Format: 1.8
Date: Fri, 18 Jun 2021 11:06:56 +0200
Source: tor
Binary: tor
Built-For-Profiles: noudeb
Architecture: riscv64
Version: 0.4.5.9-1
Distribution: impish-proposed
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@riscv64-qemu-lcy01-065.buildd>
Changed-By: Peter Palfrader <weasel@debian.org>
Description:
 tor        - anonymizing overlay network for TCP
Closes: 990000
Changes:
 tor (0.4.5.9-1) unstable; urgency=medium
 .
   * New upstream version, fixing several (security) issues (closes: #990000).
      For a full list see the upstream changelog.  It includes:
     - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
       half-closed streams. Previously, clients failed to validate which
       hop sent these cells: this would allow a relay on a circuit to end
       a stream that wasn't actually built with it.
       Bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021-
       003 and CVE-2021-34548.
     - Detect more failure conditions from the OpenSSL RNG code.
       Previously, we would detect errors from a missing RNG
       implementation, but not failures from the RNG code itself.
       Fortunately, it appears those failures do not happen in practice
       when Tor is using OpenSSL's default RNG implementation.
       Bugfix on 0.2.8.1-alpha. This issue is also tracked as
       TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
     - Resist a hashtable-based CPU denial-of-service attack against
       relays. Previously we used a naive unkeyed hash function to look
       up circuits in a circuitmux object. An attacker could exploit this
       to construct circuits with chosen circuit IDs, to create
       collisions and make the hash table inefficient. Now we use a
       SipHash construction here instead. Bugfix on
       0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and
       CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
     - Fix an out-of-bounds memory access in v3 onion service descriptor
       parsing. An attacker could exploit this bug by crafting an onion
       service descriptor that would crash any client that tried to visit
       it. Bugfix on 0.3.0.1-alpha. This issue is also
       tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
       Glazunov from Google's Project Zero.
Checksums-Sha1:
 b6ea0192bdba5f981bb4b54be10e1ba4bf5cb62f 5041664 tor-dbgsym_0.4.5.9-1_riscv64.ddeb
 c56dcd2c93d6573df69bef3674f7731d325d4644 7197 tor_0.4.5.9-1_riscv64.buildinfo
 5a86dae52cea54d5569a9631bcb88a655898dedc 1474128 tor_0.4.5.9-1_riscv64.deb
Checksums-Sha256:
 1ea5a8748310f79ffa7795108d513cd451906b81ed58e8b386b36143d0c8d034 5041664 tor-dbgsym_0.4.5.9-1_riscv64.ddeb
 a94de5333626d54d776d40bca67b42429422d5df1cfb67bc5b313a46e502cb90 7197 tor_0.4.5.9-1_riscv64.buildinfo
 0ff07b4ded99e3152598f749a63d8cb8636881e9c0dedaa25d306bb58e78b1f3 1474128 tor_0.4.5.9-1_riscv64.deb
Files:
 d01aa9d8029dea8300e86251db604a39 5041664 debug optional tor-dbgsym_0.4.5.9-1_riscv64.ddeb
 7dfe2d414321894b385b6bcdaa6015f7 7197 net optional tor_0.4.5.9-1_riscv64.buildinfo
 b2d6ef6cd8dd848b3f5d97fef9335720 1474128 net optional tor_0.4.5.9-1_riscv64.deb