-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 23 Aug 2021 11:29:16 +0200
Source: tor
Binary: tor tor-dbgsym
Architecture: armhf
Version: 0.4.5.10-1~deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: arm Build Daemon (arm-arm-04) <buildd_arm64-arm-arm-04@buildd.debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description:
 tor        - anonymizing overlay network for TCP
Changes:
 tor (0.4.5.10-1~deb11u1) bullseye-security; urgency=medium
 .
   * Upload fix for TROVE-2021-007/CVE-2021-38385 to bullseye:
     - Resolve an assertion failure caused by a behavior mismatch between our
       batch-signature verification code and our single-signature verification
       code. This assertion failure could be triggered remotely, leading to a
       denial of service attack. We fix this issue by disabling batch
       verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
       also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
       Valence.
Checksums-Sha1:
 6a24302960f2e776a822d559a5c38b3dcd83e756 5074188 tor-dbgsym_0.4.5.10-1~deb11u1_armhf.deb
 4a1e07113bf9f8192f7036687631070ce8f08147 7136 tor_0.4.5.10-1~deb11u1_armhf-buildd.buildinfo
 2c50fe6d45944da62564fc11cacaf74f3a4f34df 1951132 tor_0.4.5.10-1~deb11u1_armhf.deb
Checksums-Sha256:
 2e43ad581a95c88177b680384f9928353edf5529961bdabec2056e62f89bc3d5 5074188 tor-dbgsym_0.4.5.10-1~deb11u1_armhf.deb
 dadd8b12f9303c82b0589334ee00a57b6afc303d9f73190c5b82b2fbcf95ea69 7136 tor_0.4.5.10-1~deb11u1_armhf-buildd.buildinfo
 d8af5bbaaafa52d88b324072c08aed23e79d1d642a63bcb8ca4911f7543d0b23 1951132 tor_0.4.5.10-1~deb11u1_armhf.deb
Files:
 2dd684b785f7de059505b997c1db5a58 5074188 debug optional tor-dbgsym_0.4.5.10-1~deb11u1_armhf.deb
 2702ac79ebdf67e83ba720185b499e91 7136 net optional tor_0.4.5.10-1~deb11u1_armhf-buildd.buildinfo
 b2eb1f151038cdf05698e65ca80c2a18 1951132 net optional tor_0.4.5.10-1~deb11u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEGFZGCBbRr4pxWlfP0mfhJswyuHsFAmEjeAcACgkQ0mfhJswy
uHszAg/+NWL/0dId3AyiSfkovDiNJwF77h2To3OkbmwheihOBbBIV3VCS+gb12ej
SxAFJXf+0FZsCYrZW/IVjrl81vAAjT4kAGu4cxyapZd8eOD7tl+DSUAotdJspeHD
vxHXcr6/A+BXbR+EXNwDcq51IR+yYS1uxz10lvPi69A3sifEp6itSpcViOH7dLht
/lsyAM3mesQlcEE7+b45ZwEfBi0G9UvqZz2WJrFr70wlI5t14h/u8V8MoeBsV29d
CVT+qhWozp3k6q3Bd2uBPQxrrinh0qosgbLSn63MkGoOl+AXmkDNX7JkNjAOWp03
ioSIobUPadWrCcn0XK3LQFAhlHg7E2oNXjOZteKOhS+//Qix9z04Mh1+fR7Wfvd+
m2i42LJoOoPd7+49R9I6ZgPE6GwuW68wqtvjugqiak29U2oHtObwyMNSXHlt/rHg
speWm1R+ifS7g6QD6gzoOnQxRhZv4DDtWE9kaA8H5UARcFQZq4lq8ncp/isqbced
DYksABi0p0WjlTgH3F+NnjQ22wNYuy7fboJunqUTSuQAWG1uD6gfDfFbBhamRzW9
LLn3FBkbhK+MCoRxU3OP+EtAL8Tc8wiqRqY24EC6CBumOCLTlpIJ8p92GMEOXUY7
R3eehMgAWdGHdgI588PWrTWERuyYqTmlELoqTMfAOCOaOjJO4Os=
=IXLl
-----END PGP SIGNATURE-----