[tbb-bugs] #31383 [Applications/Tor Browser]: OpenSSL CVE-2019-1552

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Sep 28 16:28:14 UTC 2019


#31383: OpenSSL CVE-2019-1552
--------------------------------------+-----------------------------------
 Reporter:  cypherpunks               |          Owner:  tbb-team
     Type:  defect                    |         Status:  needs_information
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Major                     |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+-----------------------------------

Comment (by cypherpunks):

 > There is no need to drag this down onto a personal level and/or starting
 ad hominem arguments. I told you that on different occasions in different
 tickets. Please stop.
 Everything is personal in Universe. So, that is my personal amazement when
 no good explanation can be found. Maybe, you can explain. However, I'm
 still finding out what I should stop. It looks like we speak the same
 language, but different meanings. Relationships are far more complex than
 programming...
 > So, how are we supposed to fix this bug without introducing new
 vulnerabilities in your opinion?
 Hey, I just read Trac from time to time :) Also expected to see Richard's
 suggestions here.
 > Hardcoding any path (like suggested with C:\Windows or a path below it
 in comment:6) like e.g. the curl devs did does not do the trick according
 to your line of reasoning.
 How to teach OpenSSL to dance? Make it compatible with app-local
 installation, no?
 For Tor Browser, the best option is to disable everything related to those
 paths as it doesn't use them. But you can change them to `C:\Windows\Tor
 Browser` as a so-so workaround.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31383#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list