Debian Package Tracker

Date: Thu, 12 Jul 2012 22:49:54 +0000
From: Peter Palfrader <weasel@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted tor 0.2.2.37-1~squeeze+1 (source all amd64)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 12 Jul 2012 20:56:56 UTC
Source: tor
Binary: tor tor-dbg tor-geoipdb
Architecture: source all amd64
Version: 0.2.2.37-1~squeeze+1
Distribution: stable
Urgency: medium
Maintainer: Peter Palfrader <weasel@debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description: 
 tor        - anonymizing overlay network for TCP
 tor-dbg    - debugging symbols for Tor
 tor-geoipdb - geoIP database for Tor
Checksums-Sha1: 
 db7b57587cad1fbb52098793db3afa72edf99492 1592 tor_0.2.2.37-1~squeeze+1.dsc
 3ac353e813426a27a86accdea76a6efd1b02d404 2925598 tor_0.2.2.37.orig.tar.gz
 d0a703cf252e87ceb5577d3ebc9bc7db86cb3dbd 32770 tor_0.2.2.37-1~squeeze+1.diff.gz
 5768b7c45aac4d3412bb4a1b8a6e8c0d44e1bdd3 1413044 tor-geoipdb_0.2.2.37-1~squeeze+1_all.deb
 f120e10f90e1156e2f9d8061098219191789c16a 1058276 tor_0.2.2.37-1~squeeze+1_amd64.deb
 5ed529b4d49e2b53a621da19ca3a65cdfd7aa7f0 1139504 tor-dbg_0.2.2.37-1~squeeze+1_amd64.deb
Checksums-Sha256: 
 92ac16b498c6ff962d33d0947df6bcdafb9613adc7cf4192a685c7905113cf63 1592 tor_0.2.2.37-1~squeeze+1.dsc
 ae2c1fb52babd9e92264ac7c4486d3e941be6deb91b8a590965848fbbcbd9e88 2925598 tor_0.2.2.37.orig.tar.gz
 28cd3d637cfe0dbd9b3c95ab1d463ae324e7553d5368257ecb21c33339302b2d 32770 tor_0.2.2.37-1~squeeze+1.diff.gz
 43f44a6a1fcfe7fc4e76f3de795c75c2af1b2748f1f176499eecaefbb7b011dd 1413044 tor-geoipdb_0.2.2.37-1~squeeze+1_all.deb
 cdfff82d9a4b62b8e549547df8c03b394aec53c46127a86c91fde2ab5548e835 1058276 tor_0.2.2.37-1~squeeze+1_amd64.deb
 ca0940ad1540804014972bd6adbf0d7fdca88e3f2eab00f74b5fc5caf92c99d4 1139504 tor-dbg_0.2.2.37-1~squeeze+1_amd64.deb
Changes: 
 tor (0.2.2.37-1~squeeze+1) stable; urgency=low
 .
   * Update tor in stable to 0.2.2.37 as per discussion in #679224:
     - This version fixes a couple of minor security issues, like no longer
       leaking uninitialized memory, properly rejecting inputs where the number
       exceeds valid values for its storage types, or not adding more bytes to
       input buffers while renegotiating.
     - Furthermore, a few issues are resolved that might affect a user's
       anonymity.  These include things such as only building circuits when a
       client knows a sufficient number of "exit" nodes, never using a bridge
       as an exit, or reusing circuits in an unsafe manner.
     - Additionaly it updates the list of directory authorities, makes building
       with newer and older openssl libraries safer (probably not important for
       us) and makes building on a few other platforms more robust.
     - For details please consult the upstream changelog entries.
 .
 tor (0.2.2.37-1) unstable; urgency=medium
 .
   * New upstream version, including:
     - Work around a bug in OpenSSL that broke renegotiation with TLS
       1.1 and TLS 1.2. Without this workaround, all attempts to speak
       the v2 Tor connection protocol when both sides were using OpenSSL
       1.0.1 would fail. Resolves ticket 6033.
     - When waiting for a client to renegotiate, don't allow it to add
       any bytes to the input buffer. This fixes a potential DoS issue.
       Fixes bugs 5934 and 6007; bugfix on 0.2.0.20-rc.
     - and more.  See upstream's changelog.
 .
 tor (0.2.2.36-1) unstable; urgency=low
 .
   * New upstream version, including updates to authority addresses, and
     a couple minor security issues, see upstream's changelog.
Files: 
 efd30be1c91e4c88897770d11c327072 1592 net optional tor_0.2.2.37-1~squeeze+1.dsc
 5aafdca4fb6af6e12b503d32b03f14a7 2925598 net optional tor_0.2.2.37.orig.tar.gz
 acde24a1b1dc0ffa7914f84d29211f07 32770 net optional tor_0.2.2.37-1~squeeze+1.diff.gz
 0bb926f3d427d0e72f36ec37a35e80f3 1413044 net extra tor-geoipdb_0.2.2.37-1~squeeze+1_all.deb
 70469c323daa7ade78bf93263cd66a7a 1058276 net optional tor_0.2.2.37-1~squeeze+1_amd64.deb
 f3c6a002667b300ecc57183440201447 1139504 debug extra tor-dbg_0.2.2.37-1~squeeze+1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJP/zrHAAoJEDTSCgbh3sV3dQ8H/1DJ4l64Ko6Mr4g/cjwAQbg7
1OIPUoELAFUiRBiGpOol+g5cgPB1fIl1sosOaSmOdA+79cAxN1XyNxBPS9J0L+Em
+2t+DX8jEUGwyyqJABP32a0HKjUo/gfwHRzErr9PopEMqUnsSveEYECHEO3Xp6Ec
QM5+Ww287wsDT6QFO83viylS8HKGWgpcOUlELQ1RzzGuyxVAt+xesMzHt7X69CfE
sDtXe3ZpQUQBt6yw6r/FgNO+9nhUaXz7s+Yo4+93AtLUJ9vqk9LeQiZsPoaoGrge
i7c52NCuuclJ4yBmp/gU/BqlDnwYmkC6l2FUJlWHX7Kyxbz2zx4nmteoDofRFFw=
=/Hhh
-----END PGP SIGNATURE-----
News for package tor
