Bug#923316: apt leaks SRV requests for _socks._tcp.localhost for tor proxy

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#923316: apt leaks SRV requests for _socks._tcp.localhost for tor proxy
From: Julian Andres Klode <jak@debian.org>
Date: Tue, 26 Feb 2019 10:19:52 +0100
Message-id: <[🔎] 20190226101648.GA26022@debian.org>
Reply-to: Julian Andres Klode <jak@debian.org>, 923316@bugs.debian.org

Package: apt
Version: 1.3~rc1
Severity: important
Tags: security
Control: fixed -1 1.7.0~alpha1

apt, starting with 1.3~rc1, and prior to 1.7.0~alpha1, generates a
SRV request when trying to use the Tor proxy, asking the DNS server
SRV _socks._tcp.localhost.

This might cause information to be leaked that the user is about to
use tor for Debian package installation, as no other tool is likely to perform
such queries.

-- 
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer                              i speak de, en

Reply to:

Follow-Ups:
- Processed: apt leaks SRV requests for _socks._tcp.localhost for tor proxy
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Processed: Bug #923316 in apt marked as pending
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Processed: Bug #923316 in apt marked as pending
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: apt_1.8.0~rc4_source.changes ACCEPTED into unstable
Next by Date: Processed: apt leaks SRV requests for _socks._tcp.localhost for tor proxy
Previous by thread: apt_1.8.0~rc4_source.changes ACCEPTED into unstable
Next by thread: Processed: apt leaks SRV requests for _socks._tcp.localhost for tor proxy
Index(es):
- Date
- Thread