-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 22 Oct 2012 10:07:46 UTC Source: tor Binary: tor tor-dbg tor-geoipdb Architecture: source all amd64 Version: 0.2.4.4-alpha-1 Distribution: experimental Urgency: low Maintainer: Peter Palfrader <weasel@debian.org> Changed-By: Peter Palfrader <weasel@debian.org> Description: tor - anonymizing overlay network for TCP tor-dbg - debugging symbols for Tor tor-geoipdb - GeoIP database for Tor Checksums-Sha1: 43f4bbf53b981a7b55b2a3889d98b9cac78cf2aa 1697 tor_0.2.4.4-alpha-1.dsc e98061d5b5f14feefb7084f20251bba12bc4a223 3191458 tor_0.2.4.4-alpha.orig.tar.gz 0b3a25538700b95c231a3670c7f57d0f344c90f1 34091 tor_0.2.4.4-alpha-1.diff.gz 6aed741497088ddeb33edc5698587e4a61bcf00b 1455096 tor-geoipdb_0.2.4.4-alpha-1_all.deb a64e41355db08425684c701b4042d38a29f5987f 1259494 tor_0.2.4.4-alpha-1_amd64.deb 0bf1dcb2c2e12ca6d4e72ef2196fd545678f79d2 102236 tor-dbg_0.2.4.4-alpha-1_amd64.deb Checksums-Sha256: d1282e6bc1705772d06777594d32c369d8d0d0ca13f68890f97e9d16fbb7c967 1697 tor_0.2.4.4-alpha-1.dsc b992ee7f3eb536364548cbb95f9e84e17d0fc6ecae32db9e90dff9f2047fb0c8 3191458 tor_0.2.4.4-alpha.orig.tar.gz d995fc98d5b610586b2f0eb10e78b7e71b26ae0625e21bb7e27414266f444e5a 34091 tor_0.2.4.4-alpha-1.diff.gz ecbedf18a82773e94265b03fb99b69cd655abdd9e2fdb8168575775160b53c62 1455096 tor-geoipdb_0.2.4.4-alpha-1_all.deb 5b4fd291c5f85fad2864b64621b8acf8459a24eafce36068f2d5066b684cc735 1259494 tor_0.2.4.4-alpha-1_amd64.deb cda7a5156f648291743f93aa50f1082184630ec6a7269234de9dd3987d76c3ad 102236 tor-dbg_0.2.4.4-alpha-1_amd64.deb Changes: tor (0.2.4.4-alpha-1) experimental; urgency=low . * New upstream version. o Major bugfixes (security/privacy, also in 0.2.3.23-rc): - Disable TLS session tickets. OpenSSL's implementation was giving our TLS session keys the lifetime of our TLS context objects, when perfect forward secrecy would want us to discard anything that could decrypt a link connection as soon as the link connection was closed. Fixes bug 7139; bugfix on all versions of Tor linked against OpenSSL 1.0.0 or later. Found by Florent Daignière. - Discard extraneous renegotiation attempts once the V3 link protocol has been initiated. Failure to do so left us open to a remotely triggerable assertion failure. Fixes CVE-2012-2249; bugfix on 0.2.3.6-alpha. Reported by "some guy from France". o And more. For details please see the upstream changelog. * Add debian/source.lintian-overrides for rc-version-greater-than-expected-version, similar to what we have for the binary packages. Files: 446b790f3b7bf4eb9ba7011bbcd14e22 1697 net optional tor_0.2.4.4-alpha-1.dsc 730df0fbe5a61b305275cf1286131d55 3191458 net optional tor_0.2.4.4-alpha.orig.tar.gz 28167aa1b01a069f774b8a74ae77635c 34091 net optional tor_0.2.4.4-alpha-1.diff.gz 11cc3eb6425164a3920ed17022bd8d25 1455096 net extra tor-geoipdb_0.2.4.4-alpha-1_all.deb ab091170964bbfe3652289e1d80e1fc8 1259494 net optional tor_0.2.4.4-alpha-1_amd64.deb 0da981052bd01698df566f2fa0d3cd3c 102236 debug extra tor-dbg_0.2.4.4-alpha-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBCAAGBQJQhXIMAAoJEDTSCgbh3sV39RsIAI0lLUVg/fVAjV6XZyj1MPOI RcDTm+KLLsjXMxNi1WXiai43Z6BvGhYETWfRycwNComlcyBjfThcNiTqImhueyge wbhU9wQ7/Czm9ZKGWVl31bkBHrhewP1dW/71GBU3X48jP9Rd9MRaLAPnukwgIGpW qaBtCH0Z0X/OnvsyY4/6DNLc2FQnIuFPzt1tOE+o81hy4H4Ht2SolhYKvRp1pJ02 QzueZ35NTQBH+Cd6n4TL7eV9OhsmA9aVFoqrUcTpwcsVNQ4HpmRqWMd5CnaDOABI TVfytRKFk6vy0+hYDSWwOqCumAOwejie1tIPsaQQQg3fMa7bFH1VeV5TJjgJUI0= =E/yt -----END PGP SIGNATURE-----