-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 23 Aug 2021 11:59:12 +0200
Source: tor
Architecture: source
Version: 0.3.5.16-1
Distribution: buster-security
Urgency: medium
Maintainer: Peter Palfrader <weasel@debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Changes:
 tor (0.3.5.16-1) buster-security; urgency=medium
 .
   * New upstream version.
     For a full list see the upstream changelog.  It includes:
     - Resolve an assertion failure caused by a behavior mismatch between our
       batch-signature verification code and our single-signature verification
       code. This assertion failure could be triggered remotely, leading to a
       denial of service attack. We fix this issue by disabling batch
       verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
       also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
       Valence.
Checksums-Sha1:
 9778727a02f6262d009ff4bea4af6deecbfb1526 1968 tor_0.3.5.16-1.dsc
 1b4b0949252d9b36763597434bde803d2dcb4390 7166947 tor_0.3.5.16.orig.tar.gz
 7eb46d0fe53c873379f268d3c1bed4e6c37e6307 51393 tor_0.3.5.16-1.diff.gz
Checksums-Sha256:
 962f9245ef07c8c5563c551c7e6ecfeb2c18c11213be3af7d210a6737bc107b3 1968 tor_0.3.5.16-1.dsc
 bf348e96508bd12a73d15025d2701563767ce205523a0cb3a5a2f8f48dfbfcc9 7166947 tor_0.3.5.16.orig.tar.gz
 895fee21abb0ef81c5b60a644e3b2bcb26cc68232ea0ac0ba3c4ef8cca774dbf 51393 tor_0.3.5.16-1.diff.gz
Files:
 f28d5150bc56789e1edd24a8b9e75539 1968 net optional tor_0.3.5.16-1.dsc
 9549c3d8de248cac869190d1cace821f 7166947 net optional tor_0.3.5.16.orig.tar.gz
 5323cf7cb80c3a33c48339ca1bf609ff 51393 net optional tor_0.3.5.16-1.diff.gz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEZI5W7zrm8w5X0SHVIw/UyqaI+y8FAmEjdB4ACgkQIw/UyqaI
+y/UPAf7BCXqkGCocA/xo3+7h/G5908ne5IcnIqE4SqO6ZAVAUrcnIUpBv7fOPxZ
pj+rQgrXDapDPUg8OgpMC+ouz/buKMjlcxkMlmBxkAr/IbFkCGdMRNBxAa0KCmOu
X++x47aUIV/zSqSrXHUbm6LWy6G2nswD1hnwMKYt9BTDMR9OpeBglg+91Q90yrKa
jIW9oUH8X6cu6M+fwsDGnSRsXF+l7NmpzqYH66HKwC8tJmgf7zloqZ0TzjRaSiHF
xwejnxECWJ6ahtusXT3TM9kc9kvdFIkXhDhcJHg2BBDZDxk4A5Mi9n7ZQOSvCKgc
yAg/hMtwZSdr1/RT4VeIis0CIusC4w==
=HvSm
-----END PGP SIGNATURE-----