-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 23 Aug 2021 11:29:16 +0200
Source: tor
Binary: tor tor-dbgsym
Architecture: mips64el
Version: 0.4.5.10-1~deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: mipsel Build Daemon (mipsel-manda-05) <buildd_mips64el-mipsel-manda-05@buildd.debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description:
 tor        - anonymizing overlay network for TCP
Changes:
 tor (0.4.5.10-1~deb11u1) bullseye-security; urgency=medium
 .
   * Upload fix for TROVE-2021-007/CVE-2021-38385 to bullseye:
     - Resolve an assertion failure caused by a behavior mismatch between our
       batch-signature verification code and our single-signature verification
       code. This assertion failure could be triggered remotely, leading to a
       denial of service attack. We fix this issue by disabling batch
       verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
       also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
       Valence.
Checksums-Sha1:
 83a3eb1ea647a6dfb91272b782512750f257c657 5356100 tor-dbgsym_0.4.5.10-1~deb11u1_mips64el.deb
 53c28485f59ae388ac6d7d021e8678c6af3296e1 7115 tor_0.4.5.10-1~deb11u1_mips64el-buildd.buildinfo
 90eee27bde70e99440a7985e808e1db3d97316b2 1946216 tor_0.4.5.10-1~deb11u1_mips64el.deb
Checksums-Sha256:
 63f64c41d49ec4cafebd176fe7defde05bb39eb847edf3ccc97ff81a9750d7f2 5356100 tor-dbgsym_0.4.5.10-1~deb11u1_mips64el.deb
 4d1ae46495ed6fde0517f9d5e09d4634fe313344e22d8f02edd592b4ecadd306 7115 tor_0.4.5.10-1~deb11u1_mips64el-buildd.buildinfo
 657f54fb9dfbe2b827840abdbbd1901ea9404dfaec677216c6aab058fb974775 1946216 tor_0.4.5.10-1~deb11u1_mips64el.deb
Files:
 50fc82f4273b56974c4cc368ee22c59b 5356100 debug optional tor-dbgsym_0.4.5.10-1~deb11u1_mips64el.deb
 a1fba8d440bac330c6cf9ef82b523eca 7115 net optional tor_0.4.5.10-1~deb11u1_mips64el-buildd.buildinfo
 9770de1b546ad92003b0d6b4c988c629 1946216 net optional tor_0.4.5.10-1~deb11u1_mips64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEQ5dTuB/7AkreZZfGPYe+ogkxLY8FAmEjiqgACgkQPYe+ogkx
LY+ELg/9EA2F84zoTwDC9j3yRiuFAtEpIH4YpwHKdNPQ8vPx3DD7kZTUXPwSUJZ+
/47rPtf1pOauiiqadqP9Wu3+KKX4QK+9NtKXdlDwoAsNXbXkNrlx7E/ZSHkaEVwV
DWb7gUowrr5hG4IWorRZV24mSAiKWT134l1zH8vsh0+db7jPKDRkB51wamG7BmBt
BLkq+2lQiOVbtZeoWghPXnvCgvHZ3k85o2w9oN/YLMDDRRTyuA8DO864lP0N9m6d
w3rDkIHN3Fkr0qb+iinQRKiIKhUAMKYvL4GuDqwPmdSzDQNAyvy79F8QYtBx0lSw
wPafuiU4fnAfS7NPMhIGQWR9rpV/ZvYxUUVNbExfOyoKGVEBed04E6+3k6O2CEii
idRmD4uM36+1UwTZBsB2I10pGrhH8B/xMaM6T6HjqPyUSiIG0htETvw34bEzqA8o
qAH8IeHb+8FFUQxQHt98Z239qixc1g8PJZuydgVfLuXQ1H9GKQnCDxpuLU/p2OFn
THULI31ae67Djqdyx4eMpz1YAE+a5XxFJzUb8eqrkgqh+/yEOf18tHYoDRPv0920
RIkflcXI78VnVXFTBAjdEC0cMLm20miZftK9ztahGGU5NLuXGHbBbpTuPELOjL56
FGAZEkIr15pMumxsWlrhhusTawFU7oiylPAPS9Qy6jW8ggJisMU=
=NCCf
-----END PGP SIGNATURE-----