-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 23 Aug 2021 11:59:12 +0200
Source: tor
Binary: tor tor-dbgsym
Architecture: i386
Version: 0.3.5.16-1
Distribution: buster-security
Urgency: medium
Maintainer: i386 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description:
 tor        - anonymizing overlay network for TCP
Changes:
 tor (0.3.5.16-1) buster-security; urgency=medium
 .
   * New upstream version.
     For a full list see the upstream changelog.  It includes:
     - Resolve an assertion failure caused by a behavior mismatch between our
       batch-signature verification code and our single-signature verification
       code. This assertion failure could be triggered remotely, leading to a
       denial of service attack. We fix this issue by disabling batch
       verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
       also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
       Valence.
Checksums-Sha1:
 4342aca6e8d09c79a93c00699467be93ab785fbc 4077184 tor-dbgsym_0.3.5.16-1_i386.deb
 49afa7e360b6126366f9236409ad4041b41c5fe9 6937 tor_0.3.5.16-1_i386-buildd.buildinfo
 cf80651101f9f51c3b8b46977b9b43f00071cd16 1877172 tor_0.3.5.16-1_i386.deb
Checksums-Sha256:
 4adb7331de54847bb034a6345a3ac325bb84e1ebbe9013d3a6eeba4cbf224d37 4077184 tor-dbgsym_0.3.5.16-1_i386.deb
 b604f12ba2b858790d8b45a0ffde232edf54ffac33443ceab4f291c2b84730bf 6937 tor_0.3.5.16-1_i386-buildd.buildinfo
 068b2207a78293c401ed194d9a46c3f92b60f7be6ca9f7fb0b85a01005e89235 1877172 tor_0.3.5.16-1_i386.deb
Files:
 590e6c5fa3d839e005c3521fd23d7a3f 4077184 debug optional tor-dbgsym_0.3.5.16-1_i386.deb
 95005b7bfe44bf45252de19a4ea64758 6937 net optional tor_0.3.5.16-1_i386-buildd.buildinfo
 e6db7f0a02f324cc7f3f7bd2f7a66865 1877172 net optional tor_0.3.5.16-1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEeShLnnjT5e2dm1q4H4Xht4aLclgFAmEjfOQACgkQH4Xht4aL
clhx3A//XDg+5xuhoM3LAG361H+vUt/rIMzUrG+5kKJpD+7rheP9NX4fhCiCs40P
+Ods6jVaTRU6QEmibYZ8/EDB4/AqoWFlim8Jkc/WDZz6LuMQ80WNObEbBBKehtba
rxTzLMee8kbi21hG2ORkr3OoW7EcYcVjGVqwNz7nLKnZMw8NXUuW0FQQgKC7yfvg
tSWnKX4jhIgVVvdzD+HlWUnFRL6HNqk5NkVsRN08oSP4zWP9F7F1kn+r0kb8aZis
UqIKLe4VU/2hpDJuhj8D5QpRi035q7DfXDygzU6XX9SAdkw38pLBlncvyJ1vjXsL
v21qBJ95GzkxWVFzs0j4tKV5g/C4Dx6AruXkO9XZCY+gRwk4gT3v4EagTVrQcqsi
zyI+qVzxP6wCE4fN29s6M2f2z8ta3QfejADY9j+1iFUMmKyyu78w41hbSLhVzZpZ
xZDAOdC/VWoPHBovcM4Xi+A6jUXjx31zYmxnLEufmlo8tQjhDcZz3fT5mNfhzeEG
5xS9X2J46ViYSLRlmLm/sT44riN6c7gM96YP3QfYARGjWIIoEp2qPAIy20wb33/e
BGqdeIAMcPvo8YMNYjgfXJ47s/kSlI1BM5ZUX207QarL1AKwxB3TuOS+Y2qWDCGX
vSmxMhwxvAQYLqVnm7T14sIFZ+PT9r2wIoXYGvDUcoA5HpLA8R8=
=+EIC
-----END PGP SIGNATURE-----