Accepted tor 0.2.4.29-1 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 10 Jun 2017 11:11:57 +0200 Source: tor Binary: tor tor-dbg tor-geoipdb Architecture: source all Version: 0.2.4.29-1 Distribution: wheezy-security Urgency: medium Maintainer: Peter Palfrader Changed-By: Peter Palfrader Description: tor- anonymizing overlay network for TCP tor-dbg- debugging symbols for Tor tor-geoipdb - GeoIP database for Tor Closes: 864424 Changes: tor (0.2.4.29-1) wheezy-security; urgency=medium . * New upstream version. - Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. (closes: #864424) * The previous release, 0.2.4.28, already incorporates the changes made in Debian's updates of the 0.2.4.27 version. Therefore, drop - debian/patches/tor-bug-20384-TROVE-2016-10-001 - debian/patches/tor-bug-21018-TROVE-2016-12-002-CVE-2016-1254 - debian/patches/update-authority-set Checksums-Sha1: c767d5eefadd888442020afc4a6d6013b3df4da9 1693 tor_0.2.4.29-1.dsc eec6bc8b5cc41ae8c038ab5ba7ee3e871c4a250a 3508247 tor_0.2.4.29.orig.tar.gz 4b232054fe26a9dd5192bad000a64472c5bade43 35732 tor_0.2.4.29-1.diff.gz 07fc1d8fd61549f1583aee98ee973b03f6bf3dd7 1574908 tor-geoipdb_0.2.4.29-1_all.deb Checksums-Sha256: 6cd708f7ae8a1fa8c72d8c4cc39bfa0411ed1a0b06ec4e1f5221ea9a08631373 1693 tor_0.2.4.29-1.dsc 45150eda20441d4d9f5cc915688737e4d873bd1f1d2d73d624755e656426235a 3508247 tor_0.2.4.29.orig.tar.gz 72d9df9a886825fc5ab9dff79fb0711c20bd9d0d027dca759a4f5ebff6f97ee1 35732 tor_0.2.4.29-1.diff.gz 02ab7d7d4a2aaed89657e9f1038cde275f11ef9fb0d4746042b091521e272c03 1574908 tor-geoipdb_0.2.4.29-1_all.deb Files: 968495039450afe722d20123bbca40b6 1693 net optional tor_0.2.4.29-1.dsc f0baf1ade5ccd0040ffb0ae07afafa34 3508247 net optional tor_0.2.4.29.orig.tar.gz 489d2e23fbcb26ad349df34d173b8c00 35732 net optional tor_0.2.4.29-1.diff.gz 66a8525a00505df4287f8abf5164c266 1574908 net extra tor-geoipdb_0.2.4.29-1_all.deb -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEs4PXhajJL968BgN2hgLIIDhyMx8FAlk72z8ACgkQhgLIIDhy Mx/TAAf/Ys7o/2Xt3H3FqaynFqu2EPsvKXzDYyagXb82WHv53Xo/JIbJlIOMRJeI Get+uWDV2M/OksahJPFLP7x/Fcl6OJZiEB0Me4X98vbZfrh7A2NG7On/RY9yD6Ok zPYNq6gK+J67YG49f4QUSJpeRmspnb49R0NQBuA3fUmabIVkYxiNWc+Fw8b+suB+ cJ69FL4pLSHQh+Q4Nm9s6GjvYFG+fgNP5tsqLpeLwlftbUkYdHtFf/Vz2v/f3D7z yT12ZLSVd8inySm12ZmAgIKv8VWHyyrENvpWGO3f40Mri6j1ZeBfV9wyQ4c6xJwp gIGhpXX64nk1Y8p2CgH57isF1PbCjw== =ifD8 -END PGP SIGNATURE-
Accepted tor 0.2.4.27-3 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 19 Dec 2016 22:01:22 +0100 Source: tor Binary: tor tor-dbg tor-geoipdb Architecture: source all Version: 0.2.4.27-3 Distribution: wheezy-security Urgency: medium Maintainer: Peter Palfrader Changed-By: Peter Palfrader Description: tor- anonymizing overlay network for TCP tor-dbg- debugging symbols for Tor tor-geoipdb - GeoIP database for Tor Changes: tor (0.2.4.27-3) wheezy-security; urgency=medium . * Fix for an issue (Tor#21018) where Tor clients could crash when attempting to visit a