security update: tor (0.2.0.34-1)

To: debian-release@lists.debian.org
Subject: security update: tor (0.2.0.34-1)
From: Peter Palfrader <weasel@debian.org>
Date: Mon, 9 Feb 2009 14:04:00 +0100
Message-id: <20090209130400.GD14861@anguilla.noreply.org>

Hi,

I uploaded this bugfix-only release a few hours ago.  It closes these
two debian bugs (It also fixes a third bug which I have not confirmed
affects Debian).

|  tor (0.2.0.34-1) unstable; urgency=high
|  .
|    * New upstream version:
|       - Avoid a potential crash on exit nodes when processing malformed
|         input.  Remote DoS opportunity (closes: #514579).
|       - Fix a temporary DoS vulnerability that could be performed by
|         a directory mirror (closes: #514580).

s/potential// - It's actually pretty trivial to induce once you know how.

Please unblock.
-- 
                           |  .''`.  ** Debian GNU/Linux **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/

Reply to:

Follow-Ups:
- Re: security update: tor (0.2.0.34-1)
  - From: Luk Claes <luk@debian.org>

Prev by Date: Re: Draft for lenny release announcement
Next by Date: Re: Draft for lenny release announcement
Previous by thread: debian-release@lists.debian.org
Next by thread: Re: security update: tor (0.2.0.34-1)
Index(es):
- Date
- Thread