Bug#604198: marked as done (broken by CVE-2010-3864 patch in openssl)

Sun, 21 Nov 2010 16:21:25 -0800 

Your message dated Mon, 22 Nov 2010 00:05:05 +0000
with message-id <e1pkju5-0005az...@valente.debian.org>
and subject line Bug#604198: fixed in tor 0.2.1.26-1~lennyvolatile2
has caused the Debian Bug report #604198,
regarding broken by CVE-2010-3864 patch in openssl
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
604198: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604198
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: tor
Severity: grave
Version: 0.2.1.26-1

The most recently uploaded openssl package contains a fix for
CVE-2010-3864, the libssl threading vulnerability (re #603709).

Unfortunately that patch breaks Tor relays on renegotiation again.

The Tor people are working on a workaround for that.

Cheers,
-- 
                           |  .''`.  ** Debian GNU/Linux **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/

--- End Message ---
--- Begin Message --- 
Source: tor
Source-Version: 0.2.1.26-1~lennyvolatile2

We believe that the bug you reported is fixed in the latest version of
tor, which is due to be installed in the volatile.debian.org FTP archive:

tor-dbg_0.2.1.26-1~lennyvolatile2_amd64.deb
  to pool/volatile/main/t/tor/tor-dbg_0.2.1.26-1~lennyvolatile2_amd64.deb
tor-dbg_0.2.1.26-1~lennyvolatile2_i386.deb
  to pool/volatile/main/t/tor/tor-dbg_0.2.1.26-1~lennyvolatile2_i386.deb
tor-geoipdb_0.2.1.26-1~lennyvolatile2_all.deb
  to pool/volatile/main/t/tor/tor-geoipdb_0.2.1.26-1~lennyvolatile2_all.deb
tor_0.2.1.26-1~lennyvolatile2.diff.gz
  to pool/volatile/main/t/tor/tor_0.2.1.26-1~lennyvolatile2.diff.gz
tor_0.2.1.26-1~lennyvolatile2.dsc
  to pool/volatile/main/t/tor/tor_0.2.1.26-1~lennyvolatile2.dsc
tor_0.2.1.26-1~lennyvolatile2_amd64.deb
  to pool/volatile/main/t/tor/tor_0.2.1.26-1~lennyvolatile2_amd64.deb
tor_0.2.1.26-1~lennyvolatile2_i386.deb
  to pool/volatile/main/t/tor/tor_0.2.1.26-1~lennyvolatile2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 604...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