hostile hidden service. [TROVE-2016-12-002,CVE-2016-1254] Checksums-Sha1: 39e0a65e1acc3b3e3eb1118bee81efd7dead3674 1693 tor_0.2.4.27-3.dsc 998bdc3c086e8ec32455061f555984f9a5e19286 38997 tor_0.2.4.27-3.diff.gz 6045414538bf0890dafe1192b62c951733310c05 1199948 tor-geoipdb_0.2.4.27-3_all.deb Checksums-Sha256: 99eee0b7ee20dfcc1b16147d0b9719dfc663eae631eef4a5b82647d1b036befe 1693 tor_0.2.4.27-3.dsc d4482c84003befea88d8995ced15e88d1c7d445bfe2545560627473029d9ecff 38997 tor_0.2.4.27-3.diff.gz fc401b0640b69f51149626fffa3be33f9fe59dd5c523803e30c18e1feef7ad41 1199948 tor-geoipdb_0.2.4.27-3_all.deb Files: 84bb4490e1b1ef9043aa9a380ab2de95 1693 net optional tor_0.2.4.27-3.dsc d19edaa242552f1d849f29d5377f34e1 38997 net optional tor_0.2.4.27-3.diff.gz 90ef0664f0f4355808f13ccfba5424cb 1199948 net extra tor-geoipdb_0.2.4.27-3_all.deb -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEs4PXhajJL968BgN2hgLIIDhyMx8FAlhZGrwACgkQhgLIIDhy Mx/P6Af7BZPL/VhX1IVN/CfLXVH0LBzvXCGoZziJu+TW8HxsP9/BRIwRpbSN2zVa zBz0iUSUHOlN5dXGyPyALAmuD4L3Bx9xUqP4Uzuzn9B30XRt6mt4vPAJPsro0dYJ 1a/WW7NbFF+X/rd/Q5AmSwXHtfvqkWB6ZaNy25fgWTmxW4w1t8fpie5ck4QRYuwq vEIw+BCiGzCuEogoKsgqwHTS2k+Y4gAb6fLhaOT0AAmZ08kygVDvPoLAItd/lEBl 3f0/G8NocRN/7TqtE87O1tIlhR/9ilqNtS5S4I6ib9TkVGR7ryVFkUmiPUvGGP5N 1/YKtSCM4iXp1yX/E8zFLUCi0A7Eag== =U0/E -END PGP SIGNATURE-
Accepted tor 0.2.4.27-2 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 18 Oct 2016 09:40:24 +0200 Source: tor Binary: tor tor-dbg tor-geoipdb Architecture: source amd64 all Version: 0.2.4.27-2 Distribution: wheezy-security Urgency: medium Maintainer: Peter Palfrader Changed-By: Peter Palfrader Description: tor- anonymizing overlay network for TCP tor-dbg- debugging symbols for Tor tor-geoipdb - GeoIP database for Tor Changes: tor (0.2.4.27-2) wheezy-security; urgency=medium . * Fix a remote denial of service bug, torbug#20384, TROVE-2016-001. * Update the set of authority directory servers to the one from Tor 0.2.8.7, released in August 2016. This updates the key for dannenberg, replaces the Tonga bridge authority with Bifroest, and drops urras. Checksums-Sha1: 9f19ceec1b51df19bd017051607434beab2154fe 1678 tor_0.2.4.27-2.dsc 93bf292207171bc4f3ed1f98ba24fb33baba799e 37395 tor_0.2.4.27-2.diff.gz 86e19ea887ec9d1bf452c1b34f4ebc5a99c14c76 1353200 tor_0.2.4.27-2_amd64.deb 4742a85e2e908cc3efe8c70067e6920cc9133f45 2369168 tor-dbg_0.2.4.27-2_amd64.deb 948e678e5953b1f913016f13455c4b907310a87b 1199886 tor-geoipdb_0.2.4.27-2_all.deb Checksums-Sha256: 4c4a011c1653c25746d9a3d94a88d01f29f99f76ffee9881f5205f7481dc3566 1678 tor_0.2.4.27-2.dsc afc4c7f8d45fbb30c89eb7af9c599a9b88084abc913f3842a080dfd02c43e5aa 37395 tor_0.2.4.27-2.diff.gz 749d486814c65f67d98d670a799cd434cfdf509c94e778b68e0ede4ba8d2783d 1353200 tor_0.2.4.27-2_amd64.deb 48699bab220779900b71fef19d9744583c0fb10b27e2273bed946f7ab8e47794 2369168 tor-dbg_0.2.4.27-2_amd64.deb bc2a7949e021cd0d663971ba2fee1daecac6d46fdef6909bdadccdb1c7b41860 1199886 tor-geoipdb_0.2.4.27-2_all.deb