-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 23 Aug 2021 11:29:16 +0200
Source: tor
Binary: tor tor-dbgsym
Architecture: i386
Version: 0.4.5.10-1~deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) <buildd_amd64-x86-ubc-02@buildd.debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description:
 tor        - anonymizing overlay network for TCP
Changes:
 tor (0.4.5.10-1~deb11u1) bullseye-security; urgency=medium
 .
   * Upload fix for TROVE-2021-007/CVE-2021-38385 to bullseye:
     - Resolve an assertion failure caused by a behavior mismatch between our
       batch-signature verification code and our single-signature verification
       code. This assertion failure could be triggered remotely, leading to a
       denial of service attack. We fix this issue by disabling batch
       verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
       also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
       Valence.
Checksums-Sha1:
 3488b33638cf79099efb5703f50cbd47b14c1404 4492804 tor-dbgsym_0.4.5.10-1~deb11u1_i386.deb
 82b0fdc248cd837fe1aa1650bd807c17616fe854 7225 tor_0.4.5.10-1~deb11u1_i386-buildd.buildinfo
 f8669d155b7411627454d10b75d62a5dde959a80 2092052 tor_0.4.5.10-1~deb11u1_i386.deb
Checksums-Sha256:
 4e7553615c4f30cc1d7d2bf290b7dd87d8d3eeabebc4fd209ad284ed571ed0c8 4492804 tor-dbgsym_0.4.5.10-1~deb11u1_i386.deb
 fd79a25cb8de5df2ebb36e49940341e58a45d051dabffab330d32df7d486ac36 7225 tor_0.4.5.10-1~deb11u1_i386-buildd.buildinfo
 e36fc768539b4b095d6b55566bbea2de4aa46242e06836e5b8bb046323fd9438 2092052 tor_0.4.5.10-1~deb11u1_i386.deb
Files:
 ddbe60149aa60e786e1959352d602af2 4492804 debug optional tor-dbgsym_0.4.5.10-1~deb11u1_i386.deb
 b557472cd3b62e896f41351363c5eb09 7225 net optional tor_0.4.5.10-1~deb11u1_i386-buildd.buildinfo
 e383a108db932629854ae913dcbd62ae 2092052 net optional tor_0.4.5.10-1~deb11u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEN7duNU9NP062TWmbN0rYXSImzT0FAmEjeBYACgkQN0rYXSIm
zT1zlQ/9E3tAVddWTcjUk6bS9a8EmbxFQ3H9588m/Cz8w3uOQhkiiWsy3JIe9KQw
A3qSWu0wjZSr715jSKsGgwPQbVaHgOtcxX7zQ8SdiHGoWEuwuZlXESsrGrQQfDFm
eU7AmqKFdqXhk7P0B+AgtTPwg+l7gdkFXgiNrpqrXLAP9vu48o2heuXeUbp8FcA9
yjOVk6MLTKiPxjMQ5AyWCWB3xQZZkmkwuqilh+ZU6PMevbS+yTJfXv+nop1MXy7j
lMUcSHdXCETlfweVYMl07uSD4zQlG1vTg1IGyp/1UH+VVrkYSzcmJgp7V03CkwKB
3N0btCNvAvuGEK3xHi5IJWYPN6A7ruJJ5LsBeU+7Y+nWSWPkxQDEd0e5VlT11urW
D37r8PMzMaBGEsw5kliGJM8vmwRDCTFwzJhDWTZnNGOTNil1KCqMbVb3A/8j2ncE
FJTpALZ3Y15UZT0Qc/OjxrJW2pVGa+sbTdXwEOxntTn5J9i5cibv5vbP76W75ARI
vWkfWjdZPwwBTg5UBb77AaY/LO3Wzxb/+K9f9gaxqIAfzSliTHuZl4pqMNYU/+et
fXGhqs9/Mw0Ks7hjs3mVMoIVrrcOhrPkE7l8KNLFP651zgMChe/aqnMqBXrVGaMZ
aq/jET05LRjG9Hj7UXcoYJYII9cf43I8Ii6hPNdG2tYeedryvVk=
=RT7C
-----END PGP SIGNATURE-----