Accepted tor 0.2.3.23-rc-1 (source all amd64)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 20 Oct 2012 20:53:40 UTC
Source: tor
Binary: tor tor-dbg tor-geoipdb
Architecture: source all amd64
Version: 0.2.3.23-rc-1
Distribution: unstable
Urgency: low
Maintainer: Peter Palfrader <weasel@debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description:
tor - anonymizing overlay network for TCP
tor-dbg - debugging symbols for Tor
tor-geoipdb - GeoIP database for Tor
Checksums-Sha1:
176aa0ce0a5f1acb9bac772e84feb5e3b200677a 1683 tor_0.2.3.23-rc-1.dsc
63255a53e1bf25590b8699f4129a88ada29d1129 3186141 tor_0.2.3.23-rc.orig.tar.gz
48a61366e697253bb7ba0c31ccc0d7cdb4c3ec0b 34153 tor_0.2.3.23-rc-1.diff.gz
4c72dcef873a0ba667350088ba0f06f13625fd59 1449648 tor-geoipdb_0.2.3.23-rc-1_all.deb
d6afc3441fb5aae8aa4a3ab81acf63822c147682 1192932 tor_0.2.3.23-rc-1_amd64.deb
53d08ee0f892d91f1c43472bf66070eb77d93f94 94634 tor-dbg_0.2.3.23-rc-1_amd64.deb
Checksums-Sha256:
327939cc5bf297e3f2be0e6144afb25f7345c972e1adfe1de3a18f99da808701 1683 tor_0.2.3.23-rc-1.dsc
090e3b932b84629a2f5f0ef1a2801d9e9e4c50cf288321d9b861a6cd8037a198 3186141 tor_0.2.3.23-rc.orig.tar.gz
ccff62457151587285c7f3964924f80f36814ae25e1a1c851b4cd4ee2caad912 34153 tor_0.2.3.23-rc-1.diff.gz
0cf0b94f5e8bf9f38f70dfe395dde18e642efed89c6d4aecc8dc0a4a68812e54 1449648 tor-geoipdb_0.2.3.23-rc-1_all.deb
595e5725c3d742525cc23e6230a8e001003a196567331e373f60421112d960d9 1192932 tor_0.2.3.23-rc-1_amd64.deb
a6bc1e7316c9530a35860673eed40fff6d8c89b04abdcf2606f1bc7fb3169fca 94634 tor-dbg_0.2.3.23-rc-1_amd64.deb
Changes:
tor (0.2.3.23-rc-1) unstable; urgency=low
.
* New upstream version:
o Major bugfixes (security/privacy):
- Disable TLS session tickets. OpenSSL's implementation was giving
our TLS session keys the lifetime of our TLS context objects, when
perfect forward secrecy would want us to discard anything that
could decrypt a link connection as soon as the link connection
was closed. Fixes bug 7139; bugfix on all versions of Tor linked
against OpenSSL 1.0.0 or later. Found by Florent Daignière.
- Discard extraneous renegotiation attempts once the V3 link
protocol has been initiated. Failure to do so left us open to
a remotely triggerable assertion failure. Fixes CVE-2012-2249;
bugfix on 0.2.3.6-alpha. Reported by "some guy from France".
- Fix a possible crash bug when checking for deactivated circuits
in connection_or_flush_from_first_active_circuit(). Fixes bug 6341;
bugfix on 0.2.2.7-alpha. Bug report and fix received pseudonymously.
For other fixes please see the upstream changelog.
Files:
5fd6d113eb99b40d3913f74ec921e1cc 1683 net optional tor_0.2.3.23-rc-1.dsc
b44cc1753c16fd9bdf3684da79c2bdb3 3186141 net optional tor_0.2.3.23-rc.orig.tar.gz
5b55fe3a1821a1967c73f15b0dcbdb08 34153 net optional tor_0.2.3.23-rc-1.diff.gz
9e2734721a4234ada5c4575c1c901b1e 1449648 net extra tor-geoipdb_0.2.3.23-rc-1_all.deb
b1c3a34147d5eb3bb89624d3d459da1d 1192932 net optional tor_0.2.3.23-rc-1_amd64.deb
8155c05ad6a756f154269cbdb36ef7ef 94634 debug extra tor-dbg_0.2.3.23-rc-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBCAAGBQJQg6oYAAoJEDTSCgbh3sV3T4oIAIYUj9EiXYJGfc9E77v7686g
Yx58IfApA6JgP2bsGC235TsSV21WMFD8bc6K1XoXt7E7TpTnd3adAvSzp2oFC837
7ONoxpLycXDWRtihifanU99WDgEqNbBNaru2gLA06x0I9JAICApuRquH5yR7eRaz
vHISXCmaIQ1ZMFJAk3dljl/lWe5TRl8WhLnKuycccg/jYg7HpNPSDy+5hll9w3Xa
90p1D4BIpNtWkYvBoPEiRrK9EM8Mb2qekcY4ieRMpfsE221ZCHC2d9y2yEDMSDQ4
q01XEIv3OtdPFM/tu5WGbyGGGwnY0cW94WgG0c8Xe+B9bPo/mFTpg0U/S39AJvE=
=kvRh
-----END PGP SIGNATURE-----