Files: 2d965f0634bdd41370b4cd0481f3fd97 1678 net optional tor_0.2.4.27-2.dsc 8627f3e1fec3a86703009535f539285e 37395 net optional tor_0.2.4.27-2.diff.gz e36155e3ccf731114489b31c59dd6e09 1353200 net optional tor_0.2.4.27-2_amd64.deb 6e0b214fe75df301d89fb5d888b19f3f 2369168 debug extra tor-dbg_0.2.4.27-2_amd64.deb 439f1cf798145c9333c498e6ee11f76f 1199886 net extra tor-geoipdb_0.2.4.27-2_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBCAAGBQJYBhooAAoJEIYCyCA4cjMfq7QH/RigI78y2djIuTw2offNi+lc zvDg6l8E2NxbiIaaIO5iiyupdDspGJSDY3es0jhPyFaToMN54cv3PUWnavFO6II+ 6WHamlqsIo+lg/62yL/s7LGM5y1E/OwjeOwZMniVVFHmm+Mjkm3vK5f7WDqNnSo8 AZfSawVN0yhv7vfAGSOYBUt+dkdEi1WowfCwokJOUZQHJVs2my4p2/tuWu716KGT Z4U1+ecJxK9xYQfZvc59NBsUsgcyc3sQ9sg+AMrs+aEmNknndrgY0x52TbM2eK0L A+LXkakwlk8NqZGnSk0sSaAbc4QRKKpioQYyikCITreZuf7TyfhkZn2SzAUfANM= =hN+8 -END PGP SIGNATURE-
Accepted tor 0.2.4.27-1~deb6u1 (source all) into squeeze-lts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 06 Apr 2015 20:45:25 +0200 Source: tor Binary: tor tor-dbg tor-geoipdb Architecture: source all Version: 0.2.4.27-1~deb6u1 Distribution: squeeze-lts Urgency: medium Maintainer: Peter Palfrader Changed-By: Peter Palfrader Description: tor- anonymizing overlay network for TCP tor-dbg- debugging symbols for Tor tor-geoipdb - GeoIP database for Tor Changes: tor (0.2.4.27-1~deb6u1) squeeze-lts; urgency=medium . * New upstream version, fixing hidden service related Denial of Service bugs: - Fix two remotely triggerable assertion failures (upstream bugs #15600 and #15601). - Disallow multiple INTRODUCE1 cells on the same circuit at introduction points, making overwhelming hidden services with introductions more expensive (upstream bug #15515). Checksums-Sha1: fc4b7df532cf702ae07e6a1a3fab718008653e82 1593 tor_0.2.4.27-1~deb6u1.dsc 4a58925772c0e24cc9dc5fa001e68727b889a767 3133587 tor_0.2.4.27.orig.tar.gz 0669f940ff4a67d98279bbbce326f4bee08dd04b 35923 tor_0.2.4.27-1~deb6u1.diff.gz cd2ac7523f97d90e98f2ecd39576624b284c1e71 1199760 tor-geoipdb_0.2.4.27-1~deb6u1_all.deb Checksums-Sha256: 74e478d1e47657ea3fd3fa46165d98da398e24bade89206db3de140071c3e114 1593 tor_0.2.4.27-1~deb6u1.dsc ea1dddb4ae5fb11fecdf2639669dda6a4b960da4e3dc89ecb3d4250aee6e4871 3133587 tor_0.2.4.27.orig.tar.gz 56f1d8b8620736130c96ce474bafbeb36f744400c1dc99b66247f91c4eb29bdc 35923 tor_0.2.4.27-1~deb6u1.diff.gz 58129e6d28d426e3626f25c82c86cf21ea7a4e8f5f9fa0ee8f26bae8870de700 1199760 tor-geoipdb_0.2.4.27-1~deb6u1_all.deb Files: 62f6bb201bf8ecf6f3a4c123858664d0 1593 net optional tor_0.2.4.27-1~deb6u1.dsc 3adf1c90488a6e9d0daf0def18d866da 3133587 net optional tor_0.2.4.27.orig.tar.gz 4c709c5e41a3e81bda8fe20b3d69e6af 35923 net optional tor_0.2.4.27-1~deb6u1.diff.gz f51df09c357fa470d40327b28a178e41 1199760 net extra tor-geoipdb_0.2.4.27-1~deb6u1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBAgAGBQJVIu+KAAoJEIYCyCA4cjMfDgcH/3NfT3JS+vo19dG6x8ayVJDE qlrsHNy05rTr8ffKINUF8rx/cY5QzRoiGxn7k7OZyLCRav0parjmeqW3iNl3Uvv3 SCSgau0TDE3El+8XATfMgZTtnWsfTYrtnZgouF04eEo7KsNqQeCKf1rHl68Ni8yk QBkxci27sKs0pAsErF5mCDvu90cEgHz9vFIuPuTmt841QfPPp740gzQHWncNlArG Yyqg+TtwiWhndt+nzb5txhZvPS9PGhUp2gnSCKQxamfNY6tfkPjq445/5UJfhIVU PvhVm3HhMW6heSVS9kdljtEKtMQbK+pi3WUVK3Q8t+C2mgvzSzm02U8ZZq7TTC0= =7woa -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-lts-changes-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/e1yfert-000841...@franck.debian.org
