-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 23 Aug 2021 11:29:16 +0200 Source: tor Binary: tor-geoipdb Architecture: all Version: 0.4.5.10-1~deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Peter Palfrader Description: tor-geoipdb - GeoIP database for Tor Changes: tor (0.4.5.10-1~deb11u1) bullseye-security; urgency=medium . * Upload fix for TROVE-2021-007/CVE-2021-38385 to bullseye: - Resolve an assertion failure caused by a behavior mismatch between our batch-signature verification code and our single-signature verification code. This assertion failure could be triggered remotely, leading to a denial of service attack. We fix this issue by disabling batch verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de Valence. Checksums-Sha1: ee298456186e8fec89582d348768ecc129aeb687 1401616 tor-geoipdb_0.4.5.10-1~deb11u1_all.deb 822f6a8c09432476c4cc4ee1d2d78ae5a53c3960 7013 tor_0.4.5.10-1~deb11u1_all-buildd.buildinfo Checksums-Sha256: df8be699b7db4d4f35ead310610d3a4708dcf905b803d67d8f13b5ac13d55633 1401616 tor-geoipdb_0.4.5.10-1~deb11u1_all.deb 1eb449c4546072d8f960da0dd0dc60414951438db714b75e24afb34a6ba35e87 7013 tor_0.4.5.10-1~deb11u1_all-buildd.buildinfo Files: b4c9702535c864d44d1d9cc442f85b84 1401616 net optional tor-geoipdb_0.4.5.10-1~deb11u1_all.deb 3003a2c09bb8060e9587d2dc2be80ed7 7013 net optional tor_0.4.5.10-1~deb11u1_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8DPOGMaQHbqWZUKpt/b36/s0kbEFAmEjdwEACgkQt/b36/s0 kbEW5hAAhlmfvOm4h9tXPdPthBrVDEbyHJ9Q+RpEH+vmizDwrpF9VhZU4eaN5IVs A+c0xwtZa3YlcD6j/zpzuTDpk4WtSt64tdegLLNZHcrBgtmFe7e+lgVexaFhMTOF JRWQNXq+MAUwdsc32Hxc76bXjJ9w49fpqaIdWvfwf1Ka1An0BJrkR3L3b1kEayyL MSDixyDfwaI+svuwD+FU85PdJf7EOlyQeCYdxYpHt+freWqVAUxbc1OTUPNkJtR9 1q5V/XNXqWmUfUql+l1ZKXiGTaL29ENSxeRusUkc32wG7uyNMrz81TPG8zwalpJ3 A9LU8LBN/Eq/P2Dx0RejDqOtR5aqXOiKw+ehDLSus2VExXUqbMStL1EORvXBjxfG EYl5xUndXTYdL5bbzXB1M5y2turhjLiCmspi2Y2/7DUEFZ/z1+z5WJoLlXAUHyKe pPewB3/pMeAoC4YAN9NybcDrZDAhrgSbAqeR9uS88teQeT+aKDYzbSw/67V/X9hJ MfAxyYjC3tC4OBzogPP/W9qjIG2D9Cj9cFuZwIMxg4+KlmnWU9ibroAJ1WdLizKA icdbmYv3tI+9KIRc7Q+LOHJtYqTnKz2YOyrdU+Kw2pdcPvg3t/Vfd5HJQkdDoq9J RxBGQq5MNQhMyZhwo4sEBRiwy8klwEDFGwuqALByBzuJ0uaM3h8= =+58E -----END PGP SIGNATURE-----