[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#923316: apt leaks SRV requests for _socks._tcp.localhost for tor proxy



Package: apt
Version: 1.3~rc1
Severity: important
Tags: security
Control: fixed -1 1.7.0~alpha1

apt, starting with 1.3~rc1, and prior to 1.7.0~alpha1, generates a
SRV request when trying to use the Tor proxy, asking the DNS server
SRV _socks._tcp.localhost.

This might cause information to be leaked that the user is about to
use tor for Debian package installation, as no other tool is likely to perform
such queries.

-- 
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer                              i speak de, en


Reply to: