Bug#514579: marked as done (remote denial of service (crash) on servers)

[Debian Bug Tracking System]

Your message dated Mon, 09 Feb 2009 09:47:05 +0000
with message-id <e1lwsjj-0008pc...@ries.debian.org>
and subject line Bug#514579: fixed in tor 0.2.0.34-1
has caused the Debian Bug report #514579,
regarding remote denial of service (crash) on servers
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
514579: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514579
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: tor
Version: 0.2.0.33-1
Severity: grave

Given specially crafted input from clients tor exit nodes will crash.
Fixed in 0.2.0.34.

--- End Message ---

--- Begin Message ---

Source: tor
Source-Version: 0.2.0.34-1

We believe that the bug you reported is fixed in the latest version of
tor, which is due to be installed in the Debian FTP archive:

tor-dbg_0.2.0.34-1_i386.deb
  to pool/main/t/tor/tor-dbg_0.2.0.34-1_i386.deb
tor-geoipdb_0.2.0.34-1_all.deb
  to pool/main/t/tor/tor-geoipdb_0.2.0.34-1_all.deb
tor_0.2.0.34-1.diff.gz
  to pool/main/t/tor/tor_0.2.0.34-1.diff.gz
tor_0.2.0.34-1.dsc
  to pool/main/t/tor/tor_0.2.0.34-1.dsc
tor_0.2.0.34-1_i386.deb
  to pool/main/t/tor/tor_0.2.0.34-1_i386.deb
tor_0.2.0.34.orig.tar.gz
  to pool/main/t/tor/tor_0.2.0.34.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 514...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Peter Palfrader <wea...@debian.org> (supplier of updated tor package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 09 Feb 2009 09:53:48 +0100
Source: tor
Binary: tor tor-dbg tor-geoipdb
Architecture: source all i386
Version: 0.2.0.34-1
Distribution: unstable
Urgency: high
Maintainer: Peter Palfrader <wea...@debian.org>
Changed-By: Peter Palfrader <wea...@debian.org>
Description: 
 tor        - anonymizing overlay network for TCP
 tor-dbg    - debugging symbols for Tor
 tor-geoipdb - geoIP database for Tor
Closes: 514579 514580
Changes: 
 tor (0.2.0.34-1) unstable; urgency=high
 .
   * New upstream version:
      - Avoid a potential crash on exit nodes when processing malformed
        input.  Remote DoS opportunity (closes: #514579).
      - Fix a temporary DoS vulnerability that could be performed by
        a directory mirror (closes: #514580).
Checksums-Sha1: 
 85d041f023d5cf9d721f3e3b0893ccbffd6827b5 1164 tor_0.2.0.34-1.dsc
 6797b85cf4bd44a3a1c3ff1ccb9c46b55f9391f9 2170871 tor_0.2.0.34.orig.tar.gz
 769f0da355d2ed9d531082c699b9f68ecf43f219 77902 tor_0.2.0.34-1.diff.gz
 6e41d35a715b1db3c3d526e59346c4ebcaaf78cb 714102 tor-geoipdb_0.2.0.34-1_all.deb
 9042da5204c6f6dc06df367421d68e9552b67a36 1217002 tor_0.2.0.34-1_i386.deb
 4ebfdb22e9d2d53487f494cd744c2609c44f2c69 851054 tor-dbg_0.2.0.34-1_i386.deb
Checksums-Sha256: 
 70874f49e69591ae0d3cc4ec8a2935494e167cf861b4b491cef6566ef3cdfd48 1164 
tor_0.2.0.34-1.dsc
 1bb19bcc52d365b47dd0e7bc06e3208786447a1cf759d6595c516a0f0cde3cb2 2170871 
tor_0.2.0.34.orig.tar.gz
 744d2fa9a5ced760e52d3d7d2b2270719a45c23c79a8bd2c842aca58241f879b 77902 
tor_0.2.0.34-1.diff.gz
 07223496560f7f4e01564c8f4c3839aa7a87519203795920062932f1aedc757a 714102 
tor-geoipdb_0.2.0.34-1_all.deb
 65c7c2ea2ba288e0bcf2a6879eee96cf8e7d99ea6c1601656e008aa2dd324f22 1217002 
tor_0.2.0.34-1_i386.deb
 183138a9b9c48c00984afd93be5f0edd56c86008faddec4c1657d5040f821f86 851054 
tor-dbg_0.2.0.34-1_i386.deb
Files: 
 a806d03ef1176800ed64aea32e70925f 1164 comm optional tor_0.2.0.34-1.dsc
 f20011be23d5a76988233df12c346f41 2170871 comm optional tor_0.2.0.34.orig.tar.gz
 a21b2f4930f599c843ca5e83fe75a95a 77902 comm optional tor_0.2.0.34-1.diff.gz
 53068202d6de4bddd0cfdc91c5e2395e 714102 comm extra 
tor-geoipdb_0.2.0.34-1_all.deb
 6b2691eea2cabf0061f88f00e4a9cf82 1217002 comm optional tor_0.2.0.34-1_i386.deb
 df3cd97edec1f2e76f569c941b244036 851054 comm extra tor-dbg_0.2.0.34-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkmP+B8ACgkQz/ccs6+kS93euACfQ6eTlf2P2MwSYO7IJl92P6Uk
vCwAn3DxCdpnuvsKrq6NDkPp0WcWJP3n
=SF4h
-----END PGP SIGNATURE-----

--- End Message ---