-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 23 Aug 2021 11:59:12 +0200
Source: tor
Binary: tor tor-dbgsym
Architecture: armhf
Version: 0.3.5.16-1
Distribution: buster-security
Urgency: medium
Maintainer: arm Build Daemon (arm-ubc-04) <buildd_armhf-arm-ubc-04@buildd.debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description:
 tor        - anonymizing overlay network for TCP
Changes:
 tor (0.3.5.16-1) buster-security; urgency=medium
 .
   * New upstream version.
     For a full list see the upstream changelog.  It includes:
     - Resolve an assertion failure caused by a behavior mismatch between our
       batch-signature verification code and our single-signature verification
       code. This assertion failure could be triggered remotely, leading to a
       denial of service attack. We fix this issue by disabling batch
       verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
       also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
       Valence.
Checksums-Sha1:
 8010f5305bf18cd439160156dcd14f2c9946d4b8 4385784 tor-dbgsym_0.3.5.16-1_armhf.deb
 21bb401ed179c895d156d3e68a9ca3705b664f61 6834 tor_0.3.5.16-1_armhf-buildd.buildinfo
 2559788e35124579b2fc108d781e90cbcb5d7d51 1739360 tor_0.3.5.16-1_armhf.deb
Checksums-Sha256:
 6b8d526bd492b42a64fc7363d803f02dbf516eee7794c121eee071e782de6e8b 4385784 tor-dbgsym_0.3.5.16-1_armhf.deb
 4d9aa983cce189ecaca5eba82d0ad2e8cb22d724106f254ca708f9cb362cb00e 6834 tor_0.3.5.16-1_armhf-buildd.buildinfo
 fc75997fded815c7c636ff007593c47b2f390ac45993b6b48f7b4d9a7544abec 1739360 tor_0.3.5.16-1_armhf.deb
Files:
 6ed9aa5bec0524d01435d760faab80f4 4385784 debug optional tor-dbgsym_0.3.5.16-1_armhf.deb
 9e05a3d34b0a635e85c8a806abe4d458 6834 net optional tor_0.3.5.16-1_armhf-buildd.buildinfo
 41495200855c616269b137108374d344 1739360 net optional tor_0.3.5.16-1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEnkOoRyjJ0+t2tN7OjOf+cynECFcFAmEjfkAACgkQjOf+cynE
CFeKXw/+NnihnPCDUMNvTVlimZK/GjjXEbUyixPWuwRK5sGE65to7LnHHpPGkMqK
Uvb5j7H6y/iVrv/fDQIZO6XwsqRw48Pv9ELXnMsR3BRzTrZhyxUJlWu256gpjoJk
b853G93Xr2YZE3U2Cu+wWMDn6N483LxalJmCBUsqr68Tylr6vl7l75Xrf4veB8kd
zZNiwhmOooz8RwnflRTDYDrlKE93Ssv80P7nIij79I86ZS4oDVSuUHRhx4C1zk+i
EtvLogUXnWYD2KXuhheZjsXlSZgio+4EB5hjCDR3g+wOu1w4GpG79Idjb5blTzyW
nyCL94f/veaigyXMgNM0qhZKPoNZIAXUsNFUubfPI8TbIj75U5Nn0rhqj62Q849S
k2az1f/TFCWTTCS0KYbp8g7T0gK5kw1Dc3Cej/SyK2yFITP72sT9WzsMXAAaKpEU
AgKoVTcLJMcP0hrSP8WVtT9G0Nqo1FNMR9symNldxI3Ffb74K00Pf6YyZt8WNr2Z
Rn8OzD63yG0yYEvUb5s/OOtA3iVBFIGg+ePuykiA6664kUgK0nmk6M7bNrF7Kad5
/L3Pe6a/mG6/rHXNspPTFVVH3jcbQOgCyiNE0Ks5Q4APNB7+h0aOy8Z8QIQesT1O
JXwtgdHiOVyeydeRUapFwi0/YJ4JnNkDmsj5J2JRkuvhSSPYIrY=
=EhQn
-----END PGP SIGNATURE-----