CVE-2010-0384

Name	CVE-2010-0384
Description	Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for local users to discover the identities of clients in opportunistic circumstances by reading log files.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severity	low

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
tor (PTS)	stretch	0.2.9.16-1	fixed
	stretch (security)	0.2.9.15-1	fixed
	buster, buster (security)	0.3.5.16-1	fixed
	bullseye (security), bullseye	0.4.5.10-1~deb11u1	fixed
	bookworm, sid	0.4.6.8-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
tor	source	lenny	(not affected)
tor	source	(unstable)	(not affected)

Notes

- tor <not-affected> (only affects versions 0.2.2.x)
[lenny] - tor <not-affected> (only affects versions 0.2.2.x)
does not appear to be a real vulnerability?