Back to tor PTS page

Accepted tor 0.4.5.10-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted tor 0.4.5.10-1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 17 Aug 2021 20:38:38 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1mG5r4-000F7N-P2@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 17 Aug 2021 19:34:05 +0200
Source: tor
Architecture: source
Version: 0.4.5.10-1
Distribution: unstable
Urgency: medium
Maintainer: Peter Palfrader <weasel@debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Changes:
 tor (0.4.5.10-1) unstable; urgency=medium
 .
   * New upstream version.
     - Resolve an assertion failure caused by a behavior mismatch between our
       batch-signature verification code and our single-signature verification
       code. This assertion failure could be triggered remotely, leading to a
       denial of service attack. We fix this issue by disabling batch
       verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
       also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
       Valence.
Checksums-Sha1:
 d790c2a68e59d62ad9ec50c3713be8a8c8664b4e 1968 tor_0.4.5.10-1.dsc
 289f4d35b742d376fb7e6a3b3d5ab0e265da0771 7870323 tor_0.4.5.10.orig.tar.gz
 79ea0328c5957f71890d50af85d974c77d2a190c 53233 tor_0.4.5.10-1.diff.gz
Checksums-Sha256:
 fec1383efcf5d14cf6e2517d4c28fdd600cfc73883a314f76bcddf5ab0adad3e 1968 tor_0.4.5.10-1.dsc
 8fe32222f8f2b4e65c6f50ac32eb4dfca59b8af71d0d16781f7ee5bec4c00743 7870323 tor_0.4.5.10.orig.tar.gz
 ecdc1825f28c8e8556a93102723a1ce8008ef47ff3202987ce1006fead7d92a8 53233 tor_0.4.5.10-1.diff.gz
Files:
 f544f79bf55911d6c0630baad134fde0 1968 net optional tor_0.4.5.10-1.dsc
 8b64b79f12f5debe3dc7efb5d75f8673 7870323 net optional tor_0.4.5.10.orig.tar.gz
 5e081e4d07afdef0737c80954003a7bd 53233 net optional tor_0.4.5.10-1.diff.gz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEZI5W7zrm8w5X0SHVIw/UyqaI+y8FAmEcE5gACgkQIw/UyqaI
+y+uDAf/eNaubLNtZehn8wWoI8N9FW6roLiVMEw9LVAyTFn0z0kunNDi/yIDGmxQ
9qQeApycdp1vvXyk1aPshGb9QFqjNkqu/zrPBPjJyKBbTQW21n1kVzPJ5SqGMspu
w0z1vzIR7gXzsMqutTov2YzWrZs19KYV8ASbFvz+zy332YsLMERhEoig5zHRnBWp
c6ytJYtlz2TzwJyYhEcqsmcUq+JljlQmTP6DvBtIGigvlmJG8W53rN0ZbHU80ceh
hXFQe1i3rXtxLIWKNzEOdnRWWMz+sv1j1a5vJF35HPJVWSc3hA/VyHKOH6N/RZaK
rb/Dr5vI7Bglqk5ywT8Krw0CSgYvNA==
=60AO
-----END PGP SIGNATURE-----