Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: pu
Hi, I would like to update the Tor in stable from 0.2.2.35 to 0.2.2.37. This is an update on Tor's stable tree (instead of its development tree) and the changes are thus rather conservative. It fixes a couple of minor security issues, like no longer leaking uninitialized memory, properly rejecting inputs where the number exceeds valid values for its storage types, or not adding more bytes to input buffers while renegotiating. Furthermore, a few issues are resolved that might affect a user's anonymity. These include things such as only building circuits when a client knows a sufficient number of "exit" nodes, never using a bridge as an exit, or reusing circuits in an unsafe manner. Additionaly it updates the list of directory authorities, makes building with newer and older openssl libraries safer (probably not important for us) and makes building on a few other platforms more robust. Tor versions 0.2.2.36 and .37 have been in unstable and testing for a few weeks now and I am reasonably confident that 0.2.2.37 is fit for being included in the next point release of squeeze. May I prepare and upload a 0.2.2.37-1~squeeze1 tor package? Cheers, weasel https://gitweb.torproject.org/debian/tor.git/blob/refs/heads/debian-0.2.2:/ChangeLog https://gitweb.torproject.org/debian/tor.git/blob/refs/heads/debian-0.2.2:/debian/changelog -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org