tor update for squeeze
Hey,
Tor is releasing version 0.2.1.29, a release with lots of security
fixes, both minor and not so minor, including one for CVE-2011-0427
(heap overflow bug, potential remote code execution), a denial of
service involving compression bombs, and zeroing out of cryptographic
keys after use to resist cold boot attacks somewhat better.
I went over all the commits but, as already discussed on IRC, I ended up
with a version that was almost equivalent to 0.2.1.29 anyway, modulo
several comment updates, copyright statement updates, autoconf fu and a
very few fixes of which I'm not entirely sure they aren't security
relevant either.
Also, most of upstream's 0.2.1.28 was already in our tor 0.2.1.26-XX.
There seemed to be an agreement that putting 0.2.1.29 into squeeze was
the smartest course of action, especially with an eye to making future
security updates easier.
Therefore I have uploaded a tor package 0.2.1.29-1 to unstable.
If you still agree with this course of action please unblock.
Cheers,
weasel
--
| .''`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/
Reply to: