-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 23 Aug 2021 11:59:12 +0200 Source: tor Binary: tor tor-dbgsym Architecture: mips64el Version: 0.3.5.16-1 Distribution: buster-security Urgency: medium Maintainer: mipsel Build Daemon (mipsel-aql-03) Changed-By: Peter Palfrader Description: tor - anonymizing overlay network for TCP Changes: tor (0.3.5.16-1) buster-security; urgency=medium . * New upstream version. For a full list see the upstream changelog. It includes: - Resolve an assertion failure caused by a behavior mismatch between our batch-signature verification code and our single-signature verification code. This assertion failure could be triggered remotely, leading to a denial of service attack. We fix this issue by disabling batch verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de Valence. Checksums-Sha1: d26f09d392fe60968fe8d795ff211d7cae725570 4664740 tor-dbgsym_0.3.5.16-1_mips64el.deb fcf09ba8371af6d31057248c463fb1cb99ca09b0 6815 tor_0.3.5.16-1_mips64el-buildd.buildinfo 130da65092d7d5d0e6c41dead27694fe7654bdbe 1754276 tor_0.3.5.16-1_mips64el.deb Checksums-Sha256: 6dc3e27e1d53a439b375085d8a4dd3561d9944d31860eca4dc0fdaceab195048 4664740 tor-dbgsym_0.3.5.16-1_mips64el.deb 2818ef9691f402ae7294fc7037e8d098176b4b2d503f0a57327ae6f9f722251e 6815 tor_0.3.5.16-1_mips64el-buildd.buildinfo 3e1c1daf3052b6b5c93c02952adc4b13c0d965a187fffbf3c8b2966e86a3b458 1754276 tor_0.3.5.16-1_mips64el.deb Files: 391317653a71620c827da18a18001505 4664740 debug optional tor-dbgsym_0.3.5.16-1_mips64el.deb b1f205528e803d6f4d221eeb74e67e33 6815 net optional tor_0.3.5.16-1_mips64el-buildd.buildinfo 88bd222c589161dbaccbdf49c6e159a0 1754276 net optional tor_0.3.5.16-1_mips64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE6YhmUaQdOAULQQfkuEloAOY175IFAmEjh0MACgkQuEloAOY1 75J18A/+On8qzwsnnRzGL7xo4nnAj2SwgArdI0aWsABLEo4H4eGvdDDQra4THXbn qDsMslFiBdSll0W0CrrZ5ut4geN8RKPg2K3dADq69ZJMly7Ja0CWBRT6unKqz0Ii kQMVl45cQQ0vq5YunckTv0QqBD4rna93JGRGwuIwP0wRXSNO6q7u5BJ+T9unCh6A LP0Nhjn872Vv/ecyCSjKnn0OiLcn0F+NhFVWN6NeXLqcbv3VD87lbNIza0pTJYCo xWlza8s+IopFJa4knElj2FTrE1ck7Kfc99zlaXV/I3RMjZZ6d+C0Jt3zvIZX7DZq 4utPWk7sthbl4NmjJOPfNsynZ0UVTrJezxhl6dS1UKD6oiNxbCdlWbMch6REx0Fr SR31/6h0hzVeODjMtlArX6cBDTTYGOYqsWQGtX6ucw4025nJAtrgDuDw4mmFM52w 4/hlMtRs4467zf5wq4NsGNRvE9+fGEu4jNcdtIg6kNb3nWBU63IJTpMsnS++slIz R4yxkgas7NYTSUAtO1q2CIZxcaLv8ZCIKyD2tcxjNrhinbAXKigrfp4z4t+M7gqJ 5VPkNYgV/PiOITayFcOKf7AeGQx2B+JHutEPlrm3yCbdK0p98iPYVhbgUYYDcZOf BYkvyvbIg9HRvTsM6/dN99VlLOTPtCxwGUDS7bzw5hrZnDe7wKA= =OHhX -----END PGP SIGNATURE-----