-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 23 Aug 2021 11:59:12 +0200 Source: tor Binary: tor tor-dbgsym Architecture: ppc64el Version: 0.3.5.16-1 Distribution: buster-security Urgency: medium Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) Changed-By: Peter Palfrader Description: tor - anonymizing overlay network for TCP Changes: tor (0.3.5.16-1) buster-security; urgency=medium . * New upstream version. For a full list see the upstream changelog. It includes: - Resolve an assertion failure caused by a behavior mismatch between our batch-signature verification code and our single-signature verification code. This assertion failure could be triggered remotely, leading to a denial of service attack. We fix this issue by disabling batch verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de Valence. Checksums-Sha1: 0f86cb1bdbb79c0ae2cd9c7ce766d9eb1fe306c5 4664136 tor-dbgsym_0.3.5.16-1_ppc64el.deb a478bf112200983f26e8e73322411f0778a9d4f7 6947 tor_0.3.5.16-1_ppc64el-buildd.buildinfo 70a10cdc0d8cf002aec4d301668ea72a77668929 1876668 tor_0.3.5.16-1_ppc64el.deb Checksums-Sha256: cdc5defb375b58dd8c4082dc4be933c509fdc8206e573d36cc78efd457e81ca9 4664136 tor-dbgsym_0.3.5.16-1_ppc64el.deb 5887b65fd8de6732acc2a89874b7db79f3bb8a46afe03589a0d74716c77418da 6947 tor_0.3.5.16-1_ppc64el-buildd.buildinfo 85a85e86c9017b344ea9f06a8de1cab568f0e9d645aeca9eebc180cfa4ea148e 1876668 tor_0.3.5.16-1_ppc64el.deb Files: b2851d27f5c4495f65cb203ed6485911 4664136 debug optional tor-dbgsym_0.3.5.16-1_ppc64el.deb 310bb518331eb8e9fec3ef5afa96c520 6947 net optional tor_0.3.5.16-1_ppc64el-buildd.buildinfo 5d5a2a1bb28635e1cf581b9d87aa3a35 1876668 net optional tor_0.3.5.16-1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEzxcBZLbWYROS8SGLQ0vh8H8HxvwFAmEjfAUACgkQQ0vh8H8H xvwQFxAApmnxIzWayRpVXJMjdqb91I9xNkXmS7FYFy4FbZ38yybjTqc0iRiM667L 5I5aye+7cXs0TAyTAJawq2lVpp2UV7WIAgrNJf+zYwXGI54/l6uaQG1Lj0sHtSrN NIeM92IXFCp7Hewk8uyG5VwZI6G8WVMb7koRrIDELdhnHHwktWOxVR3GXohy+QE0 tbVawX6qjGpz7K3sF0qEzr4RucrenWZIzBH2Fqwb+c7yQxIXL+qubqQMfQ0jbaKH kSmGu8Zka2QiVzu7YaRwGQi3KmQq8EQAJC5DDXIKQophrLaOX2VkUNBep7H9RXuw 29Xnj84iqTWF57Lsu4zi2pDjs1qyo3ZFwdvRW5ZlgKKzg70JNU5ibyWG4f4DBdbH pSaXHAlHe26cim68s6cT/P3uVhrUsK3fuY2I4PrOaj3Eh8zomdCwO2HYHmLTM1rD gdrOU51qOyabkdIk3gvlPhTQMyBetrmDGJtDg+XHrlpvqnwCq5t6+sFKRfIUg3hS dT6Kyegy3ICAQToO/J+hqeXnKRGxiqAAYrn1zsmfSCw/BA13yZhsBr58RXhi6299 KbGB9xUkeNdoQgizmwsFsf4IGSxXW2SnfzZTKcy6TOMlZBX5+ZXkpe2g+nvouafL TZXBDYqfLMeoUD+mc8DwwDOrEgX5hDNBm4iBK/5GLmCz0PW+/io= =g8Ln -----END PGP SIGNATURE-----