-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 23 Aug 2021 11:59:12 +0200 Source: tor Binary: tor tor-dbgsym Architecture: armel Version: 0.3.5.16-1 Distribution: buster-security Urgency: medium Maintainer: armhf / armel Build Daemon (hoiby) Changed-By: Peter Palfrader Description: tor - anonymizing overlay network for TCP Changes: tor (0.3.5.16-1) buster-security; urgency=medium . * New upstream version. For a full list see the upstream changelog. It includes: - Resolve an assertion failure caused by a behavior mismatch between our batch-signature verification code and our single-signature verification code. This assertion failure could be triggered remotely, leading to a denial of service attack. We fix this issue by disabling batch verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de Valence. Checksums-Sha1: a5a2e689df28bc9ef2c049f0cbbda7dcf2f43f58 4331180 tor-dbgsym_0.3.5.16-1_armel.deb 026aec210c10938e618c9d8c28759b62928cdff3 6832 tor_0.3.5.16-1_armel-buildd.buildinfo 0f91019921d673a84c292c5ce3ac3e52948359c8 1709316 tor_0.3.5.16-1_armel.deb Checksums-Sha256: 18bcb5f2abfffc70b70dd4daff07faec1dc96e574f277696d07c338f27888d94 4331180 tor-dbgsym_0.3.5.16-1_armel.deb d908ccafbe2bb4b0a1ac380f886841f1831c23348068b0e01dab514a9c7fae6d 6832 tor_0.3.5.16-1_armel-buildd.buildinfo 2dec505ec3909ac5bd9ac23331d7e9f25291a577fe0a61324a50e64d91c882bd 1709316 tor_0.3.5.16-1_armel.deb Files: 8867ef5fdf72e2820bc3206176c42def 4331180 debug optional tor-dbgsym_0.3.5.16-1_armel.deb 6b8b762e9edcc6506a82ec6618683ee9 6832 net optional tor_0.3.5.16-1_armel-buildd.buildinfo e768390cd399417b842a3abdc416d372 1709316 net optional tor_0.3.5.16-1_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXKbqG0HaSMJSbIp828NZPHfgpE0FAmEjg7YACgkQ28NZPHfg pE1BPw//Undi1GjOSGNGzosRDbEjgD9QrgVdey8/n5UmJElCOrDNpi5nDJkEyqPb VOLG5HYsKOer/Ph1MbAfIYQ9gz3JJxgrY0RA3phAJgCsVBl3QjHYk+sGkLW3G4WW X/pIwc2qaq4/gyQfMBi5KpwCMQozVuz/TmMkEr3cl94bROBYxPEoOrsgUEcMlG8e CIc/TkrH5ck2UiCmNu4kKgnw7JBNJQDf6oEXSG8cfZAmUfKaOAPeaLy77iWBFg/u LXQIWclUCG6Qi6/lAMyzYyQtTeHgOSE5AarmKINGMCapQrA2rJoKlNmXnxrDjhBN UgM9lFJxt7YSog80ME5QKCRMV42Ef9yBaOCHu4FRjR7ERb+gHCzhE3z+XyUSWRkV T8WtMyvy8evmb/HGgnF2vHfvp8uHgXv1QKb4mZNzXx6Kl1IWxm5oUnCZjqrcXPK8 5tDXXa8zYvmg1yzrl8Q9iWHZ6U5gQf4Gb/E6gDAWla6/EOLONZRYnMrMFqpru1TQ d1wNrSI41pEKYH0tZSJCEiNwkdjf7WwBR3M91zko3R/0akNmsdtc35IDeBQmjp8y Z1qibpDd9pk3oMONXIal94IzWO8teBogFMYLrXqKUEJc97vTPtPP1f/vJzlvKuFO YJBZyXLS/OkZw8i/gwWMZIRgTgstdV7zBtyeY06F3j9k3NwOc+Q= =SRGG -----END PGP SIGNATURE-----