[Pkg-javascript-devel] Bug#736077: dont leak private network information (at least not by default)
Holger Levsen
holger at layer-acht.org
Sun Jan 19 14:22:53 UTC 2014
package: libjs-jssip
tags: security
Hi Daniel,
thanks for working on usuable + secure RTC in the webbrowser!
During your presentation at the Paris mini-debconf I just learned that your
libjs-jssip leaks all networks to the sip server (or calling party), which I
consider a privacy violation (which has been implemented to improve the user
experience by allowing the application to choose the best network connection).
Still, if I connect via route $X I expect this software not to leak my other
routes, which might contaín sensitive information.
In the talk you said it was trivial to comment out these lines, so I'm asking
you to do this by default and optionally allow it.
cheers,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/attachments/20140119/ef80eb43/attachment.sig>
More information about the Pkg-javascript-devel
mailing list