Accepted tor 0.2.4.26-1~deb6u1 (source all) into squeeze-lts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 22 Mar 2015 20:18:45 +0100 Source: tor Binary: tor tor-dbg tor-geoipdb Architecture: source all Version: 0.2.4.26-1~deb6u1 Distribution: squeeze-lts Urgency: medium Maintainer: Peter Palfrader Changed-By: Peter Palfrader Description: tor- anonymizing overlay network for TCP tor-dbg- debugging symbols for Tor tor-geoipdb - GeoIP database for Tor Changes: tor (0.2.4.26-1~deb6u1) squeeze-lts; urgency=medium . * New upstream version. + Fixes the following security relevant issues (copied from upstream changelog): - Fix an assertion failure that could occur under high DNS load. Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr"; diagnosed and fixed by "cypherpunks". - Fix a bug that could lead to a relay crashing with an assertion failure if a buffer of exactly the wrong layout was passed to buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks'. - Do not assert if the 'data' pointer on a buffer is advanced to the very end of the buffer; log a BUG message instead. Only assert if it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha. - Disable support for SSLv3. All versions of OpenSSL in use with Tor today support TLS 1.0 or later, so we can safely turn off support for this old (and insecure) protocol. Fixes bug 13426. + Updates the list of directory authorities and the geoIP database. + Use correct byte order when sending the address of the chosen rendezvous point to a hidden service. This bug meant that clients were leaking to the hidden service whether they were on a little-endian (common) or big-endian (rare) system. Checksums-Sha1: 4f55b524ab41e61751198c4d74b66c35f050e69a 1595 tor_0.2.4.26-1~deb6u1.dsc 394b5485ea01bc8cf5620273ad60551a6e2d6d8b 3132691 tor_0.2.4.26.orig.tar.gz fd3ba6c1c4c31fe40abe0be998d54191ce2c0ed4 35743 tor_0.2.4.26-1~deb6u1.diff.gz 09bba973b775f76b198a3ee88d587da8c377d1d1 1199420 tor-geoipdb_0.2.4.26-1~deb6u1_all.deb Checksums-Sha256: d749607727a6243ca36d45841619e8958a3f1e5e94f50771c40658cef57c8d9e 1595 tor_0.2.4.26-1~deb6u1.dsc 7095469ea65fe309194e0885f9c4dabf5742704fca1f11d3a645224336b9303d 3132691 tor_0.2.4.26.orig.tar.gz 590bb5b82d4002721017ba1aed818b0eb946b01cbcd4b3e5af6ade7c90d29898 35743 tor_0.2.4.26-1~deb6u1.diff.gz c7b03501ada4185641547ec8e9d926992793ba0b4e4a11c5704b84f03cc6df13 1199420 tor-geoipdb_0.2.4.26-1~deb6u1_all.deb Files: 4272cef488d7935fd37394e6bfee1c9c 1595 net optional tor_0.2.4.26-1~deb6u1.dsc ae923e0a6fcbd4b5cde7cf87b525fe61 