-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 23 Aug 2021 11:29:16 +0200
Source: tor
Binary: tor tor-dbgsym
Architecture: mipsel
Version: 0.4.5.10-1~deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: mipsel Build Daemon (mipsel-manda-05) <buildd_mips64el-mipsel-manda-05@buildd.debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description:
 tor        - anonymizing overlay network for TCP
Changes:
 tor (0.4.5.10-1~deb11u1) bullseye-security; urgency=medium
 .
   * Upload fix for TROVE-2021-007/CVE-2021-38385 to bullseye:
     - Resolve an assertion failure caused by a behavior mismatch between our
       batch-signature verification code and our single-signature verification
       code. This assertion failure could be triggered remotely, leading to a
       denial of service attack. We fix this issue by disabling batch
       verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
       also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
       Valence.
Checksums-Sha1:
 994d95a66723b5bd448384612614c97ac9af0fd9 4888028 tor-dbgsym_0.4.5.10-1~deb11u1_mipsel.deb
 430fd9cd5b0b9e5b2162a29d219855eea085fa62 7092 tor_0.4.5.10-1~deb11u1_mipsel-buildd.buildinfo
 2ef2e3370a8f4844c9d594c87ba520cbc191fc20 1969752 tor_0.4.5.10-1~deb11u1_mipsel.deb
Checksums-Sha256:
 13e01586ef6d94739a121ba9773679d215959fb4162657e9ede08ac03b7059a4 4888028 tor-dbgsym_0.4.5.10-1~deb11u1_mipsel.deb
 c706e30cb7387b8a54b2d804174067a83443422cc10ab90ab5eee67adb71c758 7092 tor_0.4.5.10-1~deb11u1_mipsel-buildd.buildinfo
 dc8d508d375c59015c841563c8f709e4db7f62a6573647ecc2a39c9a2ca4b8e7 1969752 tor_0.4.5.10-1~deb11u1_mipsel.deb
Files:
 e83458a396226464af556a2872457af8 4888028 debug optional tor-dbgsym_0.4.5.10-1~deb11u1_mipsel.deb
 6d4c3813ced5634087332ed9d799f789 7092 net optional tor_0.4.5.10-1~deb11u1_mipsel-buildd.buildinfo
 e220ba37a6cc3f61c1ea74ec3220da3b 1969752 net optional tor_0.4.5.10-1~deb11u1_mipsel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEQ5dTuB/7AkreZZfGPYe+ogkxLY8FAmEjf+0ACgkQPYe+ogkx
LY/+YQ//Qb68bxT35at50MPB7BOhCwHpQy3UJRdPREwOxcZw4cOMhzSlLL7aFUDA
U8P9MKVMWoQ9umQKtqNFRiBMNOIxEmcxUyfAz1h3hFBNci0SO0Buf6v4xjU7jGt8
UlpL9nV8lxjpMxJ36MseWkW3OcNBRg8KKQoHiFVhtUwGpNz0wLm4AYxycvmgX9T/
ZnraH/JoNGJcG9XZtfs/Hl8Rm/2p4hncrL9Vaonh5aF9UBnpGfhsS+mpYKVwri21
OkCQ6RbP6OhyqVyUTdH04elaEVamZJ6Pc+eH9BHU11nhBd02iLG7V4DAavRPQv7O
HrjGpR3WjXBPOV/omr5WNPE9nOuIPhm8zDaoDYO/7LdNM8Ow3CwoI74xb1FM/Fxg
rLT9gsyFQePoQWGbV2u7pfbcM3Ic8PWWArMzmAOwNMORQxzth0f8cYY40E3y0YpE
Bpddszj9J92S3In8M+5UWO8UkGgqRY+x5Db/DJO1l4CUbRzxZaP4+IOFQzAJ6GMB
2LA+MyvxRy1BcWPInJhlCE4yoghEqOLaPwDA+6PcQFkZ2wWx6AtK97RXeGpXxmWW
yxhlyA0vTYO8BmTkm8SLakVHQK1P0+G2rMFl2zbii35AlSVO8bRXM7TSM1uFRJkx
3UTunuC/kk4Ea/M5yYvmBMktpZcntqdKMJtbQhUC+kvIcV9yy1g=
=DfuD
-----END PGP SIGNATURE-----