Accepted tor 0.2.2.20-alpha-1 (source all amd64 i386)

To: debian-devel-changes@lists.debian.org
Subject: Accepted tor 0.2.2.20-alpha-1 (source all amd64 i386)
From: Peter Palfrader <weasel@debian.org>
Date: Mon, 20 Dec 2010 10:47:10 +0000
Message-id: <[🔎] E1PUdGo-00084F-Cq@franck.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 18 Dec 2010 13:35:26 +0100
Source: tor
Binary: tor tor-dbg tor-geoipdb
Architecture: all amd64 i386 source 
Version: 0.2.2.20-alpha-1
Distribution: experimental
Urgency: high
Maintainer: Peter Palfrader <weasel@debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description:
 tor        - anonymizing overlay network for TCP
 tor-dbg    - debugging symbols for Tor
 tor-geoipdb - geoIP database for Tor
Changes:
 tor (0.2.2.20-alpha-1) experimental; urgency=high
 .
   * New upstream version.
     - Fix a remotely exploitable bug that could be used to crash instances
       of Tor remotely by overflowing on the heap. Remote-code execution
       hasn't been confirmed, but can't be ruled out (CVE-2010-1676).
   * Since the dawn of time (0.0.2pre19-1, January 2004, initial release
     of the debian package), the postinst script has changed ownership and
     permissions of various trees like /var/lib/tor, /var/run/tor, and
     /var/log/tor, sometimes recursively.
     .
     It turns out this actually is a security issue, so try to be more
     conservative when fixing up modes and only chown/chgrp
     /var/{lib,log,run}/tor directly, never recursively.
   * Remove /var/run/tor, recursively, on purge.  We already do this
     for /var/lib/tor and /var/log/tor.
Checksums-Sha1: 
 11eb8f1ff8f250ac46b382736028ac51ebda49a5 1117106 tor-geoipdb_0.2.2.20-alpha-1_all.deb
 14d00b889b114a36d397744ac892a27d705da1c0 29775 tor_0.2.2.20-alpha-1.diff.gz
 19c43e65778393e7df4c3646c3750ecbcd8837fb 1487 tor_0.2.2.20-alpha-1.dsc
 34597c6f4b5d9e9b3009282d483c2eaebe99691a 1081358 tor-dbg_0.2.2.20-alpha-1_i386.deb
 7c5149bc61e4f72173c0883f7e8187c1d5fe0e2f 1102068 tor-dbg_0.2.2.20-alpha-1_amd64.deb
 9ab592879225a3c3e43d0d9911b0eabba428cbe7 1090254 tor_0.2.2.20-alpha-1_amd64.deb
 a3825ab47b21b877f80387608d5f7773cb0d234d 2589173 tor_0.2.2.20-alpha.orig.tar.gz
 cf2c8f2f6ff072080a9df5bcbcc8a654fdeb54ea 1005352 tor_0.2.2.20-alpha-1_i386.deb
Checksums-Sha256: 
 3397f5d957398a7b52bc37316ceef58e9ee902c0c43063faaf0779faac0df08e 1102068 tor-dbg_0.2.2.20-alpha-1_amd64.deb
 59d0dbc31644c5b32d3a79289763b8251d3351fab0d83c9e9532d1059f20b4b6 1005352 tor_0.2.2.20-alpha-1_i386.deb
 91abdb8cfe996535ca1aa1329067568d1761936bf78cd3e3260bc1601e616a82 29775 tor_0.2.2.20-alpha-1.diff.gz
 a6305a6ce0f81d4242cfe1fefd52ef014a61cd5bb1c389afa75c24c23cd61edf 1090254 tor_0.2.2.20-alpha-1_amd64.deb
 b447706235074ced2a1349ee0480c7581fe0cdede5ed3d638a445bea00d94090 1487 tor_0.2.2.20-alpha-1.dsc
 d9bb2a637d35633f6a1d4ae1c22e0cc1280b65f82ac2cf9ab023aabd42bd3f67 1081358 tor-dbg_0.2.2.20-alpha-1_i386.deb
 e78c045c8d6e7bac68a0e6c2ff9831a461e6fe71b3b2cd5a41362d9555468eec 2589173 tor_0.2.2.20-alpha.orig.tar.gz
 ebed96dc9534132cbf260ba58aebb971b047ca85f1ec1e290e7630c749135632 1117106 tor-geoipdb_0.2.2.20-alpha-1_all.deb
Files: 
 14f79785ab81d297e1f903735b191949 1090254 net optional tor_0.2.2.20-alpha-1_amd64.deb
 17eb06865341dae2f4519f1afdcadb2f 1487 net optional tor_0.2.2.20-alpha-1.dsc
 519d011baf50253844133a9eee28f067 1102068 debug extra tor-dbg_0.2.2.20-alpha-1_amd64.deb
 cf42e0ddcca305ee85ec88453cba189e 1117106 net extra tor-geoipdb_0.2.2.20-alpha-1_all.deb
 d67427a325783022ff37443f57354e17 29775 net optional tor_0.2.2.20-alpha-1.diff.gz
 e4ce760732c235922067f5378ea0fa11 1081358 debug extra tor-dbg_0.2.2.20-alpha-1_i386.deb
 e6c994419df864e2e89abfcf832d5961 2589173 net optional tor_0.2.2.20-alpha.orig.tar.gz
 f852378ad5dfab575f2b4673678334cf 1005352 net optional tor_0.2.2.20-alpha-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJNDzCcAAoJEDTSCgbh3sV36zoH/iIRLKr7i+VBkyC+Xg4yRnpc
8aFV38mebdc0ZH8yiu4Cd1ghe1hamaI9RhdRvlBLLEecbaaKVQVjJuJK0bWC72Ki
jbWEkkCONgFF4KCw8EHt6pN2ZMTXJbxMTyLPCEkw3Qg4t+aqIWFa3r5H8OnlZwPr
WK1qV5e1KdjFBNW7E+KuBJprVk3UTDNHWIFJBcHM+nB8xpOVoj4Gu+2EXs6q1AUp
uKrJco4S6SLq/giP/G5PJXKSaadnCe/Hpny23Df8WTkmbX12U3yM4+X04NlCwdu5
AEJTnyYS5rCHAq79VkBBMQeofaM1lKmWuiniKutvBdsuHfoYiBtEiFSNAXNGAOw=
=sOHH
-----END PGP SIGNATURE-----


