-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 18 Dec 2010 13:35:26 +0100 Source: tor Binary: tor tor-dbg tor-geoipdb Architecture: all amd64 i386 source Version: 0.2.2.20-alpha-1 Distribution: experimental Urgency: high Maintainer: Peter Palfrader <weasel@debian.org> Changed-By: Peter Palfrader <weasel@debian.org> Description: tor - anonymizing overlay network for TCP tor-dbg - debugging symbols for Tor tor-geoipdb - geoIP database for Tor Changes: tor (0.2.2.20-alpha-1) experimental; urgency=high . * New upstream version. - Fix a remotely exploitable bug that could be used to crash instances of Tor remotely by overflowing on the heap. Remote-code execution hasn't been confirmed, but can't be ruled out (CVE-2010-1676). * Since the dawn of time (0.0.2pre19-1, January 2004, initial release of the debian package), the postinst script has changed ownership and permissions of various trees like /var/lib/tor, /var/run/tor, and /var/log/tor, sometimes recursively. . It turns out this actually is a security issue, so try to be more conservative when fixing up modes and only chown/chgrp /var/{lib,log,run}/tor directly, never recursively. * Remove /var/run/tor, recursively, on purge. We already do this for /var/lib/tor and /var/log/tor. Checksums-Sha1: 11eb8f1ff8f250ac46b382736028ac51ebda49a5 1117106 tor-geoipdb_0.2.2.20-alpha-1_all.deb 14d00b889b114a36d397744ac892a27d705da1c0 29775 tor_0.2.2.20-alpha-1.diff.gz 19c43e65778393e7df4c3646c3750ecbcd8837fb 1487 tor_0.2.2.20-alpha-1.dsc 34597c6f4b5d9e9b3009282d483c2eaebe99691a 1081358 tor-dbg_0.2.2.20-alpha-1_i386.deb 7c5149bc61e4f72173c0883f7e8187c1d5fe0e2f 1102068 tor-dbg_0.2.2.20-alpha-1_amd64.deb 9ab592879225a3c3e43d0d9911b0eabba428cbe7 1090254 tor_0.2.2.20-alpha-1_amd64.deb a3825ab47b21b877f80387608d5f7773cb0d234d 2589173 tor_0.2.2.20-alpha.orig.tar.gz cf2c8f2f6ff072080a9df5bcbcc8a654fdeb54ea 1005352 tor_0.2.2.20-alpha-1_i386.deb Checksums-Sha256: 3397f5d957398a7b52bc37316ceef58e9ee902c0c43063faaf0779faac0df08e 1102068 tor-dbg_0.2.2.20-alpha-1_amd64.deb 59d0dbc31644c5b32d3a79289763b8251d3351fab0d83c9e9532d1059f20b4b6 1005352 tor_0.2.2.20-alpha-1_i386.deb 91abdb8cfe996535ca1aa1329067568d1761936bf78cd3e3260bc1601e616a82 29775 tor_0.2.2.20-alpha-1.diff.gz a6305a6ce0f81d4242cfe1fefd52ef014a61cd5bb1c389afa75c24c23cd61edf 1090254 tor_0.2.2.20-alpha-1_amd64.deb b447706235074ced2a1349ee0480c7581fe0cdede5ed3d638a445bea00d94090 1487 tor_0.2.2.20-alpha-1.dsc d9bb2a637d35633f6a1d4ae1c22e0cc1280b65f82ac2cf9ab023aabd42bd3f67 1081358 tor-dbg_0.2.2.20-alpha-1_i386.deb e78c045c8d6e7bac68a0e6c2ff9831a461e6fe71b3b2cd5a41362d9555468eec 2589173 tor_0.2.2.20-alpha.orig.tar.gz ebed96dc9534132cbf260ba58aebb971b047ca85f1ec1e290e7630c749135632 1117106 tor-geoipdb_0.2.2.20-alpha-1_all.deb Files: 14f79785ab81d297e1f903735b191949 1090254 net optional tor_0.2.2.20-alpha-1_amd64.deb 17eb06865341dae2f4519f1afdcadb2f 1487 net optional tor_0.2.2.20-alpha-1.dsc 519d011baf50253844133a9eee28f067 1102068 debug extra tor-dbg_0.2.2.20-alpha-1_amd64.deb cf42e0ddcca305ee85ec88453cba189e 1117106 net extra tor-geoipdb_0.2.2.20-alpha-1_all.deb d67427a325783022ff37443f57354e17 29775 net optional tor_0.2.2.20-alpha-1.diff.gz e4ce760732c235922067f5378ea0fa11 1081358 debug extra tor-dbg_0.2.2.20-alpha-1_i386.deb e6c994419df864e2e89abfcf832d5961 2589173 net optional tor_0.2.2.20-alpha.orig.tar.gz f852378ad5dfab575f2b4673678334cf 1005352 net optional tor_0.2.2.20-alpha-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJNDzCcAAoJEDTSCgbh3sV36zoH/iIRLKr7i+VBkyC+Xg4yRnpc 8aFV38mebdc0ZH8yiu4Cd1ghe1hamaI9RhdRvlBLLEecbaaKVQVjJuJK0bWC72Ki jbWEkkCONgFF4KCw8EHt6pN2ZMTXJbxMTyLPCEkw3Qg4t+aqIWFa3r5H8OnlZwPr WK1qV5e1KdjFBNW7E+KuBJprVk3UTDNHWIFJBcHM+nB8xpOVoj4Gu+2EXs6q1AUp uKrJco4S6SLq/giP/G5PJXKSaadnCe/Hpny23Df8WTkmbX12U3yM4+X04NlCwdu5 AEJTnyYS5rCHAq79VkBBMQeofaM1lKmWuiniKutvBdsuHfoYiBtEiFSNAXNGAOw= =sOHH -----END PGP SIGNATURE----- Accepted: tor-dbg_0.2.2.20-alpha-1_amd64.deb to main/t/tor/tor-dbg_0.2.2.20-alpha-1_amd64.deb tor-dbg_0.2.2.20-alpha-1_i386.deb to main/t/tor/tor-dbg_0.2.2.20-alpha-1_i386.deb tor-geoipdb_0.2.2.20-alpha-1_all.deb to main/t/tor/tor-geoipdb_0.2.2.20-alpha-1_all.deb tor_0.2.2.20-alpha-1.diff.gz to main/t/tor/tor_0.2.2.20-alpha-1.diff.gz tor_0.2.2.20-alpha-1.dsc to main/t/tor/tor_0.2.2.20-alpha-1.dsc tor_0.2.2.20-alpha-1_amd64.deb to main/t/tor/tor_0.2.2.20-alpha-1_amd64.deb tor_0.2.2.20-alpha-1_i386.deb to main/t/tor/tor_0.2.2.20-alpha-1_i386.deb tor_0.2.2.20-alpha.orig.tar.gz to main/t/tor/tor_0.2.2.20-alpha.orig.tar.gz