Package: torbrowser-launcher Version: 0.2.0-2 After installing the torbrowser-launcher package and running the program without any arguments, I immediately saw a "connection refused" error. Code inspection reveals that the launcher assumes there's a SOCKS server at 127.0.0.1:9050 that connects to the Tor network.
It is inappropriate to assume Tor is running on this port, as any local user could be running a service there (Debian bug #797335), possibly to interfere with torbrowser-launcher. Assuming the https connection is secure, this would only be a denial of service or an information leak. torbrowser-launcher should allow the user to select an alternate TCP or Unix-domain SOCKS address, and shouldn't connect to an unprivileged one without confirmation. - Michael -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: arm64 Kernel: Linux 4.1.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages torbrowser-launcher depends on: ii gnupg 1.4.19-5 ii python 2.7.9-1 ii python-gtk2 2.24.0-4 ii python-lzma 0.5.3-3 ii python-parsley 1.2-1 ii python-psutil 2.2.1-3 ii python-twisted 15.2.1-1 ii python-txsocksx 1.15.0.2-1 ii tor 0.2.6.10-1 ii wmctrl 1.07-7 torbrowser-launcher recommends no packages. Versions of packages torbrowser-launcher suggests: pn apparmor <none> pn python-pygame <none> -- no debconf information
signature.asc
Description: Digital signature