3132691 net optional tor_0.2.4.26.orig.tar.gz b3ea9760170a43db6183056c8c70df5c 35743 net optional tor_0.2.4.26-1~deb6u1.diff.gz a26e3ff587f685c0ddab2da99b15dae2 1199420 net extra tor-geoipdb_0.2.4.26-1~deb6u1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBCAAGBQJVDx+/AAoJEIYCyCA4cjMfSX4H+QEc55WpazVcRpWzzq/5/bBg LI7aJIStlW3j8BrsKtVBH+xKSPdjzk5FKI1nBOn+p7e82YabpNUaVg+HGpPzBkWC 48UpcA41xhvtRcFbfVkTskMGpuX9j/DoIXjy1AoEfHOrCcdzIPaVWwDm/46yAtLJ L1L6TxGdpwsa+5bWLbX2TNgtNbFgPvkRi4sNRCwxfQZQVEQbOU9Vkblr+2t7fQ2F iwXWcThDVJ0f/DK+0z0FBq3tNDfMylb1xqN1Pw0oF/FMxHV2nzwWN9ymmDUXNmEA uIXC3LVhXnwpriKB0wG7eBag0CpKqu6kBaOo5pH+6CLgQSPKIVaaqrGXxmn2ejA= =eV+I -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-lts-changes-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/e1yznmr-0003il...@franck.debian.org
Accepted tor 0.2.4.23-1~deb6u1 (amd64 all source) into squeeze-lts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 31 Jul 2014 20:41:18 CEST Source: tor Binary: tor tor-dbg tor-geoipdb Architecture: amd64 all source Version: 0.2.4.23-1~deb6u1 Distribution: squeeze-lts Urgency: low Maintainer: Peter Palfrader Changed-By: Peter Palfrader Description: tor - anonymizing overlay network for TCP tor-dbg - debugging symbols for Tor tor-geoipdb - GeoIP database for Tor Changes: tor (0.2.4.23-1~deb6u1) squeeze-lts; urgency=low . * Build for squeeze. * Remove apparmor support on squeeze. * Manually clean up old /etc/tor/tor-tsocks.conf conffile (re: #705785), so we can downgrade the debhelper build dependency to >= 8. Checksums-Sha256: b27ff4363891dc972d864b0d881fb458e414635aaa137fe00d359e528f8310a4 1065076 tor-geoipdb_0.2.4.23-1~deb6u1_all.deb 41a017cd8fb91fdd1b08efd8204064f635813c88fcbcd00f131921ce427cea8e 1711 tor_0.2.4.23-1~deb6u1.dsc 0f8b7cdc4043abfaf346134b15bd52d2a7f80a600e78ce7f744ee5a3228e00a7 34690 tor_0.2.4.23-1~deb6u1.diff.gz Checksums-Sha1: 358ee4d3f59863823bd2852faf23fcc9d9ac6cf0 1065076 tor-geoipdb_0.2.4.23-1~deb6u1_all.deb 7fb2da02e493e49ca087950d723ce199a35ebafe 1711 tor_0.2.4.23-1~deb6u1.dsc 7c3a343848080c84b7569a62a89cfdd74111708a 34690 tor_0.2.4.23-1~deb6u1.diff.gz Files: cff94819240e8d797a035865a80bea14 1065076 net extra tor-geoipdb_0.2.4.23-1~deb6u1_all.deb 52042487b04174bc371afecb866ca6a5 1711 net optional tor_0.2.4.23-1~deb6u1.dsc f5b7e2ad7fc7cab611d626c5cabe1b85 34690 - - tor_0.2.4.23-1~deb6u1.diff.gz -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBCAAGBQJT2o3rAAoJEIYCyCA4cjMfFsAIAJp/X/5ambitX/gWYA/zZWKQ mRm41xhINawSs1a9R+xN4x4cTNd/OiL773lKkE7KabhMYmZJs9S4qDnTH0GfY6qh wbISZP8Wsn6NffAiUVaewODhuioGUaBKMue/Ctde0z4dEkBrmcLZaIECZUY5fiL/ I14oDVzd7Wa2R26nlDeJOAoiQMhV/VOTATTjKi3HOJB2fW2Gj4Sg59UPKt25PcBh LJZZjUHzbWQnmsDq8g3iGccowqQXryeYu9sHqBpQZE+tl0u/97vEmFjoCPzN9Q1V 5D2R1azn666tEy8cHjxjMr/BJClF5J/adZuVQI1hyi4hAbw6BBywXFoQubscTrI= =WfEJ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-lts-changes-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/e1xcvra-0007i3...@franck.debian.org