-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 23 Aug 2021 11:44:12 CEST
Source: tor
Architecture: source
Version: 0.4.5.10-1~deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Peter Palfrader <weasel@debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Changes:
 tor (0.4.5.10-1~deb11u1) bullseye-security; urgency=medium
 .
   * Upload fix for TROVE-2021-007/CVE-2021-38385 to bullseye:
     - Resolve an assertion failure caused by a behavior mismatch between our
       batch-signature verification code and our single-signature verification
       code. This assertion failure could be triggered remotely, leading to a
       denial of service attack. We fix this issue by disabling batch
       verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
       also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
       Valence.
Checksums-Sha256: 
 95231d175beecfd897a973c984ce544849c12e062df2a81c9ae341478f21c473 2000 tor_0.4.5.10-1~deb11u1.dsc
 1c3cb7deb4bc6b0dda7d839b5de086b68551e9ead81e7a13ce68849d75f7a9f1 53294 tor_0.4.5.10-1~deb11u1.diff.gz
 8fe32222f8f2b4e65c6f50ac32eb4dfca59b8af71d0d16781f7ee5bec4c00743 7870323 tor_0.4.5.10.orig.tar.gz
Checksums-Sha1: 
 16dc1d2ec416c97acdda643f32eed4bc3b479b16 2000 tor_0.4.5.10-1~deb11u1.dsc
 f6d7ffe2fb8c35a1ffc9be6d1dbf1acbdee3d3db 53294 tor_0.4.5.10-1~deb11u1.diff.gz
 289f4d35b742d376fb7e6a3b3d5ab0e265da0771 7870323 tor_0.4.5.10.orig.tar.gz
Files: 
 ef8ec29d1fcbc14512bf714e8a9ff90a 2000 net optional tor_0.4.5.10-1~deb11u1.dsc
 95b680fc63c62454a8598f17fb622ecb 53294 net optional tor_0.4.5.10-1~deb11u1.diff.gz
 8b64b79f12f5debe3dc7efb5d75f8673 7870323 net optional tor_0.4.5.10.orig.tar.gz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEZI5W7zrm8w5X0SHVIw/UyqaI+y8FAmEjboUACgkQIw/UyqaI
+y8PRQgApJPW/dyPx1pI+DZc8k/IevvMtFTJ2HGoNmyb2tVJvgJ/ZD10UwjUCPmN
AF9+hlDeiwf5u4ycFEYvFdUm2EjmNls3gIHdusesW8mW686fSiZeUu8GTIuACeQ+
7DChMGOgrflrvrmUjbYTdHcJKBytAG4cD40FYE1M7ZJwmh9DR6l2XlFUZcYiXrAn
QTeuLQOyzMaL8qj/H6v2pipnwPZehwEJ+fXVzWZa0YQByoK0sxy2LcveQF5VB4tH
ga1ELXJkiH3Ar+3JrpE9TmhzWoDbl54MfLha8rekDHuLiGq646izMb/G4bOyMTpR
FGvnA15jTNxpoTBmDTkGaSXfeBLiMA==
=Hjts
-----END PGP SIGNATURE-----