[tbb-bugs] #31383 [Applications/Tor Browser]: OpenSSL CVE-2019-1552
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Sep 28 16:28:14 UTC 2019
#31383: OpenSSL CVE-2019-1552
--------------------------------------+-----------------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: needs_information
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+-----------------------------------
Comment (by cypherpunks):
> There is no need to drag this down onto a personal level and/or starting
ad hominem arguments. I told you that on different occasions in different
tickets. Please stop.
Everything is personal in Universe. So, that is my personal amazement when
no good explanation can be found. Maybe, you can explain. However, I'm
still finding out what I should stop. It looks like we speak the same
language, but different meanings. Relationships are far more complex than
programming...
> So, how are we supposed to fix this bug without introducing new
vulnerabilities in your opinion?
Hey, I just read Trac from time to time :) Also expected to see Richard's
suggestions here.
> Hardcoding any path (like suggested with C:\Windows or a path below it
in comment:6) like e.g. the curl devs did does not do the trick according
to your line of reasoning.
How to teach OpenSSL to dance? Make it compatible with app-local
installation, no?
For Tor Browser, the best option is to disable everything related to those
paths as it doesn't use them. But you can change them to `C:\Windows\Tor
Browser` as a so-so workaround.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31383#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list