-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 23 Aug 2021 11:29:16 +0200
Source: tor
Binary: tor tor-dbgsym
Architecture: ppc64el
Version: 0.4.5.10-1~deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) <buildd_ppc64el-ppc64el-osuosl-01@buildd.debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description:
 tor        - anonymizing overlay network for TCP
Changes:
 tor (0.4.5.10-1~deb11u1) bullseye-security; urgency=medium
 .
   * Upload fix for TROVE-2021-007/CVE-2021-38385 to bullseye:
     - Resolve an assertion failure caused by a behavior mismatch between our
       batch-signature verification code and our single-signature verification
       code. This assertion failure could be triggered remotely, leading to a
       denial of service attack. We fix this issue by disabling batch
       verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
       also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
       Valence.
Checksums-Sha1:
 8bd3170e372441519b9e07bff87edcaffd4af4f2 5365248 tor-dbgsym_0.4.5.10-1~deb11u1_ppc64el.deb
 1673dd877ebe10d5e91a7c798282b62c2a40658d 7275 tor_0.4.5.10-1~deb11u1_ppc64el-buildd.buildinfo
 b828944c242200159139e653de9aa3489ef7d153 2080576 tor_0.4.5.10-1~deb11u1_ppc64el.deb
Checksums-Sha256:
 0347e98202bd773a828f48b870671f4b1830c08705c883ea871f9454bc721aeb 5365248 tor-dbgsym_0.4.5.10-1~deb11u1_ppc64el.deb
 758fd8514f0c6b38e2dfad002f08673dea57d23d214a88fe79865ef8378b6760 7275 tor_0.4.5.10-1~deb11u1_ppc64el-buildd.buildinfo
 3c4493d3a15691bfb86006f334272d4a15c1a71ab205be186b5b08ff332eeaef 2080576 tor_0.4.5.10-1~deb11u1_ppc64el.deb
Files:
 fec34e0083c053a3bda2cd45a7835e6f 5365248 debug optional tor-dbgsym_0.4.5.10-1~deb11u1_ppc64el.deb
 3f8942a6cf22d7e78caff66e5614dc63 7275 net optional tor_0.4.5.10-1~deb11u1_ppc64el-buildd.buildinfo
 516840eee2902ec97fcad05a9ac96fcf 2080576 net optional tor_0.4.5.10-1~deb11u1_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEzxcBZLbWYROS8SGLQ0vh8H8HxvwFAmEjd3sACgkQQ0vh8H8H
xvy8fw//YB1vGUucJLjhcXrCruRRWR7zrNxDpWVL9/h5DLIOAkCP5uUaCjwPQVX9
N/sLzG1dgiLtQg3nmL7tFu8G6xgfUImEPZs8PbjbibvoFG6o99UyDnKo8VP6H6da
2uuo4UWxgH356L9ZynYCzBf4huIUwRMlUljrg0xsFscgsKlRj/7+U9wrR6DiMAwQ
E0NUMDItQ7r8s+dk/y6A9Iu38nXXkhRTJ4kYeTsUBEtkcDq5GFRZdzsBmfVTcPfD
zbMsD/uw+7gYEfL3Z08xsg5KhDqozMXqcH9iC71q8IDrBsH/UEcYOOHN7Wxt5sk2
i7m8QTR1+uuev/5pgdUGKjaPeB5nr/bh7xmPmSeP8Luf1H4OHamBJ/HsvxfP8VFk
kbaC7iqYh+NPN/r9TLulCo9Ys2La5dm74P0D330tg4d1gQ7uKd30eWbbJTCWOVf4
CnxY/F5oBfdM9VF9AI/hDsVSvgVdjHDbj6x9dVTZPrjFpBgPP2vFrqL8ANtCWJ5x
uBWyhiKoHehJLrX0ruBV8/zxW672jFIoLys0wnO8nNItVZhKac83jxiClbLxgbK/
VyuIkHKVoWPgWW7YIV/fa80tBT4jJYI/DvdLPGhYgt+TTfnbW+aPbJspIURGEyWi
17lBWT3DC5ibNJstYkTYa9NLjTa7PgohHoaJFWVfQHOSjGm8nbI=
=u0p1
-----END PGP SIGNATURE-----