87 356058
xul-ext-torbutton_1.4.5.1-1_all.deb
0714dcb4926ccf5ad425e43090553bb3f6f449f684cc9978e6086844f517cd7a 15542
iceweasel-torbutton_1.4.5.1-1_all.deb
Files:
34de310c74a8be710cfc109c865ab30e 2085 web optional torbutton_1.4.5.1-1.dsc
9c379838d3a29b2bf667dd600155b005 571369 web optional
torbutton_1.4.5.1.orig.tar.gz
0ca2b99a7d96e63c6b98b10647461aad 7817 web optional
torbutton_1.4.5.1-1.debian.tar.gz
b6d7dbcc85550cd473c6f363b4488028 356058 web optional
xul-ext-torbutton_1.4.5.1-1_all.deb
85ad21533b906dcf97c89537500530d4 15542 web optional
iceweasel-torbutton_1.4.5.1-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJO+JoiAAoJEEgU3sIrMHw8V8gQAMn/al5Oq+3j/aytR64UWJQv
vMC0BaDK2jMJztEle5/SLoNEceic5JDVF+ukoPNOhbbRKs2uojQGFEDZWQBbJROy
44oPf2A+Pw+ne6QMgYj09v/H4XKPoXfvZVBPAZXBrOJali9mU09DJxotJ7LQTKu2
02rNPww6KQ24Dtd8DAWBtwqlelKwYGIMyowrutAOQhbFazzm9wlgdO71ftDXF3/u
vhLH01kFKY1IOnw/iJoJIxUhtX702iFuzgMAiCp/xF+j+HanvwYjlIiHPki2Jpzc
qbVCd9FpnxbOIbvL4rc2UOedUNzUnzHH/oQy+CCmqq6/a6B3zgYqj7Vkm9do8ALy
I3ie71oHop1tBsXywByYn9Fsv00zYWxbf59CLY89rGNDG/e6XJpJS8MU3uCu9js1
YbH7+8fvUqt3EHUbvN6UtOAjnpkFJFM6hRYX3vXxp7jsHJkqzrjQz3kZ8Sjek6V4
5tr1Z5xPQiQRmnPq+KigH4uGlbvJXO+fSBL37VxD9npJMObKqUFwqh7AR5KPst6/
LEHtv7ouaMSx+EPiWrK/tMAydbdTKq+u4lOTD4QFtqDm4+fUFPiNU81u/VyTWEUH
v3WmJDkQalsQ5VSVuekS2QSjxg0Nvb3ycl7UzZSFD2KvsH5sPWc4gEuLBtSsjy+c
M68vdTzE6t8TOgUDhgJH
=dsvD
-----END PGP SIGNATURE-----
--- End Message ---
