-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 23 Aug 2021 11:29:16 +0200
Source: tor
Binary: tor tor-dbgsym
Architecture: armel
Version: 0.4.5.10-1~deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: armel Build Daemon (hasse) <buildd_armhf-hasse@buildd.debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description:
 tor        - anonymizing overlay network for TCP
Changes:
 tor (0.4.5.10-1~deb11u1) bullseye-security; urgency=medium
 .
   * Upload fix for TROVE-2021-007/CVE-2021-38385 to bullseye:
     - Resolve an assertion failure caused by a behavior mismatch between our
       batch-signature verification code and our single-signature verification
       code. This assertion failure could be triggered remotely, leading to a
       denial of service attack. We fix this issue by disabling batch
       verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
       also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
       Valence.
Checksums-Sha1:
 6903986c7b226df7cee4fa3d4291e6575889f8dc 5020212 tor-dbgsym_0.4.5.10-1~deb11u1_armel.deb
 0c570cc418493ec152dfce9bf0b6d541c8cb4b96 7134 tor_0.4.5.10-1~deb11u1_armel-buildd.buildinfo
 2e04996392ceb2a823d9988881f726a3da8ee62b 1915320 tor_0.4.5.10-1~deb11u1_armel.deb
Checksums-Sha256:
 3f046586370ed7f862fdcca9f75b54ae7f8afb89b7b00c56850d973b50f3f0fd 5020212 tor-dbgsym_0.4.5.10-1~deb11u1_armel.deb
 7ddafddc2302e128c815e997cbd4e3dbbdc0011d2093f056f2a0d6e012db5ac0 7134 tor_0.4.5.10-1~deb11u1_armel-buildd.buildinfo
 a09543c01c0cc8edcc101c7ba67743bfb628520c3f84f64b05d510bd16c5434d 1915320 tor_0.4.5.10-1~deb11u1_armel.deb
Files:
 9f9ef50b945b32b2e814b22e1cf1d062 5020212 debug optional tor-dbgsym_0.4.5.10-1~deb11u1_armel.deb
 d9a62ccb396458c00c3661c09a83ff8e 7134 net optional tor_0.4.5.10-1~deb11u1_armel-buildd.buildinfo
 0e2147c7ea9446429842488d98cb5c05 1915320 net optional tor_0.4.5.10-1~deb11u1_armel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUIkhcOYqmlkAgWW58uIzZMfb6yEFAmEjfxIACgkQ8uIzZMfb
6yFInQ//Ubl2DrzDzQXLOmNrUjvETxCoqNS7MtO8th7EI4VeE27XHEhP2qriNJXR
s8LXK8OucSBgWzcRm9Evxc4iZ7pr/MVU6Et+9c6+icfPsj3aUFOTo8OYCdEhBEVc
htDdeFdr5TG5lY9HjSZNPQ+IxV1xdFIxnyMmbMgvpxntgRJefKpQby5dtWn/Q2uX
mhoVB903cQEcqF2G+FatKxLNbJA2tt6wPm45rBwsA+d8EsLAK+Nf6Qr5px39GNGg
F/sJu0dx9yZ+iPfl1PatIMUcI4YT5zmRhIHcMm2wQ2WE1vscT2m/vatDYYhHHJdw
npSxP/nYDKD6zpNY2sKqWPu58dtALfLaunniD7sxwjlLiW4lCMqUDzdUs5VbeDyR
vrHJYfRvulpKeq+KJmcCUk3IBiZr7REH0xdi18QU39cF/QYtAqcZMcj2yJpN6ye1
16S7yHqhajEI46Z0qA2KC5/6ijGeCM4vCcoNWteZY9nGp98KD3uE+wk1AIa0+XEh
cnUcKlgZNSdQoYM2qnhGqLlzirhbvE2laFQEhQEwZ3wtFEqIGYF2OqbwsLaiAatj
o4S0tXo8wpVrGeaFRfNRAwZjyzVd4xUidcDLg2dvrHbmuKZnsbGGKw9tUrtoH3mW
QEl/NyOtit3KspoVhNqoRcnba924Tuv/9ikoEEKFWlvKcrOumuA=
=uJXh
-----END PGP SIGNATURE-----