volatile.debian.org distribution maintenance software
pp.
Peter Palfrader <wea...@debian.org> (supplier of updated tor package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@volatile.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 21 Nov 2010 21:33:40 +0100
Source: tor
Binary: tor tor-dbg tor-geoipdb
Architecture: all amd64 i386 source 
Version: 0.2.1.26-1~lennyvolatile2
Distribution: lenny-volatile
Urgency: low
Maintainer: Peter Palfrader <wea...@debian.org>
Changed-By: Peter Palfrader <wea...@debian.org>
Closes: 604198
Description:
 tor        - anonymizing overlay network for TCP
 tor-dbg    - debugging symbols for Tor
 tor-geoipdb - geoIP database for Tor
Changes:
 tor (0.2.1.26-1~lennyvolatile2) lenny-volatile; urgency=low
 .
   * Add debian/patches/15_tlsext_host_name: Work around change in libssl0.9.8
     (0.9.8g-15+lenny9 and 0.9.8o-3), taken from 0.2.1.27 (closes: #604198):
     .
     Do not set the tlsext_host_name extension on server SSL objects; only on
     client SSL objects.  We set it to immitate a browser, not a vhosting
     server. This resolves an incompatibility with openssl 0.9.8p and openssl
     1.0.0b.  Fixes bug 2204; bugfix on 0.2.1.1-alpha.
   * Also from 0.2.1.27: Add maatuska as eighth v3 directory authority.
     The directory authority servers are the trusted nodes that sign the
     directory of all Tor servers.  This adds an 8th authority to the
     existing list, improving robustness.
   * If we have a debian/micro-revision.i, replace the one in src/or
     with our copy so that this will be the revision that ends up in
     the binary.  This is an informational only version string, but
     it'd be kinda nice if it was (more) accurate nonetheless.
     (Backported from 0.2.2.2-alpha-1 from September 2009.)
Checksums-Sha1: 
 147c34627d946939499feeb03d5d1561ba9e568e 804946 
tor-geoipdb_0.2.1.26-1~lennyvolatile2_all.deb
 60847e4319430c97687472e4774e2be52da15562 1521 tor_0.2.1.26-1~lennyvolatile2.dsc
 2095d36b9fe2729534b33ce76346499e5bf49ea0 970494 
tor-dbg_0.2.1.26-1~lennyvolatile2_amd64.deb
 21029df07aa88cb63b7552fe8983e962d014b7a3 1319056 
tor_0.2.1.26-1~lennyvolatile2_i386.deb
 64c9ed75a5bab2fe756c31e84e069d30e728a60d 83739 
tor_0.2.1.26-1~lennyvolatile2.diff.gz
 6cd8e230b622698809f20ed916ab14f645e8ef0a 914466 
tor-dbg_0.2.1.26-1~lennyvolatile2_i386.deb
 8d86235c72313e1d0874ad9f2a2532a31d9d7158 1379982 
tor_0.2.1.26-1~lennyvolatile2_amd64.deb
Checksums-Sha256: 
 8c98b8e0f571e7807afc26b93ce46d387d5c9b135470bf2f25bcb9ccbddcbb54 1521 
tor_0.2.1.26-1~lennyvolatile2.dsc
 48d76ff418a254c8f4d5e9e8a33c7c4afc5b53e4685b929059e10c16893f8410 804946 
tor-geoipdb_0.2.1.26-1~lennyvolatile2_all.deb
 74298561c14071c8f8cd86eeb54951bf78e618502d3229558b6536a12d187c55 1379982 
tor_0.2.1.26-1~lennyvolatile2_amd64.deb
 7b65f41a4ebbbf78eed915ca4bf840ebd98871fd298ab9b8e20e122e585f3676 970494 
tor-dbg_0.2.1.26-1~lennyvolatile2_amd64.deb
 97c56e47d82ece3e122f6d0f8f6aa4e11b0567ee300eec1593a294ee3a1e0fe4 914466 
tor-dbg_0.2.1.26-1~lennyvolatile2_i386.deb
 db68ebe5050782da55eefe6cdcc6c349c26f8d6eb7ce5cca71b432470aa13cb6 1319056 
tor_0.2.1.26-1~lennyvolatile2_i386.deb
 e141f364d5bf2000078b008c2e28e061000411f4f1788316a3fd1204b8d88206 83739 
tor_0.2.1.26-1~lennyvolatile2.diff.gz
Files: 
 32f3d5db50dab9b7f4335fc1003a4ae4 1319056 comm optional 
tor_0.2.1.26-1~lennyvolatile2_i386.deb
 35fdfb389abdb5c49c6660b13b21cd18 914466 debug extra 
tor-dbg_0.2.1.26-1~lennyvolatile2_i386.deb
 5dbac374968c9112cb1b358a32b12698 1521 comm optional 
tor_0.2.1.26-1~lennyvolatile2.dsc
 82fce0ae8c2f60eb744195eb5f8f766e 83739 comm optional 
tor_0.2.1.26-1~lennyvolatile2.diff.gz
 d6f064980e080f72ac249f81d593ab20 1379982 comm optional 
tor_0.2.1.26-1~lennyvolatile2_amd64.deb
 ed2a860836bf1db5cccc31241fffb274 970494 debug extra 
tor-dbg_0.2.1.26-1~lennyvolatile2_amd64.deb
 f94dfe3519700181ed2d68afad8e692c 804946 comm extra 
tor-geoipdb_0.2.1.26-1~lennyvolatile2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJM6bAvAAoJEDTSCgbh3sV3h10H/iy/kHuWR0z4kZ7C6WNmBKJ0
TopEax1LS506MNH29NhJbn6HfH/5C47rSIAQCJtl/rkEKj+jWjyYAEOjSQTpr1Uv
os1NkqLNbNMYdjxhbfSpY5UQTmIjgsvxrSZ3zWC9YiaRJiBCjfSDi1VnkAepdeTl
OLnwNwLIE/IMewQJWfNwZ8jiRDdDgLsktQYn1+VwSstw7dTK8CdlTreaHRqgX9yX
1/gnNA1BDW53Jg5dnBhPmG+uS0YoNhZgEYsCuWh7Np7ayRxa9K7A1/GJsY+e9PM7
0/Bk797AfXMWnM4Mv5QOrcyeIHYwSWRqamTE2488fjTR6QQ4T8efs36i1eOfRsw=
=hhAo
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to