-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.0 Source: tor Binary: tor, tor-dbg, tor-geoipdb Architecture: any all Version: 0.2.4.26-1 Maintainer: Peter Palfrader <[email protected]> Homepage: https://www.torproject.org/ Standards-Version: 3.9.4 Vcs-Browser: https://gitweb.torproject.org/debian/tor.git Vcs-Git: https://git.torproject.org/debian/tor.git Build-Depends: debhelper (>= 8.1.0~), quilt, libssl-dev, zlib1g-dev, libevent-dev (>= 1.1), binutils (>= 2.14.90.0.7), hardening-includes, asciidoc (>= 8.2), docbook-xml, docbook-xsl, xmlto, dh-apparmor Build-Conflicts: libnacl-dev Package-List: tor deb net optional arch=any tor-dbg deb debug extra arch=any tor-geoipdb deb net extra arch=all Checksums-Sha1: 394b5485ea01bc8cf5620273ad60551a6e2d6d8b 3132691 tor_0.2.4.26.orig.tar.gz cf36c978d0a893ffc887480ebae10ac5a062ec91 35206 tor_0.2.4.26-1.diff.gz Checksums-Sha256: 7095469ea65fe309194e0885f9c4dabf5742704fca1f11d3a645224336b9303d 3132691 tor_0.2.4.26.orig.tar.gz 8051e8418c5ceb097df24279208b37d68133ea5341d05b87a018d8b1e1ec8644 35206 tor_0.2.4.26-1.diff.gz Files: ae923e0a6fcbd4b5cde7cf87b525fe61 3132691 tor_0.2.4.26.orig.tar.gz bf47ac9776b3673830a3ea9b99727923 35206 tor_0.2.4.26-1.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJVDsUIAAoJEIYCyCA4cjMfyakIAIinQQgXFOrd5foVbNJ/OoCz w0CYUEbIIuSeWTdAMBsDDoedFVmN4P91UFtTOMK5xWanRXInGf8ssFF7D7sqRtCa ez5lX4U1LAQ4afF3tYWOBSsnAjlouoezO0N4MafVRQBpzKaqzJ/PhUXXPrX+u5lP E81r8Hft+geXiMmNNApaA1xqBiSczNTpwi+1uJIc3QJ3ulGIHnUJedXyAiQiEhhe ZZtr6qVLZwRA4WPxgUHy6oe3TMsycVg8YuKf/PNs+08t3s/mSoGOu3NLnJXoiIyE cGoGw0AIBpZjh7/GLHrlbycxQFlrML5kl7WjW1mOZ/g5UfERDOOfXBNhDyq+jtY= =Ep0e -----END PGP SIGNATURE----- Changes: tor (0.2.4.26-1) wheezy-security; urgency=medium * New upstream version. + Fixes the following security relevant issues (copied from upstream changelog): - Fix an assertion failure that could occur under high DNS load. Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr"; diagnosed and fixed by "cypherpunks". - Fix a bug that could lead to a relay crashing with an assertion failure if a buffer of exactly the wrong layout was passed to buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks'. - Do not assert if the 'data' pointer on a buffer is advanced to the very end of the buffer; log a BUG message instead. Only assert if it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha. - Disable support for SSLv3. All versions of OpenSSL in use with Tor today support TLS 1.0 or later, so we can safely turn off support for this old (and insecure) protocol. Fixes bug 13426. + Updates the list of directory authorities and the geoIP database. -- Peter Palfrader <[email protected]> Sun, 22 Mar 2015 13:06:29 +0100
