-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 23 Aug 2021 11:59:12 +0200
Source: tor
Binary: tor-geoipdb
Architecture: all
Version: 0.3.5.16-1
Distribution: buster-security
Urgency: medium
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description:
 tor-geoipdb - GeoIP database for Tor
Changes:
 tor (0.3.5.16-1) buster-security; urgency=medium
 .
   * New upstream version.
     For a full list see the upstream changelog.  It includes:
     - Resolve an assertion failure caused by a behavior mismatch between our
       batch-signature verification code and our single-signature verification
       code. This assertion failure could be triggered remotely, leading to a
       denial of service attack. We fix this issue by disabling batch
       verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
       also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
       Valence.
Checksums-Sha1:
 7e1598bbcdf37208af54fc502ff318d813b98c11 1338252 tor-geoipdb_0.3.5.16-1_all.deb
 7768390905b8bc811784447c12d27bcfe30a4a41 6747 tor_0.3.5.16-1_all-buildd.buildinfo
Checksums-Sha256:
 92b1bffa766a2c4a28c3c262fbb7f85a12f5d8a0b40f8a2c8df692ed86018f4b 1338252 tor-geoipdb_0.3.5.16-1_all.deb
 3aa066718cfd811e53f79718e90d7dc132868992d2c770a6a973fecc818a20d6 6747 tor_0.3.5.16-1_all-buildd.buildinfo
Files:
 efff5d2aa164e045ee04123df4443862 1338252 net extra tor-geoipdb_0.3.5.16-1_all.deb
 95e5ecadffad533aff1ca5034b91be3d 6747 net optional tor_0.3.5.16-1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEqQcRQHTGP4qt3opGks26TWZ8cfMFAmEje8QACgkQks26TWZ8
cfMy/g/8CF0eP/4xDf+HiLLzy4DGFKu6ywG4i/5u4wClWT8rmUtaWhpJNUvEDTk+
met3IrK2TGJKFO7yVw80HL/zoP2ZiLkcYnbVhfBMW7HzgnLWnRXsFFj5LfWAA5U9
ywHXEleBza5EKzoD7LQBsFjCWHFqJVStAgpjgc7RATvAsYReQXCNdTsvnyomGQJD
VvR10qTCRWRncJj6ZuYXYX11eOZL6w8hc48XC51NBBDh7Kckcha6LL+mAv7JRsti
4Ve12tpMkAboqwyKlug2qZrunKEkjYAG3VVdQzQtinexPTypEdFKueut27WcUBX+
Zm7Qbje8ewTqRVQGJblQvQxsqnFMsgF30QjFpnXTf7qNy7TxWr02lL7fsR6kNu5N
3z1rINAqeAQvvJ7jUGHFbqiAP+ApeXiGeLESsZTLJGk1SduZLRK9yrZAbeOGZ0Wn
PSWA4OBfD6fmBo4qfZWReDs0KImsCjh1W+uixOuPmxrwLBOilDBTCvaickP9moP5
7HWgrM03qoY7bi+pX9vq5ynPfHw8XGuEo5U4pNMBiqP+UT9p/7zqRqSoF9Lu+c6j
Vuj1EkIyAZcLu51oUQ/ZcKqPctgGntbIEnpqRcWKBx47Ckhvu9EoYb3PsUB+OvEW
ZD/g7SPdi2cvskUj/UXgDke0jWG6vKKdfzzJxTjZGbnvDVDIBkI=
=KqNp
-----END PGP SIGNATURE-----