-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 16 Jan 2011 22:44:47 +0100 Source: tor Binary: tor tor-dbg tor-geoipdb Architecture: alpha Version: 0.2.1.29-1~lenny+1 Distribution: stable-security Urgency: high Maintainer: Debian Build Daemon Changed-By: Peter Palfrader Description: tor - anonymizing overlay network for TCP tor-dbg - debugging symbols for Tor tor-geoipdb - geoIP database for Tor Changes: tor (0.2.1.29-1~lenny+1) stable-security; urgency=high . * Build tor 0.2.1.29 for lenny security, rather than backport almost all the patches from that version to the 0.2.1.26 currently in stable (which in turn already has most of the patches in .27 and .28). . Tor 0.2.1.29 is a release with several security related fixes, including one for CVE-2011-0427 (heap overflow bug, potential remote code execution), a denial of service involving compression bombs, and zeroing out of cryptographic keys after use to resist cold boot attacks somewhat better. Checksums-Sha1: d6fb67233bd1fcef2c4a1f9cd34514b504d41ac8 1236044 tor_0.2.1.29-1~lenny+1_alpha.deb 749dc4fb196d1d89a529e7cf2f62bd4eecaebd98 951108 tor-dbg_0.2.1.29-1~lenny+1_alpha.deb Checksums-Sha256: bfdfeeeaba0626916dcde984d8f2d84b603346dbe0dd627854a7a14d0d948595 1236044 tor_0.2.1.29-1~lenny+1_alpha.deb e65cc1b55cb610bdfd0fd6e7ea97690a2ec3556f7811fccfb84d1471b3fe3f0c 951108 tor-dbg_0.2.1.29-1~lenny+1_alpha.deb Files: eab4083d6ae3e95dce57e01d0a57ad69 1236044 net optional tor_0.2.1.29-1~lenny+1_alpha.deb 636bdba6e7b1ce21b38f53a7285a1259 951108 debug extra tor-dbg_0.2.1.29-1~lenny+1_alpha.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk00fN0ACgkQXm3vHE4uylqy2gCfcH8xqiyAhtmjztCzT38nftXe yfAAniKl3wCa6gzKAIUA6AqCTYhGCH/J =A5G4 -----END PGP SIGNATURE-----