[ubuntu/natty] tor 0.2.1.29-1 (Accepted)

Mon Jan 17 14:25:27 UTC 2011

tor (0.2.1.29-1) unstable; urgency=high

  * New upstream version, including several security related fixes.  See
    upstream changelog for details.  Addresses CVE-2011-0427.

tor (0.2.1.28-1) unstable; urgency=high

  * New upstream version.
    - Fix a remotely exploitable bug that could be used to crash instances
      of Tor remotely by overflowing on the heap. Remote-code execution
      hasn't been confirmed, but can't be ruled out (CVE-2010-1676).
  * Since the dawn of time (0.0.2pre19-1, January 2004, initial release
    of the debian package), the postinst script has changed ownership and
    permissions of various trees like /var/lib/tor, /var/run/tor, and
    /var/log/tor, sometimes recursively.
    .
    It turns out this actually is a security issue, so try to be more
    conservative when fixing up modes and only chown/chgrp
    /var/{lib,log,run}/tor directly, never recursively.
  * Remove /var/run/tor, recursively, on purge.  We already do this
    for /var/lib/tor and /var/log/tor.

tor (0.2.1.27-1) unstable; urgency=low

  * New upstream version.
    - remove debian/patches/15_tlsext_host_name (already included in new
      upstream version).
    - remove debian/patches/16_add_maatuska (ditto).
  * debian/tor.docs: Remove doc/website/stylesheet.css and doc/website/tor-*
    since upstream has stopped shipping them in their tarball.

Date: Sun, 16 Jan 2011 18:51:03 +0100
Changed-By: Felix Geyer <debfx-pkg at fobos.de>
Maintainer: Peter Palfrader <weasel at debian.org>
Origin: debian/unstable
https://launchpad.net/ubuntu/natty/+source/tor/0.2.1.29-1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 16 Jan 2011 18:51:03 +0100
Source: tor
Binary: tor tor-dbg tor-geoipdb
Architecture: source
Version: 0.2.1.29-1
Distribution: natty
Urgency: high
Maintainer: Peter Palfrader <weasel at debian.org>
Changed-By: Felix Geyer <debfx-pkg at fobos.de>
Description: 
 tor        - anonymizing overlay network for TCP
 tor-dbg    - debugging symbols for Tor
 tor-geoipdb - geoIP database for Tor
Changes: 
 tor (0.2.1.29-1) unstable; urgency=high
 .
   * New upstream version, including several security related fixes.  See
     upstream changelog for details.  Addresses CVE-2011-0427.
 .
 tor (0.2.1.28-1) unstable; urgency=high
 .
   * New upstream version.
     - Fix a remotely exploitable bug that could be used to crash instances
       of Tor remotely by overflowing on the heap. Remote-code execution
       hasn't been confirmed, but can't be ruled out (CVE-2010-1676).
   * Since the dawn of time (0.0.2pre19-1, January 2004, initial release
     of the debian package), the postinst script has changed ownership and
     permissions of various trees like /var/lib/tor, /var/run/tor, and
     /var/log/tor, sometimes recursively.
     .
     It turns out this actually is a security issue, so try to be more
     conservative when fixing up modes and only chown/chgrp
     /var/{lib,log,run}/tor directly, never recursively.
   * Remove /var/run/tor, recursively, on purge.  We already do this
     for /var/lib/tor and /var/log/tor.
 .
 tor (0.2.1.27-1) unstable; urgency=low
 .
   * New upstream version.
     - remove debian/patches/15_tlsext_host_name (already included in new
       upstream version).
     - remove debian/patches/16_add_maatuska (ditto).
   * debian/tor.docs: Remove doc/website/stylesheet.css and doc/website/tor-*
     since upstream has stopped shipping them in their tarball.
Checksums-Sha1: 
 7c66eb9d2722c85e778cbb9cfabe1c99e972ad63 1809 tor_0.2.1.29-1.dsc
 cd534b99c91070504f4e70008ab8940a816b5bc6 2521399 tor_0.2.1.29.orig.tar.gz
 480085b2cdb4ade252bb05feb3c47115113af81d 81652 tor_0.2.1.29-1.diff.gz
Checksums-Sha256: 
 b4f7629c13c9153c4a12e84781a78d12e7a73df462efbdf88c64e76baec1909b 1809 tor_0.2.1.29-1.dsc
 070d314effd6c08f8b5a8a1ebb4f5c3af644d48a9e38e9cba34fd3f2e981ec64 2521399 tor_0.2.1.29.orig.tar.gz
 3596474889a72c5124ac989284f3fb5622a2e0a145bca8a934867424f6e54fb6 81652 tor_0.2.1.29-1.diff.gz
Files: 
 2fceff84098af698cfd21810136052f3 1809 net optional tor_0.2.1.29-1.dsc
 1cd4feea84f2b066717b500d090bcf65 2521399 net optional tor_0.2.1.29.orig.tar.gz
 4d843bd891f04d5e5ab6ca4bcea4c077 81652 net optional tor_0.2.1.29-1.diff.gz
Origin: debian/unstable

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJNNFAwAAoJEP4ixv2DE11FZiYP/1RqDu4N3e9M8Zp917lM12tx
l8u0NegRxWc60UmA7ahNXOfzmbSXlipXKSAWp/ID/vJtDzxGJWuQwdMa5yhb9Kyy
q+CkRmLT9fi7ofyAbfSy38/Zvvl9Ucil7SfUb9rX1ApX2Kcl3EYoUKSmOR89/eTS
VV8Tspzae+CK3GWhmVTkgozvXTg+Gabeei97NIYaXIw1/3yVFx/fCbYG/SNsS33E
RFXKjgSLxkD//mfpk7dwvqb5ZIxC95PTJy8PrHMcthGd8Q9r5WaAZGNx6+JnJDtk
KPPh4A3GBjSs0TYO8M7rVRwyGt6gvO2bCh1kThHBovMjES0YWp5zaQrWy9+p0ZLb
cVNT35/SyFFpIEhYrh97tYxB65UueH5htuakp85fOIbyMc+BeaPJoDG/MhEbqbJh
DBfnyEXoIEAay0DhxbR0fR3pQ4ZDbdU1Pe+/l1Vo70+DhN4a5PJW56dr/Kk0XXDl
6fxtnP2+R/iLLJb8SBNtzcS7twvOFg8tSpm5mZl6Nrw9/RiQQaFTWvciZZqQQSl/
5SeqN2huQwRGBhCoSyFBA7qloi/SD22dcNoX0as8YENwAv3EA734EJ/hwtNd/+pC
ST0itjj1KBOmgwJjcck2XegDtw+O8VqOAnaZOIiK2secwG09gROtBBCk0eX/Rgi5
8SUz9DZRFmrSyzEJhHdN
=4dOB
-----END PGP SIGNATURE-----