-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 22 Aug 2012 07:43:32 UTC
Source: tor
Binary: tor tor-dbg tor-geoipdb
Architecture: source all amd64
Version: 0.2.2.38-1
Distribution: stable
Urgency: low
Maintainer: Peter Palfrader <wea...@debian.org>
Changed-By: Peter Palfrader <wea...@debian.org>
Description: 
 tor        - anonymizing overlay network for TCP
 tor-dbg    - debugging symbols for Tor
 tor-geoipdb - geoIP database for Tor
Checksums-Sha1: 
 7b2cd0b3994ea2abe2b51a0c752e440a9d5d5578 1554 tor_0.2.2.38-1.dsc
 abac1902d301c6bd5d522e4cc81aead3299cf968 2928500 tor_0.2.2.38.orig.tar.gz
 495736def59bc87b9f4756820b7b18f95c7af24f 33411 tor_0.2.2.38-1.diff.gz
 e4da4be5f977bdea242089ba10ab299e9deafe0d 1414796 tor-geoipdb_0.2.2.38-1_all.deb
 bc488342533e0896116bfcd68f0e71cfe8f86363 1059930 tor_0.2.2.38-1_amd64.deb
 17e1f7b2cdb5505ee008d8d688c0078d58529216 1139732 tor-dbg_0.2.2.38-1_amd64.deb
Checksums-Sha256: 
 abc156949d5cea11a3279c5f7aa32cde025a40de852c29c6a02f2f19178e91ff 1554 
tor_0.2.2.38-1.dsc
 8ee32e7fa14ddc1ded299e9c396b5628d473233528c3a22f8bfc7eac9094b4cf 2928500 
tor_0.2.2.38.orig.tar.gz
 64e3397a5b95ef3783545b0ca37cc362b0b50d98e6a4166de4e9c1372e05c9d1 33411 
tor_0.2.2.38-1.diff.gz
 4b9a445f519a96b12e6752c2c25cff088eabb9a23be6bfa5cbbe581e31cea2ef 1414796 
tor-geoipdb_0.2.2.38-1_all.deb
 f7329491557b712885101dfbff1df3dcf16948a7e7809e4ef7eeee6ba16cdc0c 1059930 
tor_0.2.2.38-1_amd64.deb
 6ac25ef5a09f3b965c626899bcea0f488863956ead35e8bf3f8a14adc92c3dd3 1139732 
tor-dbg_0.2.2.38-1_amd64.deb
Changes: 
 tor (0.2.2.38-1) stable; urgency=low
 .
   * New upstream version, fixing three security issues, as discussed
     in #684763:
     - Avoid an uninitialized memory read when reading a vote or consensus
       document that has an unrecognized flavor name. This read could
       lead to a remote crash bug. Fixes bug 6530; bugfix on 0.2.2.6-alpha.
       [CVE-2012-3518]
     - Try to leak less information about what relays a client is
       choosing to a side-channel attacker. Previously, a Tor client would
       stop iterating through the list of available relays as soon as it
       had chosen one, thus finishing a little earlier when it picked
       a router earlier in the list. If an attacker can recover this
       timing information (nontrivial but not proven to be impossible),
       they could learn some coarse-grained information about which relays
       a client was picking (middle nodes in particular are likelier to
       be affected than exits). The timing attack might be mitigated by
       other factors (see bug 6537 for some discussion), but it's best
       not to take chances. Fixes bug 6537; bugfix on 0.0.8rc1.
       [CVE-2012-3519]
   * Note that contrary to the upstream release notes and changelog the
     folloiwng issue is not fixed by this release.  Discussion in the
     upstream bug tracker suggests it is not triggerable in practice.
     - Avoid read-from-freed-memory and double-free bugs that could occur
       when a DNS request fails while launching it. Fixes bug 6480;
       bugfix on 0.2.0.1-alpha.
       [CVE-2012-3517; https://bugs.torproject.org/6480]
Files: 
 4c8496750c52d874bd992dbc98d0e889 1554 net optional tor_0.2.2.38-1.dsc
 91a9dd2c9d7fbd946bda5a13edbe5667 2928500 net optional tor_0.2.2.38.orig.tar.gz
 918d403e15f1c88d2f63898b06cd897a 33411 net optional tor_0.2.2.38-1.diff.gz
 927aeb9113f2e1055196acde238223ae 1414796 net extra 
tor-geoipdb_0.2.2.38-1_all.deb
 14bc4bfe57f2c459808a836d186c6ebd 1059930 net optional tor_0.2.2.38-1_amd64.deb
 1884f011b01c2f12f9708366d231b7a1 1139732 debug extra 
tor-dbg_0.2.2.38-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBCAAGBQJQOj/NAAoJEDTSCgbh3sV35akH/AgXHpPdRzId2VMHU1nzRWH7
0iu6wMMtpS49uZJGS6UKa8ugImRdM+lsNKjng9rQ7KqfyPzLIDt8G9too4lN1xLn
ns4/WIz/S5eBnft8TjcmtlrZk22i+DGrkrjvVockKZxVDihutTC3V+RniEg2RLMn
gSLrbt6u64FLrJuH0LtjgnracpHldgphY7fa2uLmrrkdlNS3kViZ+9a6UqNynmv0
0hdexv3BbDzk+/cZ8sGBphd7IMupc32yCeOf8LbyEhRo1a5phOAC7izWato4uJFe
Gv4MFSb+Y3CjoB/duDuq5qlrcfgMPLL6PuFXlycSiKFNF2QuFfTXIzfGCqKR8ro=
=9OUW
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-changes-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1t64l2-000182...@franck.debian.org

Reply via email to