Accepted:
tor-dbg_0.2.2.20-alpha-1_amd64.deb
  to main/t/tor/tor-dbg_0.2.2.20-alpha-1_amd64.deb
tor-dbg_0.2.2.20-alpha-1_i386.deb
  to main/t/tor/tor-dbg_0.2.2.20-alpha-1_i386.deb
tor-geoipdb_0.2.2.20-alpha-1_all.deb
  to main/t/tor/tor-geoipdb_0.2.2.20-alpha-1_all.deb
tor_0.2.2.20-alpha-1.diff.gz
  to main/t/tor/tor_0.2.2.20-alpha-1.diff.gz
tor_0.2.2.20-alpha-1.dsc
  to main/t/tor/tor_0.2.2.20-alpha-1.dsc
tor_0.2.2.20-alpha-1_amd64.deb
  to main/t/tor/tor_0.2.2.20-alpha-1_amd64.deb
tor_0.2.2.20-alpha-1_i386.deb
  to main/t/tor/tor_0.2.2.20-alpha-1_i386.deb
tor_0.2.2.20-alpha.orig.tar.gz
  to main/t/tor/tor_0.2.2.20-alpha.orig.tar.gz

Reply to:

Prev by Date: Accepted velvet 1.0.15~nozlibcopy-2 (source all amd64)
Next by Date: Accepted amsn 0.98.3-3 (source all amd64)
Previous by thread: Accepted velvet 1.0.15~nozlibcopy-2 (source all amd64)
Next by thread: Accepted amsn 0.98.3-3 (source all amd64)
Index(es):
- Date
- Thread