Accepted tor 0.4.6.7-1 (source) into experimental
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 19 Aug 2021 20:28:49 +0200
Source: tor
Architecture: source
Version: 0.4.6.7-1
Distribution: experimental
Urgency: medium
Maintainer: Peter Palfrader <weasel@debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Changes:
tor (0.4.6.7-1) experimental; urgency=medium
.
* New upstream version.
- Resolve an assertion failure caused by a behavior mismatch between our
batch-signature verification code and our single-signature verification
code. This assertion failure could be triggered remotely, leading to a
denial of service attack. We fix this issue by disabling batch
verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
Valence.
* Raise debian/compat from 9 to 10.
Checksums-Sha1:
4d54eb304e27f69e2d60c3433b6849dc9ebfcbd9 1953 tor_0.4.6.7-1.dsc
2b1cc3796a3c9155c6b0b524bd6f77ed53bc138f 7790727 tor_0.4.6.7.orig.tar.gz
8bc0e64b9cdd70f02f08a8e8cc4f85b66c1b7c31 53312 tor_0.4.6.7-1.diff.gz
Checksums-Sha256:
d43cad12a8b869b7ae8419e8488858c7bc9f5d91522411d419d2a7011a8c4e66 1953 tor_0.4.6.7-1.dsc
ff665ce121b2952110bd98b9c8741b5593bf6c01ac09033ad848ed92c2510f9a 7790727 tor_0.4.6.7.orig.tar.gz
9e14244043e34f07583fac5d6d79334f4aa653d4506829ab1ee7415aa8d0f680 53312 tor_0.4.6.7-1.diff.gz
Files:
cec5379d1d5849f8d8d42e43cc09fefa 1953 net optional tor_0.4.6.7-1.dsc
ff80309cfaa0719b197fdaf83f9d5443 7790727 net optional tor_0.4.6.7.orig.tar.gz
070ba909529a6f8a3dc05fa6d2a5dfac 53312 net optional tor_0.4.6.7-1.diff.gz
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEZI5W7zrm8w5X0SHVIw/UyqaI+y8FAmEfe7YACgkQIw/UyqaI
+y/31ggAnnZo+PtVnN26/GYc7KqJmjJBHmyheizEOvMkSkuXkXa5RblubY/wxXGm
8gaO8B7aUQJYCzYO6IKBedTe3T8vHO1yqgG/of+79LY7dmrM76qPQuCVfh9YBDv4
2DyKSnA6jCN3LVqBV1n1RxvI1fwPV4Gg4hm67y2HajRTYMEDEciYLGbbPaOxoX1I
iggT2nnlNB4JJ89vMKVpFxOFjTqgihOM0WgewTOVezAe7vHO5SdOE+014aXTxXNY
O8qeohRqOyihEApmkiijnCzguQx59ifWlanmdQo0uPQcqWooVCCVC06bQpeVtPok
KMP/5hKTooL+/bLSz3AN5B88So492w==
=utQg
-----END PGP SIGNATURE-----