-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 19 Aug 2021 20:28:49 +0200 Source: tor Architecture: source Version: 0.4.6.7-1 Distribution: experimental Urgency: medium Maintainer: Peter Palfrader <weasel@debian.org> Changed-By: Peter Palfrader <weasel@debian.org> Changes: tor (0.4.6.7-1) experimental; urgency=medium . * New upstream version. - Resolve an assertion failure caused by a behavior mismatch between our batch-signature verification code and our single-signature verification code. This assertion failure could be triggered remotely, leading to a denial of service attack. We fix this issue by disabling batch verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de Valence. * Raise debian/compat from 9 to 10. Checksums-Sha1: 4d54eb304e27f69e2d60c3433b6849dc9ebfcbd9 1953 tor_0.4.6.7-1.dsc 2b1cc3796a3c9155c6b0b524bd6f77ed53bc138f 7790727 tor_0.4.6.7.orig.tar.gz 8bc0e64b9cdd70f02f08a8e8cc4f85b66c1b7c31 53312 tor_0.4.6.7-1.diff.gz Checksums-Sha256: d43cad12a8b869b7ae8419e8488858c7bc9f5d91522411d419d2a7011a8c4e66 1953 tor_0.4.6.7-1.dsc ff665ce121b2952110bd98b9c8741b5593bf6c01ac09033ad848ed92c2510f9a 7790727 tor_0.4.6.7.orig.tar.gz 9e14244043e34f07583fac5d6d79334f4aa653d4506829ab1ee7415aa8d0f680 53312 tor_0.4.6.7-1.diff.gz Files: cec5379d1d5849f8d8d42e43cc09fefa 1953 net optional tor_0.4.6.7-1.dsc ff80309cfaa0719b197fdaf83f9d5443 7790727 net optional tor_0.4.6.7.orig.tar.gz 070ba909529a6f8a3dc05fa6d2a5dfac 53312 net optional tor_0.4.6.7-1.diff.gz -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEZI5W7zrm8w5X0SHVIw/UyqaI+y8FAmEfe7YACgkQIw/UyqaI +y/31ggAnnZo+PtVnN26/GYc7KqJmjJBHmyheizEOvMkSkuXkXa5RblubY/wxXGm 8gaO8B7aUQJYCzYO6IKBedTe3T8vHO1yqgG/of+79LY7dmrM76qPQuCVfh9YBDv4 2DyKSnA6jCN3LVqBV1n1RxvI1fwPV4Gg4hm67y2HajRTYMEDEciYLGbbPaOxoX1I iggT2nnlNB4JJ89vMKVpFxOFjTqgihOM0WgewTOVezAe7vHO5SdOE+014aXTxXNY O8qeohRqOyihEApmkiijnCzguQx59ifWlanmdQo0uPQcqWooVCCVC06bQpeVtPok KMP/5hKTooL+/bLSz3AN5B88So492w== =utQg -----END PGP SIGNATURE-----