--------------------------------------------------------------------------- Debian Volatile Update Announcement VUA 74-1 http://volatile.debian.org debian-volatile@lists.debian.org Peter Palfrader November 22nd, 2010 --------------------------------------------------------------------------- Package : tor Version : 0.2.1.26-1~lennyvolatile2 (Lenny) Importance : medium The recent openssl security update in stable (DSA-2125-1), which fixes a TLS extension parsing race condition, unfortunately also causes a particular behaviour change in the libssl library. This change results in all Tor relays (including bridge relays) running Tor versions 0.2.1.x or 0.2.2.x to silently cease to work. The previous version released through lenny-volatile (0.2.1.26-1~lennyvolatile1) is affected by this problem. This Debian Volatile update incorporates a patch from the upcoming Tor 0.2.1.27 release which resolves the incompatibility, thus restoring relay functionality. We recommend that all Tor relays or bridge relays running Tor 0.2.1.26 on Debian lenny (Debian 5.0, stable) update their Tor package to version 0.2.1.26-1~lennyvolatile2 (now in volatile), or any other similarly fixed package. Tor 0.2.0.35 - the version currently in stable - is not affected by this particular problem, however a different upcoming openssl change will also break tor 0.2.0.x relays. Therefore an update to the version in stable is planned for the near future. Upgrade Instructions -------------------- You can get the updated packages at http://volatile.debian.org/debian-volatile/pool/volatile/main/t/tor and install them with dpkg, or add the volatile archive for Lenny to your /etc/apt/sources.list: deb http://volatile.debian.org/debian-volatile lenny/volatile main deb-src http://volatile.debian.org/debian-volatile lenny/volatile main You can also use any of our mirrors. See `http://www.debian.org/volatile/volatile-mirrors' for the full list of mirrors. The archive signing keys were included in Debian Lenny. For further information about debian-volatile, please refer to `http://www.debian.org/volatile/'. If there are any issues, please don't hesitate to get in touch with the debian-volatile team at `debian-volatile@lists.debian.org'.
Attachment:
signature.asc
Description: Digital signature