-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 23 Aug 2021 11:59:12 +0200
Source: tor
Binary: tor tor-dbgsym
Architecture: mips
Version: 0.3.5.16-1
Distribution: buster-security
Urgency: medium
Maintainer: mips Build Daemon (mips-manda-01) <buildd_mips-mips-manda-01@buildd.debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description:
 tor        - anonymizing overlay network for TCP
Changes:
 tor (0.3.5.16-1) buster-security; urgency=medium
 .
   * New upstream version.
     For a full list see the upstream changelog.  It includes:
     - Resolve an assertion failure caused by a behavior mismatch between our
       batch-signature verification code and our single-signature verification
       code. This assertion failure could be triggered remotely, leading to a
       denial of service attack. We fix this issue by disabling batch
       verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
       also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
       Valence.
Checksums-Sha1:
 e406d7a68bf96bba4486014ea0a35469088d49b8 4358388 tor-dbgsym_0.3.5.16-1_mips.deb
 cdf9de75d1fa63848a3873d05f79671b764e1db2 6774 tor_0.3.5.16-1_mips-buildd.buildinfo
 755e03f85bbd04e12bdec155dec8a820cee411fc 1738768 tor_0.3.5.16-1_mips.deb
Checksums-Sha256:
 99c62ec18bb7edf28ad2fedfdb61772712025e3d8bbe3d37392575eb45c498b4 4358388 tor-dbgsym_0.3.5.16-1_mips.deb
 72477d6d8f8e70cabdbfecdc058d29c0dae29ef89a8916fdda56651580adc3ee 6774 tor_0.3.5.16-1_mips-buildd.buildinfo
 c1b129679f4619c1752b2d1752e2052ed8c59bec85d601abbcdc6b60d2431ce4 1738768 tor_0.3.5.16-1_mips.deb
Files:
 d2585b62e7973cfa99494495523ceb1e 4358388 debug optional tor-dbgsym_0.3.5.16-1_mips.deb
 2ba6cbd51246ad4cde4aab47098674ea 6774 net optional tor_0.3.5.16-1_mips-buildd.buildinfo
 776e92810e7dd10453f85dba9679dfab 1738768 net optional tor_0.3.5.16-1_mips.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEhnMg2w1ioN6Y4CfNHxQ53MmvhPIFAmEjg/0ACgkQHxQ53Mmv
hPJQIw/+OGE/05LH1/9uofmASuXeZH33gCBfLtuzqbb4KfIsatQKdQwWJsGjN37I
+lt1LtK+cS8JKCkWHVZkCt0p6jqWbhCI3B0pSMf5EEXPUJ10AZi1DKqSDv7PRNVV
F3QDD2D0soCpkmSB35D3xH/f3BlLm8nLO8AGKB9tLG6MjrB6cp5F/6I1kCcqM0st
iIgR5b+Q4MglyEGRiNtYEMLk03COmlhHn7qHQtenTQ2O23SoK4rbS+LOp6cRIMCH
Vxp3/WYDtGljon44nRa0cdkLUQcpKbhyD0tZXMFhMjPJ1xwyHooJQSgHq1cEF09l
j91DvR/SC81np8xvOzKOifDQCRay5YJBv3B9DKF7Y1aO/MoAiCNn0btmmjCtpC+D
czxPa+rfXKGiuFfB+JOJWdOsB0ivsL7vYjZrN8CRuxCf+zUuOEvQc1IZgMfX/iTy
VUeGyKDRhW4P+YLhXYdUnBZn+KafAfv6Z0k+DA8NVVp82kVirADayzA17CKCJ10R
dcDTdReOHtN4nTNkjqZjJyUVLbVnnIofyFZ0RcHGKvOmMbc+92X+58qLfES5wnSs
MQPqcEhfMHQKxtDHaTlwEtPUXVX5HSekB6rO73hjgkKpIyJhBDBApsLxuSx3rQuj
wraszTWZ5NCyZ8tqsmgTjEiTvVXsmhHJYvrqd3kLDYjiuBu8ycQ=
=pWEs
-----END PGP SIGNATURE-----