1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted tor 0.4.5.10-1~deb11u1 (source) into proposed-updates->stable-

    From Debian FTP Masters@21:1/5 to All on Fri Aug 27 13:20:01 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Mon, 23 Aug 2021 11:44:12 CEST
    Source: tor
    Architecture: source
    Version: 0.4.5.10-1~deb11u1
    Distribution: bullseye-security
    Urgency: medium
    Maintainer: Peter Palfrader <weasel@debian.org>
    Changed-By: Peter Palfrader <weasel@debian.org>
    Changes:
    tor (0.4.5.10-1~deb11u1) bullseye-security; urgency=medium
    .
    * Upload fix for TROVE-2021-007/CVE-2021-38385 to bullseye:
    - Resolve an assertion failure caused by a behavior mismatch between our
    batch-signature verification code and our single-signature verification
    code. This assertion failure could be triggered remotely, leading to a
    denial of service attack. We fix this issue by disabling batch
    verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
    also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
    Valence.
    Checksums-Sha256:
    95231d175beecfd897a973c984ce544849c12e062df2a81c9ae341478f21c473 2000 tor_0.4.5.10-1~deb11u1.dsc
    1c3cb7deb4bc6b0dda7d839b5de086b68551e9ead81e7a13ce68849d75f7a9f1 53294 tor_0.4.5.10-1~deb11u1.diff.gz
    8fe32222f8f2b4e65c6f50ac32eb4dfca59b8af71d0d16781f7ee5bec4c00743 7870323 tor_0.4.5.10.orig.tar.gz
    Checksums-Sha1:
    16dc1d2ec416c97acdda643f32eed4bc3b479b16 2000 tor_0.4.5.10-1~deb11u1.dsc
    f6d7ffe2fb8c35a1ffc9be6d1dbf1acbdee3d3db 53294 tor_0.4.5.10-1~deb11u1.diff.gz
    289f4d35b742d376fb7e6a3b3d5ab0e265da0771 7870323 tor_0.4.5.10.orig.tar.gz Files:
    ef8ec29d1fcbc14512bf714e8a9ff90a 2000 net optional tor_0.4.5.10-1~deb11u1.dsc
    95b680fc63c62454a8598f17fb622ecb 53294 net optional tor_0.4.5.10-1~deb11u1.diff.gz
    8b64b79f12f5debe3dc7efb5d75f8673 7870323 net optional tor_0.4.5.10.orig.tar.gz

    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCAAdFiEEZI5W7zrm8w5X0SHVIw/UyqaI+y8FAmEjboUACgkQIw/UyqaI +y8PRQgApJPW/dyPx1pI+DZc8k/IevvMtFTJ2HGoNmyb2tVJvgJ/ZD10UwjUCPmN AF9+hlDeiwf5u4ycFEYvFdUm2EjmNls3gIHdusesW8mW686fSiZeUu8GTIuACeQ+ 7DChMGOgrflrvrmUjbYTdHcJKBytAG4cD40FYE1M7ZJwmh9DR6l2XlFUZcYiXrAn QTeuLQOyzMaL8qj/H6v2pipnwPZehwEJ+fXVzWZa0YQByoK0sxy2LcveQF5VB4tH ga1ELXJkiH3Ar+3JrpE9TmhzWoDbl54MfLha8rekDHuLiGq646izMb/G4bOyMTpR FGvnA15jTNxpoTBmDTkGaSXfeBLiMA==
    =Hjts
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)