-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 23 Aug 2021 11:59:12 +0200 Source: tor Binary: tor tor-dbgsym Architecture: mipsel Version: 0.3.5.16-1 Distribution: buster-security Urgency: medium Maintainer: mipsel Build Daemon (mipsel-manda-05) Changed-By: Peter Palfrader Description: tor - anonymizing overlay network for TCP Changes: tor (0.3.5.16-1) buster-security; urgency=medium . * New upstream version. For a full list see the upstream changelog. It includes: - Resolve an assertion failure caused by a behavior mismatch between our batch-signature verification code and our single-signature verification code. This assertion failure could be triggered remotely, leading to a denial of service attack. We fix this issue by disabling batch verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de Valence. Checksums-Sha1: 1d890ed1d4db1184590e9cef4f138a6936dadb70 4285792 tor-dbgsym_0.3.5.16-1_mipsel.deb ebb76a04cdb36330adfc0ceae973540f753bc2d9 6792 tor_0.3.5.16-1_mipsel-buildd.buildinfo f00ef7e59c47b5ad3a1c61b1cac062a02641a295 1759732 tor_0.3.5.16-1_mipsel.deb Checksums-Sha256: bf3c195fc3f1f960666d99910ad59fbce521fa566c05acc144f71d52bccd52ac 4285792 tor-dbgsym_0.3.5.16-1_mipsel.deb 1d44bcfd3a34f9f9c7e7ece0274bf9dc1fc82dc4d109e5df68a1169168f77b15 6792 tor_0.3.5.16-1_mipsel-buildd.buildinfo 59b699c825f78f359bff83a7b9c0d8efca2bceb460dc4b787e8de5282cdd67c2 1759732 tor_0.3.5.16-1_mipsel.deb Files: 5810b27ad6ed1bcb20f134992c7a5eb2 4285792 debug optional tor-dbgsym_0.3.5.16-1_mipsel.deb 3a53a7093a16f798a14ee90134507557 6792 net optional tor_0.3.5.16-1_mipsel-buildd.buildinfo dd72cc3e3bef72b98a34d2864778f28a 1759732 net optional tor_0.3.5.16-1_mipsel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEQ5dTuB/7AkreZZfGPYe+ogkxLY8FAmEjhlkACgkQPYe+ogkx LY/jgw//WGR4oQTuwC97vRoLuko4BgKCtUrZbtbnYwR+ObZfLQRJADliTRwvvvG4 fKj+fSYRQwQ8tNmcCn/1ke1jFNYwYTNMHtuX3cNLvKOm5BB75eVA/fhVHUEejZeK NqJvPfzpDZyBhM8BekdyNL1JSFOMZvq2p+Sueo6PmTSfJu1ceYEx7L3C3LOlkxb+ jyJE6jlrw67VnWxMb7rbBkRyilnVMiEVr9fe2sodRixV4az/wYIEmiixdVpvKi/U TDAYbtIquqmIJ5lq9Ms83hnE2NiMYr+Khp3j13f2mG+6/6WNO+T7zqPzK/cadwlP uP4obwqLyH0zgzF3XMtNQlgcQBptkUEr3llYu8NcV28II3HL57jZu0gC5UswVOOP YitzRIYaUVWnArncqaxqLmnEMnZBzhEgdhrDKmXU8bXgWWSeOJHG9h7I9iVv+28Q tUinI++eIt6oJo05I126kjhxZcn+CVFl6PNPPyNoP5E64HrpUGQ6nUa136IzFDk2 cyoYHYgzlJkuIPQidKHvxTYg3m3dOgK2PgCvi2qJjem2Kebc8/ZPUq02ulx7eTDV X0GZmdgZbNp6vTKnM2hgrFaxqTAerPWg4kA8c1+KQHqFH2r930ZbKGwSAnTd5qto QZ/z0+z5lo2p581ulGK/hOcxPYrJFeILOSPq+sNDy0XoYMdIQNg= =Kezg -----END PGP SIGNATURE-----