-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 16 Jan 2011 22:44:47 +0100 Source: tor Binary: tor tor-dbg tor-geoipdb Architecture: arm Version: 0.2.1.29-1~lenny+1 Distribution: stable-security Urgency: high Maintainer: arm Build Daemon (toffee) Changed-By: Peter Palfrader Description: tor - anonymizing overlay network for TCP tor-dbg - debugging symbols for Tor tor-geoipdb - geoIP database for Tor Changes: tor (0.2.1.29-1~lenny+1) stable-security; urgency=high . * Build tor 0.2.1.29 for lenny security, rather than backport almost all the patches from that version to the 0.2.1.26 currently in stable (which in turn already has most of the patches in .27 and .28). . Tor 0.2.1.29 is a release with several security related fixes, including one for CVE-2011-0427 (heap overflow bug, potential remote code execution), a denial of service involving compression bombs, and zeroing out of cryptographic keys after use to resist cold boot attacks somewhat better. Checksums-Sha1: 836789adcb74f19f9acb80f34185356b78ef2deb 1125962 tor_0.2.1.29-1~lenny+1_arm.deb 61ff9bb81acbebd3a2401e6da4a083af495e2939 895300 tor-dbg_0.2.1.29-1~lenny+1_arm.deb Checksums-Sha256: 0c8350705825e49705547109b2d2f0f1ddc371a16af4d44978f010ebf8600551 1125962 tor_0.2.1.29-1~lenny+1_arm.deb c47bbbc4fa0336ad6cd5cc88d69289b7ac0467167889de5a8108e2b8a7169f84 895300 tor-dbg_0.2.1.29-1~lenny+1_arm.deb Files: f97bc4cd226a6d82acf05e529b7680ff 1125962 net optional tor_0.2.1.29-1~lenny+1_arm.deb d54998814e9a790efa7520fbe7115942 895300 debug extra tor-dbg_0.2.1.29-1~lenny+1_arm.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk00fOQACgkQXm3vHE4uylp5aACfbzXycQNO7g1yp+dJkZz0qjkt Mi0An0FmKlpeVqiLVwwB1SehdTIWJ49z =DKyK -----END PGP SIGNATURE-----