-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 23 Aug 2021 11:59:12 +0200 Source: tor Binary: tor-geoipdb Architecture: all Version: 0.3.5.16-1 Distribution: buster-security Urgency: medium Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Peter Palfrader Description: tor-geoipdb - GeoIP database for Tor Changes: tor (0.3.5.16-1) buster-security; urgency=medium . * New upstream version. For a full list see the upstream changelog. It includes: - Resolve an assertion failure caused by a behavior mismatch between our batch-signature verification code and our single-signature verification code. This assertion failure could be triggered remotely, leading to a denial of service attack. We fix this issue by disabling batch verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de Valence. Checksums-Sha1: 7e1598bbcdf37208af54fc502ff318d813b98c11 1338252 tor-geoipdb_0.3.5.16-1_all.deb 7768390905b8bc811784447c12d27bcfe30a4a41 6747 tor_0.3.5.16-1_all-buildd.buildinfo Checksums-Sha256: 92b1bffa766a2c4a28c3c262fbb7f85a12f5d8a0b40f8a2c8df692ed86018f4b 1338252 tor-geoipdb_0.3.5.16-1_all.deb 3aa066718cfd811e53f79718e90d7dc132868992d2c770a6a973fecc818a20d6 6747 tor_0.3.5.16-1_all-buildd.buildinfo Files: efff5d2aa164e045ee04123df4443862 1338252 net extra tor-geoipdb_0.3.5.16-1_all.deb 95e5ecadffad533aff1ca5034b91be3d 6747 net optional tor_0.3.5.16-1_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEqQcRQHTGP4qt3opGks26TWZ8cfMFAmEje8QACgkQks26TWZ8 cfMy/g/8CF0eP/4xDf+HiLLzy4DGFKu6ywG4i/5u4wClWT8rmUtaWhpJNUvEDTk+ met3IrK2TGJKFO7yVw80HL/zoP2ZiLkcYnbVhfBMW7HzgnLWnRXsFFj5LfWAA5U9 ywHXEleBza5EKzoD7LQBsFjCWHFqJVStAgpjgc7RATvAsYReQXCNdTsvnyomGQJD VvR10qTCRWRncJj6ZuYXYX11eOZL6w8hc48XC51NBBDh7Kckcha6LL+mAv7JRsti 4Ve12tpMkAboqwyKlug2qZrunKEkjYAG3VVdQzQtinexPTypEdFKueut27WcUBX+ Zm7Qbje8ewTqRVQGJblQvQxsqnFMsgF30QjFpnXTf7qNy7TxWr02lL7fsR6kNu5N 3z1rINAqeAQvvJ7jUGHFbqiAP+ApeXiGeLESsZTLJGk1SduZLRK9yrZAbeOGZ0Wn PSWA4OBfD6fmBo4qfZWReDs0KImsCjh1W+uixOuPmxrwLBOilDBTCvaickP9moP5 7HWgrM03qoY7bi+pX9vq5ynPfHw8XGuEo5U4pNMBiqP+UT9p/7zqRqSoF9Lu+c6j Vuj1EkIyAZcLu51oUQ/ZcKqPctgGntbIEnpqRcWKBx47Ckhvu9EoYb3PsUB+OvEW ZD/g7SPdi2cvskUj/UXgDke0jWG6vKKdfzzJxTjZGbnvDVDIBkI= =KqNp -----END PGP SIGNATURE-----