-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 16 Jan 2011 22:44:47 +0100 Source: tor Binary: tor tor-dbg tor-geoipdb Architecture: ia64 Version: 0.2.1.29-1~lenny+1 Distribution: stable-security Urgency: high Maintainer: ia64 Build Daemon (alkman) Changed-By: Peter Palfrader Description: tor - anonymizing overlay network for TCP tor-dbg - debugging symbols for Tor tor-geoipdb - geoIP database for Tor Changes: tor (0.2.1.29-1~lenny+1) stable-security; urgency=high . * Build tor 0.2.1.29 for lenny security, rather than backport almost all the patches from that version to the 0.2.1.26 currently in stable (which in turn already has most of the patches in .27 and .28). . Tor 0.2.1.29 is a release with several security related fixes, including one for CVE-2011-0427 (heap overflow bug, potential remote code execution), a denial of service involving compression bombs, and zeroing out of cryptographic keys after use to resist cold boot attacks somewhat better. Checksums-Sha1: 642b6f6df57c211376e89cd913d6bebd629f22d4 1474404 tor_0.2.1.29-1~lenny+1_ia64.deb 3c0dd6285fcda2129f70226194bdd13444fa3a07 884544 tor-dbg_0.2.1.29-1~lenny+1_ia64.deb Checksums-Sha256: 5701b05b33501049294c2840be4ee1e43afea426cc383297a58185476d639dcc 1474404 tor_0.2.1.29-1~lenny+1_ia64.deb e68d22dc80e61165a3e1a44d1fb4e9f9736056702407623a318aa51c6a72db52 884544 tor-dbg_0.2.1.29-1~lenny+1_ia64.deb Files: 131278967d8f1c11b7a50888d82dcdde 1474404 net optional tor_0.2.1.29-1~lenny+1_ia64.deb ce414c7a5eb182a806baba3d2fe9c0bf 884544 debug extra tor-dbg_0.2.1.29-1~lenny+1_ia64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk00fNkACgkQXm3vHE4uylo1hwCgwhxPIkfeXXnEezd7PR9iYM7y eMEAoM67UIZtVJbBrnQu00pXEXDBMAIS =HI5D -----END PGP SIGNATURE-----