Accepted tor 0.2.4.4-alpha-1 (source all amd64)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 22 Oct 2012 10:07:46 UTC
Source: tor
Binary: tor tor-dbg tor-geoipdb
Architecture: source all amd64
Version: 0.2.4.4-alpha-1
Distribution: experimental
Urgency: low
Maintainer: Peter Palfrader <weasel@debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description:
tor - anonymizing overlay network for TCP
tor-dbg - debugging symbols for Tor
tor-geoipdb - GeoIP database for Tor
Checksums-Sha1:
43f4bbf53b981a7b55b2a3889d98b9cac78cf2aa 1697 tor_0.2.4.4-alpha-1.dsc
e98061d5b5f14feefb7084f20251bba12bc4a223 3191458 tor_0.2.4.4-alpha.orig.tar.gz
0b3a25538700b95c231a3670c7f57d0f344c90f1 34091 tor_0.2.4.4-alpha-1.diff.gz
6aed741497088ddeb33edc5698587e4a61bcf00b 1455096 tor-geoipdb_0.2.4.4-alpha-1_all.deb
a64e41355db08425684c701b4042d38a29f5987f 1259494 tor_0.2.4.4-alpha-1_amd64.deb
0bf1dcb2c2e12ca6d4e72ef2196fd545678f79d2 102236 tor-dbg_0.2.4.4-alpha-1_amd64.deb
Checksums-Sha256:
d1282e6bc1705772d06777594d32c369d8d0d0ca13f68890f97e9d16fbb7c967 1697 tor_0.2.4.4-alpha-1.dsc
b992ee7f3eb536364548cbb95f9e84e17d0fc6ecae32db9e90dff9f2047fb0c8 3191458 tor_0.2.4.4-alpha.orig.tar.gz
d995fc98d5b610586b2f0eb10e78b7e71b26ae0625e21bb7e27414266f444e5a 34091 tor_0.2.4.4-alpha-1.diff.gz
ecbedf18a82773e94265b03fb99b69cd655abdd9e2fdb8168575775160b53c62 1455096 tor-geoipdb_0.2.4.4-alpha-1_all.deb
5b4fd291c5f85fad2864b64621b8acf8459a24eafce36068f2d5066b684cc735 1259494 tor_0.2.4.4-alpha-1_amd64.deb
cda7a5156f648291743f93aa50f1082184630ec6a7269234de9dd3987d76c3ad 102236 tor-dbg_0.2.4.4-alpha-1_amd64.deb
Changes:
tor (0.2.4.4-alpha-1) experimental; urgency=low
.
* New upstream version.
o Major bugfixes (security/privacy, also in 0.2.3.23-rc):
- Disable TLS session tickets. OpenSSL's implementation was giving
our TLS session keys the lifetime of our TLS context objects, when
perfect forward secrecy would want us to discard anything that
could decrypt a link connection as soon as the link connection
was closed. Fixes bug 7139; bugfix on all versions of Tor linked
against OpenSSL 1.0.0 or later. Found by Florent Daignière.
- Discard extraneous renegotiation attempts once the V3 link
protocol has been initiated. Failure to do so left us open to
a remotely triggerable assertion failure. Fixes CVE-2012-2249;
bugfix on 0.2.3.6-alpha. Reported by "some guy from France".
o And more. For details please see the upstream changelog.
* Add debian/source.lintian-overrides for
rc-version-greater-than-expected-version, similar to what we have for
the binary packages.
Files:
446b790f3b7bf4eb9ba7011bbcd14e22 1697 net optional tor_0.2.4.4-alpha-1.dsc
730df0fbe5a61b305275cf1286131d55 3191458 net optional tor_0.2.4.4-alpha.orig.tar.gz
28167aa1b01a069f774b8a74ae77635c 34091 net optional tor_0.2.4.4-alpha-1.diff.gz
11cc3eb6425164a3920ed17022bd8d25 1455096 net extra tor-geoipdb_0.2.4.4-alpha-1_all.deb
ab091170964bbfe3652289e1d80e1fc8 1259494 net optional tor_0.2.4.4-alpha-1_amd64.deb
0da981052bd01698df566f2fa0d3cd3c 102236 debug extra tor-dbg_0.2.4.4-alpha-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBCAAGBQJQhXIMAAoJEDTSCgbh3sV39RsIAI0lLUVg/fVAjV6XZyj1MPOI
RcDTm+KLLsjXMxNi1WXiai43Z6BvGhYETWfRycwNComlcyBjfThcNiTqImhueyge
wbhU9wQ7/Czm9ZKGWVl31bkBHrhewP1dW/71GBU3X48jP9Rd9MRaLAPnukwgIGpW
qaBtCH0Z0X/OnvsyY4/6DNLc2FQnIuFPzt1tOE+o81hy4H4Ht2SolhYKvRp1pJ02
QzueZ35NTQBH+Cd6n4TL7eV9OhsmA9aVFoqrUcTpwcsVNQ4HpmRqWMd5CnaDOABI
TVfytRKFk6vy0+hYDSWwOqCumAOwejie1tIPsaQQQg3fMa7bFH1VeV5TJjgJUI0=
=E/yt
-----END PGP SIGNATURE-----