Back to tor PTS page

Accepted tor 0.4.6.7-1 (source) into experimental

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 19 Aug 2021 20:28:49 +0200
Source: tor
Architecture: source
Version: 0.4.6.7-1
Distribution: experimental
Urgency: medium
Maintainer: Peter Palfrader <weasel@debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Changes:
 tor (0.4.6.7-1) experimental; urgency=medium
 .
   * New upstream version.
     - Resolve an assertion failure caused by a behavior mismatch between our
       batch-signature verification code and our single-signature verification
       code. This assertion failure could be triggered remotely, leading to a
       denial of service attack. We fix this issue by disabling batch
       verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
       also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
       Valence.
   * Raise debian/compat from 9 to 10.
Checksums-Sha1:
 4d54eb304e27f69e2d60c3433b6849dc9ebfcbd9 1953 tor_0.4.6.7-1.dsc
 2b1cc3796a3c9155c6b0b524bd6f77ed53bc138f 7790727 tor_0.4.6.7.orig.tar.gz
 8bc0e64b9cdd70f02f08a8e8cc4f85b66c1b7c31 53312 tor_0.4.6.7-1.diff.gz
Checksums-Sha256:
 d43cad12a8b869b7ae8419e8488858c7bc9f5d91522411d419d2a7011a8c4e66 1953 tor_0.4.6.7-1.dsc
 ff665ce121b2952110bd98b9c8741b5593bf6c01ac09033ad848ed92c2510f9a 7790727 tor_0.4.6.7.orig.tar.gz
 9e14244043e34f07583fac5d6d79334f4aa653d4506829ab1ee7415aa8d0f680 53312 tor_0.4.6.7-1.diff.gz
Files:
 cec5379d1d5849f8d8d42e43cc09fefa 1953 net optional tor_0.4.6.7-1.dsc
 ff80309cfaa0719b197fdaf83f9d5443 7790727 net optional tor_0.4.6.7.orig.tar.gz
 070ba909529a6f8a3dc05fa6d2a5dfac 53312 net optional tor_0.4.6.7-1.diff.gz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEZI5W7zrm8w5X0SHVIw/UyqaI+y8FAmEfe7YACgkQIw/UyqaI
+y/31ggAnnZo+PtVnN26/GYc7KqJmjJBHmyheizEOvMkSkuXkXa5RblubY/wxXGm
8gaO8B7aUQJYCzYO6IKBedTe3T8vHO1yqgG/of+79LY7dmrM76qPQuCVfh9YBDv4
2DyKSnA6jCN3LVqBV1n1RxvI1fwPV4Gg4hm67y2HajRTYMEDEciYLGbbPaOxoX1I
iggT2nnlNB4JJ89vMKVpFxOFjTqgihOM0WgewTOVezAe7vHO5SdOE+014aXTxXNY
O8qeohRqOyihEApmkiijnCzguQx59ifWlanmdQo0uPQcqWooVCCVC06bQpeVtPok
KMP/5hKTooL+/bLSz3AN5B88So492w==
=utQg
-----END PGP SIGNATURE-----