-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 18 Jun 2021 10:27:26 +0200
Source: tor
Binary: tor tor-dbgsym
Architecture: armel
Version: 0.3.5.15-1
Distribution: buster-security
Urgency: medium
Maintainer: armhf Build Daemon (antheil) <buildd_armhf-antheil@buildd.debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description:
 tor        - anonymizing overlay network for TCP
Closes: 990000
Changes:
 tor (0.3.5.15-1) buster-security; urgency=medium
 .
   * New upstream version, fixing several (security) issues (closes: #990000).
     For a full list see the upstream changelog.  It includes:
     - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
       half-closed streams. Previously, clients failed to validate which
       hop sent these cells: this would allow a relay on a circuit to end
       a stream that wasn't actually built with it.
       Bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021-
       003 and CVE-2021-34548.
     - Detect more failure conditions from the OpenSSL RNG code.
       Previously, we would detect errors from a missing RNG
       implementation, but not failures from the RNG code itself.
       Fortunately, it appears those failures do not happen in practice
       when Tor is using OpenSSL's default RNG implementation.
       Bugfix on 0.2.8.1-alpha. This issue is also tracked as
       TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
     - Resist a hashtable-based CPU denial-of-service attack against
       relays. Previously we used a naive unkeyed hash function to look
       up circuits in a circuitmux object. An attacker could exploit this
       to construct circuits with chosen circuit IDs, to create
       collisions and make the hash table inefficient. Now we use a
       SipHash construction here instead. Bugfix on
       0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and
       CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
     - Fix an out-of-bounds memory access in v3 onion service descriptor
       parsing. An attacker could exploit this bug by crafting an onion
       service descriptor that would crash any client that tried to visit
       it. Bugfix on 0.3.0.1-alpha. This issue is also
       tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
       Glazunov from Google's Project Zero.
Checksums-Sha1:
 7a021d83556b796b6131e7a8813156f00472dddb 4331556 tor-dbgsym_0.3.5.15-1_armel.deb
 a1f4ae3a05ab2ef534b7d531ba7dc6a4d390109c 6815 tor_0.3.5.15-1_armel-buildd.buildinfo
 2c762e3dba61c4df98e47a468b584231ed478575 1706300 tor_0.3.5.15-1_armel.deb
Checksums-Sha256:
 7f4615541d05967aadaf79a7fbde2a9fd32101341681847c07387615e5d8df83 4331556 tor-dbgsym_0.3.5.15-1_armel.deb
 2d83c4ec2c7eaa14889286f5fd6202851bd1d6c31f8599c974b763fea0e12f3d 6815 tor_0.3.5.15-1_armel-buildd.buildinfo
 53f7362c55fdac944195b412eb4880a59e4fb82700580d894fd99368e71c5ae8 1706300 tor_0.3.5.15-1_armel.deb
Files:
 9634b1aa299e0242b393c9f2ae0d2180 4331556 debug optional tor-dbgsym_0.3.5.15-1_armel.deb
 b277b79105a90a2a80370fa8dff79c8d 6815 net optional tor_0.3.5.15-1_armel-buildd.buildinfo
 2b87547543b115694df84d4b6271a6d3 1706300 net optional tor_0.3.5.15-1_armel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE+1GJPNvS1hXASfHY/2Ioj1sRd84FAmDMbQwACgkQ/2Ioj1sR
d845jBAAoIAAjLyokBv89SywVDYHaRbA4N22fkA2WScYsRE/R1iGzUvMWUJsvBIR
A0Gkzr9YSd9/iuk/Xuye5u5Tc1q3KcJyUh74NYGZUCGTNfobEV25Za9qQmTCJVtc
kCyONwes4xG82JVvHQbtYxzLws/jCPfJSvPJpy8s+NslujTrdtf/jHxX9E7wn91m
QdwE3yiWkMgfOhhgPen0gsAWMDFvxyTf+UUN9RlLyLFeDAfnP+AZtjeLdjJZ34Ki
0aUts1FbTj/nYxdptfxHalABgjtZ4cticlij7gVqs1PUqlw1/aH479UBAOhsaaiq
WsBCFPq2+MLIwnmKsiX5NWr0IB9lqYL//dax7Zk24I8Z/Z9wZrjoD4GLajqTSGim
D3UIx5ws2BdnzldYXlB+Ih55j9UVjj9sWux4n+mCxQbK8YQU5YuywR6k42B+JJ1g
6NE5fOuUhXSXYC90B4LTpq/irV6MDqFgSLLwjvGYGNI2JOnTA+OeupNW7cO1IwJH
BnGpKdR6C5abTpfi1ez3ktw7lpY/qrqT+UOpGR7BB/h7Y2dqBWs0zb9um3hUPsqW
NC6jYvob9/RUy8/JnlbR74IkxDnHlF5fncKibDSCkal+VaVhgS5kwbLjPXeNyush
FYCFXwdh/qJYsvecZ0N3U0kaDXjNNs+L5kR5thn5yJBWu+JviTQ=
=oFd5
-----END PGP SIGNATURE-----