-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 23 Aug 2021 11:29:16 +0200 Source: tor Binary: tor tor-dbgsym Architecture: mipsel Version: 0.4.5.10-1~deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: mipsel Build Daemon (mipsel-manda-05) Changed-By: Peter Palfrader Description: tor - anonymizing overlay network for TCP Changes: tor (0.4.5.10-1~deb11u1) bullseye-security; urgency=medium . * Upload fix for TROVE-2021-007/CVE-2021-38385 to bullseye: - Resolve an assertion failure caused by a behavior mismatch between our batch-signature verification code and our single-signature verification code. This assertion failure could be triggered remotely, leading to a denial of service attack. We fix this issue by disabling batch verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de Valence. Checksums-Sha1: 994d95a66723b5bd448384612614c97ac9af0fd9 4888028 tor-dbgsym_0.4.5.10-1~deb11u1_mipsel.deb 430fd9cd5b0b9e5b2162a29d219855eea085fa62 7092 tor_0.4.5.10-1~deb11u1_mipsel-buildd.buildinfo 2ef2e3370a8f4844c9d594c87ba520cbc191fc20 1969752 tor_0.4.5.10-1~deb11u1_mipsel.deb Checksums-Sha256: 13e01586ef6d94739a121ba9773679d215959fb4162657e9ede08ac03b7059a4 4888028 tor-dbgsym_0.4.5.10-1~deb11u1_mipsel.deb c706e30cb7387b8a54b2d804174067a83443422cc10ab90ab5eee67adb71c758 7092 tor_0.4.5.10-1~deb11u1_mipsel-buildd.buildinfo dc8d508d375c59015c841563c8f709e4db7f62a6573647ecc2a39c9a2ca4b8e7 1969752 tor_0.4.5.10-1~deb11u1_mipsel.deb Files: e83458a396226464af556a2872457af8 4888028 debug optional tor-dbgsym_0.4.5.10-1~deb11u1_mipsel.deb 6d4c3813ced5634087332ed9d799f789 7092 net optional tor_0.4.5.10-1~deb11u1_mipsel-buildd.buildinfo e220ba37a6cc3f61c1ea74ec3220da3b 1969752 net optional tor_0.4.5.10-1~deb11u1_mipsel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEQ5dTuB/7AkreZZfGPYe+ogkxLY8FAmEjf+0ACgkQPYe+ogkx LY/+YQ//Qb68bxT35at50MPB7BOhCwHpQy3UJRdPREwOxcZw4cOMhzSlLL7aFUDA U8P9MKVMWoQ9umQKtqNFRiBMNOIxEmcxUyfAz1h3hFBNci0SO0Buf6v4xjU7jGt8 UlpL9nV8lxjpMxJ36MseWkW3OcNBRg8KKQoHiFVhtUwGpNz0wLm4AYxycvmgX9T/ ZnraH/JoNGJcG9XZtfs/Hl8Rm/2p4hncrL9Vaonh5aF9UBnpGfhsS+mpYKVwri21 OkCQ6RbP6OhyqVyUTdH04elaEVamZJ6Pc+eH9BHU11nhBd02iLG7V4DAavRPQv7O HrjGpR3WjXBPOV/omr5WNPE9nOuIPhm8zDaoDYO/7LdNM8Ow3CwoI74xb1FM/Fxg rLT9gsyFQePoQWGbV2u7pfbcM3Ic8PWWArMzmAOwNMORQxzth0f8cYY40E3y0YpE Bpddszj9J92S3In8M+5UWO8UkGgqRY+x5Db/DJO1l4CUbRzxZaP4+IOFQzAJ6GMB 2LA+MyvxRy1BcWPInJhlCE4yoghEqOLaPwDA+6PcQFkZ2wWx6AtK97RXeGpXxmWW yxhlyA0vTYO8BmTkm8SLakVHQK1P0+G2rMFl2zbii35AlSVO8bRXM7TSM1uFRJkx 3UTunuC/kk4Ea/M5yYvmBMktpZcntqdKMJtbQhUC+kvIcV9yy1g= =DfuD -----END PGP SIGNATURE-----