Back to tor PTS page

Accepted tor 0.3.5.8-1 (source) into unstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 21 Feb 2019 21:28:32 +0100
Source: tor
Binary: tor tor-geoipdb
Architecture: source
Version: 0.3.5.8-1
Distribution: unstable
Urgency: medium
Maintainer: Peter Palfrader <weasel@debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description:
 tor        - anonymizing overlay network for TCP
 tor-geoipdb - GeoIP database for Tor
Closes: 918898
Changes:
 tor (0.3.5.8-1) unstable; urgency=medium
 .
   * Replace all references to /var/run with /run (closes: #918898).
   * New upstream version.
     - Includes a fix for a medium-severity security bug:
       Make KIST consider the outbuf length when computing what it can
       put in the outbuf. Previously, KIST acted as though the outbuf
       were empty, which could lead to the outbuf becoming too full. It
       is possible that an attacker could exploit this bug to cause a Tor
       client or relay to run out of memory and crash. Fixes bug 29168;
       bugfix on 0.3.2.1-alpha. This issue is also being tracked as
       TROVE-2019-001 and CVE-2019-8955.
Checksums-Sha1:
 22dfb74cfe8ee94670c4feb688f33e40d1fc8639 1961 tor_0.3.5.8-1.dsc
 43ce6638a54190b58b62537e1c0892f95552d407 6994335 tor_0.3.5.8.orig.tar.gz
 d8c87723d2226ddb0b76fe865a68d0f5e1742269 51167 tor_0.3.5.8-1.diff.gz
Checksums-Sha256:
 3a974c911ce89f35d58041fc24cf60b9b4aae8ba2b67cf36c996ed3797b2b2d9 1961 tor_0.3.5.8-1.dsc
 d5c56603942a8927670f50a4a469fb909e29d3571fdd013389d567e57abc0b47 6994335 tor_0.3.5.8.orig.tar.gz
 b4cfe2383c61fab9df917b9e9b8bd0a07a525eccd1fbd289d25d35c04ecb0586 51167 tor_0.3.5.8-1.diff.gz
Files:
 7cfb72e91243afb98f117798b23e305e 1961 net optional tor_0.3.5.8-1.dsc
 e4b0feca80cc221ab235c9544851b146 6994335 net optional tor_0.3.5.8.orig.tar.gz
 b65ad828cb47d770899a0c6544d06440 51167 net optional tor_0.3.5.8-1.diff.gz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEs4PXhajJL968BgN2hgLIIDhyMx8FAlxvso0ACgkQhgLIIDhy
Mx9l/wgAgYqnBeVWvupYG9pQPX9fDzRHPlRXN5vnhlKJ/cnSmxLHGpFuVG0SwiQV
uHl+Y+OUghX83wncVA2oOmlmf4KvoAFWeExUPwevFMtwF/pMNIzgizV0ptL4obpp
CqSF5/OIKB3qFShNw8Wq2PZP9hN0snW9cIWQRN89OwvSnyA4NlpUN6P9aBJiBIbf
FgjbJUekpmlYtW5cDA6knyaIMrSUsQ2gj5YYKcvQTcdNcS/bNku5VKaMZqZnDqoR
9Wau7oJkpc6AFz3LmSt69HHd2gsEZvpVZE2SjGV4+Xtb3AL5COvurkUbBqCmxuae
ybcIfbI8xI4vSmmHTe7JeoFtK8wQxQ==
=zv7F
-----END PGP SIGNATURE-----