-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 23 Aug 2021 11:29:16 +0200
Source: tor
Binary: tor tor-dbgsym
Architecture: s390x
Version: 0.4.5.10-1~deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: s390x Build Daemon (zani) <buildd_s390x-zani@buildd.debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description:
 tor        - anonymizing overlay network for TCP
Changes:
 tor (0.4.5.10-1~deb11u1) bullseye-security; urgency=medium
 .
   * Upload fix for TROVE-2021-007/CVE-2021-38385 to bullseye:
     - Resolve an assertion failure caused by a behavior mismatch between our
       batch-signature verification code and our single-signature verification
       code. This assertion failure could be triggered remotely, leading to a
       denial of service attack. We fix this issue by disabling batch
       verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
       also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
       Valence.
Checksums-Sha1:
 9ec8eb99d73d91e7537db045c1c18557ee130f72 5398372 tor-dbgsym_0.4.5.10-1~deb11u1_s390x.deb
 fd9d7001a9a91469124d4c44d422c8c88c8973bc 7193 tor_0.4.5.10-1~deb11u1_s390x-buildd.buildinfo
 fe751f9b40ce55fe38f321792a23a8f1c9c2a2bb 1886464 tor_0.4.5.10-1~deb11u1_s390x.deb
Checksums-Sha256:
 5c9671e3be5e07c8802383bad27d3d31fcbc6544720bcb48f9a5f570fcd13a97 5398372 tor-dbgsym_0.4.5.10-1~deb11u1_s390x.deb
 542e38f7f6fbaeb0b664ed59f9c8fc298bc1a5bf35ddfc1f3cbe899942cbd774 7193 tor_0.4.5.10-1~deb11u1_s390x-buildd.buildinfo
 45ec7e057b044c802979d03935a7a5c3bdc9552ad29d90731e1ec9216a91032a 1886464 tor_0.4.5.10-1~deb11u1_s390x.deb
Files:
 816994d780e477f9154331d76c45b474 5398372 debug optional tor-dbgsym_0.4.5.10-1~deb11u1_s390x.deb
 8fe68b11a7293df5b9d666e17ae5cb28 7193 net optional tor_0.4.5.10-1~deb11u1_s390x-buildd.buildinfo
 130e6d6c7187254120a841e34ad8b9cd 1886464 net optional tor_0.4.5.10-1~deb11u1_s390x.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEojOFpcHXAua7nE2yC6cttUtB7SYFAmEjeVsACgkQC6cttUtB
7SYAJA//dT0w00jnT5Y6HDH3EM0taS0AOPnypmEYQXqL+OvbmKyI83QlbzgmQX2i
5GBDfaV+5lgvWjwiYiQifK59OvhmGJwHkxTcXvb15rUllfYUjemHt4K70KwSPX0X
jj7xZwbQMCHgeXZmrml4pn1KoCSasrQ/CmI9c0STlLWl6Y2bW42L5kJ2SNlOdwXI
PfP8hkv5J7mmp6DkFg+02CwPhmiufk2rOnFH6+5kxYjSCmRhxb+TtLLLcQyMkO0i
dWAfZn1Ao6u7Ry/ieRM7UReb0K5Y0f45B7SNJvib8QNvQZ7Z1JoA9/UE6eLX829i
Jk5sK/KK1U9McOfpB8bEC9ymh2xCFIQ4Wf8PnIHWnsmIqFwjPdnvJni/JsY1adzW
6ckW8DzqtTcTRncZPksw/+hDuCmmAbY/zC9qSf17HZ7/9Ga37ALxefJZvcKG+tAS
RuuKfR0vQMSwV7g71fbGbiX0qpnxcs0FI8rOlDBchDTiQUUauHUAEGsJUa/gA8cD
GnvJhU1N6A3gMNW5s30nlAdZ77EaD6fTjItXXoZ2WA+s0BTT+K5eJEFbY1M/1pbU
iuKXB2lPchqOMhfoNJuIEOJ7icF55+whudh8gp4vI4hxytOr7LxTxMpgGazDZn8o
TaaqoM46ZPMKwdrsacigQ6KxlKWuFIOWhs/9pQtRlsAnMXd9Rsk=
=gzQZ
-----END PGP SIGNATURE-----