Bug#512728: marked as done ([SA33635] Tor Unspecified Memory Corruption Vulnerability)

Fri, 23 Jan 2009 04:17:22 -0800 

Your message dated Fri, 23 Jan 2009 11:47:11 +0000
with message-id <[email protected]>
and subject line Bug#512728: fixed in tor 0.2.0.33-1
has caused the Debian Bug report #512728,
regarding [SA33635] Tor Unspecified Memory Corruption Vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
512728: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512728
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: tor
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

The following SA (Secunia Advisory) id was published for Tor:

SA33635[1]

> DESCRIPTION:
> A vulnerability with an unknown impact has been reported in Tor.
> 
> The vulnerability is caused due to an unspecified error and can be
> exploited to trigger a heap corruption. No further information is
> currently available. 
> 
> The vulnerability is reported in versions prior to 0.2.0.33.
> 
> SOLUTION:
> Update to version 0.2.0.33.
> 
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Ilja van Sprundel.
> 
> ORIGINAL ADVISORY:
> http://archives.seul.org/or/announce/Jan-2009/msg00000.html

If you fix the vulnerability please also make sure to include the CVE id
(if available) in the changelog entry.

[1]http://secunia.com/advisories/33635/

Cheers,
Giuseppe.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkl5ddoACgkQNxpp46476arI/gCdEpdbHQsxIdn8VnZYpDCeKkmK
GckAn2AG2KYpVLPLwYpthoOvVZ0lKJ2Z
=uKVf
-----END PGP SIGNATURE-----

--- End Message ---
--- Begin Message --- 
Source: tor
Source-Version: 0.2.0.33-1

We believe that the bug you reported is fixed in the latest version of
tor, which is due to be installed in the Debian FTP archive:

tor-dbg_0.2.0.33-1_i386.deb
  to pool/main/t/tor/tor-dbg_0.2.0.33-1_i386.deb
tor-geoipdb_0.2.0.33-1_all.deb
  to pool/main/t/tor/tor-geoipdb_0.2.0.33-1_all.deb
tor_0.2.0.33-1.diff.gz
  to pool/main/t/tor/tor_0.2.0.33-1.diff.gz
tor_0.2.0.33-1.dsc
  to pool/main/t/tor/tor_0.2.0.33-1.dsc
tor_0.2.0.33-1_i386.deb
  to pool/main/t/tor/tor_0.2.0.33-1_i386.deb
tor_0.2.0.33.orig.tar.gz
  to pool/main/t/tor/tor_0.2.0.33.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Peter Palfrader <[email protected]> (supplier of updated tor package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 23 Jan 2009 12:05:06 +0100
Source: tor
Binary: tor tor-dbg tor-geoipdb
Architecture: source all i386
Version: 0.2.0.33-1
Distribution: unstable
Urgency: high
Maintainer: Peter Palfrader <[email protected]>
Changed-By: Peter Palfrader <[email protected]>
Description: 
 tor        - anonymizing overlay network for TCP
 tor-dbg    - debugging symbols for Tor
 tor-geoipdb - geoIP database for Tor
Closes: 512728
Changes: 
 tor (0.2.0.33-1) unstable; urgency=high
 .
   * New upstream version:
     - Fixes a possible remote heap buffer overflow bug (closes: #512728)
       (Secunia Advisory [SA33635]).
     - better resist DNS poisoning.
     - and more - see upstream changelog.
Checksums-Sha1: 
 f4ec8150e993647a1adf60b52f67cc56b146d2e7 1164 tor_0.2.0.33-1.dsc
 4cc94dd6fdb5eb0bd4854631cc5f3cddba7a815f 2167542 tor_0.2.0.33.orig.tar.gz
 ff90f28b0433dcc68a8b6ccbb9c02eca8b930726 78064 tor_0.2.0.33-1.diff.gz
 a395f12c9c3299a589af551b5cdafa8b8319cd37 713478 tor-geoipdb_0.2.0.33-1_all.deb
 0a338b7abdd2544d2e4c774560da02208d9c1c72 1216250 tor_0.2.0.33-1_i386.deb
 66beebac105e0f72b1c8b3d8a93c6a270400d794 851020 tor-dbg_0.2.0.33-1_i386.deb
Checksums-Sha256: 
 f61da8f821fa12292b46e5b20e3f63121b8065ce4797c457f405a700550b79c8 1164 
tor_0.2.0.33-1.dsc
 33df58455bb6e524350f69f6892627258f6cb0b56a953c80c13beff85f1731ad 2167542 
tor_0.2.0.33.orig.tar.gz
 95beecfdab7e77ff7c966e626a0f3474ce0cb33233e32f7b39454e432c16eab4 78064 
tor_0.2.0.33-1.diff.gz
 1ce11a971671afc1eafbd43e75d02aa4e06ed173026416ab413140143e19a911 713478 
tor-geoipdb_0.2.0.33-1_all.deb
 f92c013e5edc6b9f3cd3daffdc91d940e68d5cf60c96aa93ec989b37eddefecd 1216250 
tor_0.2.0.33-1_i386.deb
 8a50e0171efc14cfb09f6f74dbffc38b364a8c15eff5b74d1539f4a5e15e7907 851020 
tor-dbg_0.2.0.33-1_i386.deb
Files: 
 031eb2a87a2c187b40821dac7f3ff13f 1164 comm optional tor_0.2.0.33-1.dsc
 9ad86a956b99b1ab007d459d74348960 2167542 comm optional tor_0.2.0.33.orig.tar.gz
 769709382e984e658fa43252f27b10bc 78064 comm optional tor_0.2.0.33-1.diff.gz
 4ba5bf2016828af2fa42e806803699c1 713478 comm extra 
tor-geoipdb_0.2.0.33-1_all.deb
 a8ac1a0756d59d021ce6763ba2030d0d 1216250 comm optional tor_0.2.0.33-1_i386.deb
 8aa525a3631e1b62ec41579b41fb9867 851020 comm extra tor-dbg_0.2.0.33-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkl5q+cACgkQz/ccs6+kS92LmQCaAh4YDTupo3VCurBssGsn6Rjw
OM4An0mhJdqop15NYsIk3rYV2jOM0d2Z
=aHi3
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to