-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 23 Aug 2021 11:59:12 +0200 Source: tor Architecture: source Version: 0.3.5.16-1 Distribution: buster-security Urgency: medium Maintainer: Peter Palfrader Changed-By: Peter Palfrader Changes: tor (0.3.5.16-1) buster-security; urgency=medium . * New upstream version. For a full list see the upstream changelog. It includes: - Resolve an assertion failure caused by a behavior mismatch between our batch-signature verification code and our single-signature verification code. This assertion failure could be triggered remotely, leading to a denial of service attack. We fix this issue by disabling batch verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de Valence. Checksums-Sha1: 9778727a02f6262d009ff4bea4af6deecbfb1526 1968 tor_0.3.5.16-1.dsc 1b4b0949252d9b36763597434bde803d2dcb4390 7166947 tor_0.3.5.16.orig.tar.gz 7eb46d0fe53c873379f268d3c1bed4e6c37e6307 51393 tor_0.3.5.16-1.diff.gz Checksums-Sha256: 962f9245ef07c8c5563c551c7e6ecfeb2c18c11213be3af7d210a6737bc107b3 1968 tor_0.3.5.16-1.dsc bf348e96508bd12a73d15025d2701563767ce205523a0cb3a5a2f8f48dfbfcc9 7166947 tor_0.3.5.16.orig.tar.gz 895fee21abb0ef81c5b60a644e3b2bcb26cc68232ea0ac0ba3c4ef8cca774dbf 51393 tor_0.3.5.16-1.diff.gz Files: f28d5150bc56789e1edd24a8b9e75539 1968 net optional tor_0.3.5.16-1.dsc 9549c3d8de248cac869190d1cace821f 7166947 net optional tor_0.3.5.16.orig.tar.gz 5323cf7cb80c3a33c48339ca1bf609ff 51393 net optional tor_0.3.5.16-1.diff.gz -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEZI5W7zrm8w5X0SHVIw/UyqaI+y8FAmEjdB4ACgkQIw/UyqaI +y/UPAf7BCXqkGCocA/xo3+7h/G5908ne5IcnIqE4SqO6ZAVAUrcnIUpBv7fOPxZ pj+rQgrXDapDPUg8OgpMC+ouz/buKMjlcxkMlmBxkAr/IbFkCGdMRNBxAa0KCmOu X++x47aUIV/zSqSrXHUbm6LWy6G2nswD1hnwMKYt9BTDMR9OpeBglg+91Q90yrKa jIW9oUH8X6cu6M+fwsDGnSRsXF+l7NmpzqYH66HKwC8tJmgf7zloqZ0TzjRaSiHF xwejnxECWJ6ahtusXT3TM9kc9kvdFIkXhDhcJHg2BBDZDxk4A5Mi9n7ZQOSvCKgc yAg/hMtwZSdr1/RT4VeIis0CIusC4w== =HvSm -----END PGP SIGNATURE-----