-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 17 Aug 2021 19:34:05 +0200 Source: tor Architecture: source Version: 0.4.5.10-1 Distribution: unstable Urgency: medium Maintainer: Peter Palfrader <weasel@debian.org> Changed-By: Peter Palfrader <weasel@debian.org> Changes: tor (0.4.5.10-1) unstable; urgency=medium . * New upstream version. - Resolve an assertion failure caused by a behavior mismatch between our batch-signature verification code and our single-signature verification code. This assertion failure could be triggered remotely, leading to a denial of service attack. We fix this issue by disabling batch verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de Valence. Checksums-Sha1: d790c2a68e59d62ad9ec50c3713be8a8c8664b4e 1968 tor_0.4.5.10-1.dsc 289f4d35b742d376fb7e6a3b3d5ab0e265da0771 7870323 tor_0.4.5.10.orig.tar.gz 79ea0328c5957f71890d50af85d974c77d2a190c 53233 tor_0.4.5.10-1.diff.gz Checksums-Sha256: fec1383efcf5d14cf6e2517d4c28fdd600cfc73883a314f76bcddf5ab0adad3e 1968 tor_0.4.5.10-1.dsc 8fe32222f8f2b4e65c6f50ac32eb4dfca59b8af71d0d16781f7ee5bec4c00743 7870323 tor_0.4.5.10.orig.tar.gz ecdc1825f28c8e8556a93102723a1ce8008ef47ff3202987ce1006fead7d92a8 53233 tor_0.4.5.10-1.diff.gz Files: f544f79bf55911d6c0630baad134fde0 1968 net optional tor_0.4.5.10-1.dsc 8b64b79f12f5debe3dc7efb5d75f8673 7870323 net optional tor_0.4.5.10.orig.tar.gz 5e081e4d07afdef0737c80954003a7bd 53233 net optional tor_0.4.5.10-1.diff.gz -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEZI5W7zrm8w5X0SHVIw/UyqaI+y8FAmEcE5gACgkQIw/UyqaI +y+uDAf/eNaubLNtZehn8wWoI8N9FW6roLiVMEw9LVAyTFn0z0kunNDi/yIDGmxQ 9qQeApycdp1vvXyk1aPshGb9QFqjNkqu/zrPBPjJyKBbTQW21n1kVzPJ5SqGMspu w0z1vzIR7gXzsMqutTov2YzWrZs19KYV8ASbFvz+zy332YsLMERhEoig5zHRnBWp c6ytJYtlz2TzwJyYhEcqsmcUq+JljlQmTP6DvBtIGigvlmJG8W53rN0ZbHU80ceh hXFQe1i3rXtxLIWKNzEOdnRWWMz+sv1j1a5vJF35HPJVWSc3hA/VyHKOH6N/RZaK rb/Dr5vI7Bglqk5ywT8Krw0CSgYvNA== =60AO -----END PGP SIGNATURE-----