-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 16 Jan 2011 22:44:47 +0100 Source: tor Binary: tor tor-dbg tor-geoipdb Architecture: armel Version: 0.2.1.29-1~lenny+1 Distribution: stable-security Urgency: high Maintainer: armel Build Daemon (alwyn) Changed-By: Peter Palfrader Description: tor - anonymizing overlay network for TCP tor-dbg - debugging symbols for Tor tor-geoipdb - geoIP database for Tor Changes: tor (0.2.1.29-1~lenny+1) stable-security; urgency=high . * Build tor 0.2.1.29 for lenny security, rather than backport almost all the patches from that version to the 0.2.1.26 currently in stable (which in turn already has most of the patches in .27 and .28). . Tor 0.2.1.29 is a release with several security related fixes, including one for CVE-2011-0427 (heap overflow bug, potential remote code execution), a denial of service involving compression bombs, and zeroing out of cryptographic keys after use to resist cold boot attacks somewhat better. Checksums-Sha1: 9d6c77cb5614582e21ff79514d11d054c9695e86 1128596 tor_0.2.1.29-1~lenny+1_armel.deb 5a20ef2e05b0e0f2ede89b7ca1203010a40e26cc 903280 tor-dbg_0.2.1.29-1~lenny+1_armel.deb Checksums-Sha256: 8f1c06c9ec17167667db5d091150ecb937e685086454fc8ccf9cdd1f843d2027 1128596 tor_0.2.1.29-1~lenny+1_armel.deb a2c0c8b43f2fb99fe55d456f33dd5017da19c7b01768c4f50ac2927e103a650d 903280 tor-dbg_0.2.1.29-1~lenny+1_armel.deb Files: 226a6fa51fc083a169f297064880f331 1128596 net optional tor_0.2.1.29-1~lenny+1_armel.deb afb0602c1769ec9881bc15a08da02aa6 903280 debug extra tor-dbg_0.2.1.29-1~lenny+1_armel.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk00fN8ACgkQXm3vHE4uyloYyQCggqV/oUch0LxRorOiBvlp7CZy zeQAn2lzhbcEfxZtpcVzqAJ7MR5WZYkv =PeKk -----END PGP SIGNATURE-----