-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 23 Aug 2021 11:29:16 +0200
Source: tor
Binary: tor-geoipdb
Architecture: all
Version: 0.4.5.10-1~deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description:
 tor-geoipdb - GeoIP database for Tor
Changes:
 tor (0.4.5.10-1~deb11u1) bullseye-security; urgency=medium
 .
   * Upload fix for TROVE-2021-007/CVE-2021-38385 to bullseye:
     - Resolve an assertion failure caused by a behavior mismatch between our
       batch-signature verification code and our single-signature verification
       code. This assertion failure could be triggered remotely, leading to a
       denial of service attack. We fix this issue by disabling batch
       verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
       also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
       Valence.
Checksums-Sha1:
 ee298456186e8fec89582d348768ecc129aeb687 1401616 tor-geoipdb_0.4.5.10-1~deb11u1_all.deb
 822f6a8c09432476c4cc4ee1d2d78ae5a53c3960 7013 tor_0.4.5.10-1~deb11u1_all-buildd.buildinfo
Checksums-Sha256:
 df8be699b7db4d4f35ead310610d3a4708dcf905b803d67d8f13b5ac13d55633 1401616 tor-geoipdb_0.4.5.10-1~deb11u1_all.deb
 1eb449c4546072d8f960da0dd0dc60414951438db714b75e24afb34a6ba35e87 7013 tor_0.4.5.10-1~deb11u1_all-buildd.buildinfo
Files:
 b4c9702535c864d44d1d9cc442f85b84 1401616 net optional tor-geoipdb_0.4.5.10-1~deb11u1_all.deb
 3003a2c09bb8060e9587d2dc2be80ed7 7013 net optional tor_0.4.5.10-1~deb11u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE8DPOGMaQHbqWZUKpt/b36/s0kbEFAmEjdwEACgkQt/b36/s0
kbEW5hAAhlmfvOm4h9tXPdPthBrVDEbyHJ9Q+RpEH+vmizDwrpF9VhZU4eaN5IVs
A+c0xwtZa3YlcD6j/zpzuTDpk4WtSt64tdegLLNZHcrBgtmFe7e+lgVexaFhMTOF
JRWQNXq+MAUwdsc32Hxc76bXjJ9w49fpqaIdWvfwf1Ka1An0BJrkR3L3b1kEayyL
MSDixyDfwaI+svuwD+FU85PdJf7EOlyQeCYdxYpHt+freWqVAUxbc1OTUPNkJtR9
1q5V/XNXqWmUfUql+l1ZKXiGTaL29ENSxeRusUkc32wG7uyNMrz81TPG8zwalpJ3
A9LU8LBN/Eq/P2Dx0RejDqOtR5aqXOiKw+ehDLSus2VExXUqbMStL1EORvXBjxfG
EYl5xUndXTYdL5bbzXB1M5y2turhjLiCmspi2Y2/7DUEFZ/z1+z5WJoLlXAUHyKe
pPewB3/pMeAoC4YAN9NybcDrZDAhrgSbAqeR9uS88teQeT+aKDYzbSw/67V/X9hJ
MfAxyYjC3tC4OBzogPP/W9qjIG2D9Cj9cFuZwIMxg4+KlmnWU9ibroAJ1WdLizKA
icdbmYv3tI+9KIRc7Q+LOHJtYqTnKz2YOyrdU+Kw2pdcPvg3t/Vfd5HJQkdDoq9J
RxBGQq5MNQhMyZhwo4sEBRiwy8klwEDFGwuqALByBzuJ0uaM3h8=
=+58E
-----END PGP SIGNATURE-----