-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 16 Jan 2011 22:44:47 +0100 Source: tor Binary: tor tor-dbg tor-geoipdb Architecture: amd64 Version: 0.2.1.29-1~lenny+1 Distribution: stable-security Urgency: high Maintainer: amd64 Builddd Daemon (barber) Changed-By: Peter Palfrader Description: tor - anonymizing overlay network for TCP tor-dbg - debugging symbols for Tor tor-geoipdb - geoIP database for Tor Changes: tor (0.2.1.29-1~lenny+1) stable-security; urgency=high . * Build tor 0.2.1.29 for lenny security, rather than backport almost all the patches from that version to the 0.2.1.26 currently in stable (which in turn already has most of the patches in .27 and .28). . Tor 0.2.1.29 is a release with several security related fixes, including one for CVE-2011-0427 (heap overflow bug, potential remote code execution), a denial of service involving compression bombs, and zeroing out of cryptographic keys after use to resist cold boot attacks somewhat better. Checksums-Sha1: 81ac4c53c0e206050ffbcf78a47c5e9735a69aee 1190932 tor_0.2.1.29-1~lenny+1_amd64.deb 16f98e0212bf7da1abddda2a7c9fddb5841b948d 973498 tor-dbg_0.2.1.29-1~lenny+1_amd64.deb Checksums-Sha256: c6fd23ab4dcd603cee46c6db7c909e4d5c5d3f8c5e62dc97ce8956016d5b7642 1190932 tor_0.2.1.29-1~lenny+1_amd64.deb 85741c7b3ab1301c0d6cece50a3229e3720fcf4f7f32821af5cd15b745c0e675 973498 tor-dbg_0.2.1.29-1~lenny+1_amd64.deb Files: 35ed952254d346875fbdd0404ea9727d 1190932 net optional tor_0.2.1.29-1~lenny+1_amd64.deb 5ec8f3d0d60e4fe3765786b87e3d0a02 973498 debug extra tor-dbg_0.2.1.29-1~lenny+1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk00fNUACgkQXm3vHE4uylpexACg2nblCraIHhutDBNj1Wv6RvM6 zL8AoMwPMyQBGvmREgIhKm11qqoEX4Z2 =ZAFo -----END PGP SIGNATURE-----