Your message dated Mon, 22 Nov 2010 01:54:45 +0000 with message-id <e1pklcd-0007su...@franck.debian.org> and subject line Bug#604198: fixed in tor 0.2.1.26-1~lenny+2 has caused the Debian Bug report #604198, regarding broken by CVE-2010-3864 patch in openssl to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 604198: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604198 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: tor Severity: grave Version: 0.2.1.26-1 The most recently uploaded openssl package contains a fix for CVE-2010-3864, the libssl threading vulnerability (re #603709). Unfortunately that patch breaks Tor relays on renegotiation again. The Tor people are working on a workaround for that. Cheers, -- | .''`. ** Debian GNU/Linux ** Peter Palfrader | : :' : The universal http://www.palfrader.org/ | `. `' Operating System | `- http://www.debian.org/
--- End Message ---
--- Begin Message ---Source: tor Source-Version: 0.2.1.26-1~lenny+2 We believe that the bug you reported is fixed in the latest version of tor, which is due to be installed in the Debian FTP archive: tor-dbg_0.2.1.26-1~lenny+2_i386.deb to main/t/tor/tor-dbg_0.2.1.26-1~lenny+2_i386.deb tor-geoipdb_0.2.1.26-1~lenny+2_all.deb to main/t/tor/tor-geoipdb_0.2.1.26-1~lenny+2_all.deb tor_0.2.1.26-1~lenny+2.diff.gz to main/t/tor/tor_0.2.1.26-1~lenny+2.diff.gz tor_0.2.1.26-1~lenny+2.dsc to main/t/tor/tor_0.2.1.26-1~lenny+2.dsc tor_0.2.1.26-1~lenny+2_i386.deb to main/t/tor/tor_0.2.1.26-1~lenny+2_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 604...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Peter Palfrader <wea...@debian.org> (supplier of updated tor package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 21 Nov 2010 21:33:40 +0100 Source: tor Binary: tor tor-dbg tor-geoipdb Architecture: source all i386 Version: 0.2.1.26-1~lenny+2 Distribution: stable Urgency: low Maintainer: Peter Palfrader <wea...@debian.org> Changed-By: Peter Palfrader <wea...@debian.org> Description: tor - anonymizing overlay network for TCP tor-dbg - debugging symbols for Tor tor-geoipdb - geoIP database for Tor Closes: 604198 Changes: tor (0.2.1.26-1~lenny+2) stable; urgency=low . * Add debian/patches/15_tlsext_host_name: Work around change in libssl0.9.8 (0.9.8g-15+lenny9 and 0.9.8o-3), taken from 0.2.1.27 (closes: #604198): . Do not set the tlsext_host_name extension on server SSL objects; only on client SSL objects. We set it to immitate a browser, not a vhosting server. This resolves an incompatibility with openssl 0.9.8p and openssl 1.0.0b. Fixes bug 2204; bugfix on 0.2.1.1-alpha. * Also from 0.2.1.27: Add maatuska as eighth v3 directory authority. The directory authority servers are the trusted nodes that sign the directory of all Tor servers. This adds an 8th authority to the existing list, improving robustness. * If we have a debian/micro-revision.i, replace the one in src/or with our copy so that this will be the revision that ends up in the binary. This is an informational only version string, but it'd be kinda nice if it was (more) accurate nonetheless. (Backported from 0.2.2.2-alpha-1 from September 2009.) Checksums-Sha1: b4b1e4e6c82ef3bb2e7d36e8d2b0e0e757b777f3 1493 tor_0.2.1.26-1~lenny+2.dsc 491896b3e59a8da84e758403b8f13baef4117d28 84023 tor_0.2.1.26-1~lenny+2.diff.gz 550fb48e0fc7aca794705a9b33b5e132bbfcdbb0 805210 tor-geoipdb_0.2.1.26-1~lenny+2_all.deb 6721201cd2b5aae86a8e73550d4cbb22e7eb91fd 1319230 tor_0.2.1.26-1~lenny+2_i386.deb ff9052afb5c0c4958ba26433b345b5332a1dbe23 914432 tor-dbg_0.2.1.26-1~lenny+2_i386.deb Checksums-Sha256: 0c1645f4891f17d3539164119b5ff2fd8e5017e5a790281ec909d82aa3f43d14 1493 tor_0.2.1.26-1~lenny+2.dsc dd5e6ae5cb6c221097cea8d65bda053b3c61ded6ac13623d760c6d7d86631198 84023 tor_0.2.1.26-1~lenny+2.diff.gz 42070d50a5247f8afbf4cd0c0794709aa5618d755448ea35fd366a57287b7bdf 805210 tor-geoipdb_0.2.1.26-1~lenny+2_all.deb 0e41373a022263b60867de3a58cb40b7294953f216683579b6016889e342ea1f 1319230 tor_0.2.1.26-1~lenny+2_i386.deb 08034729e047affae665c23314938ace83b084f192b944fd8a17854e2190e2c9 914432 tor-dbg_0.2.1.26-1~lenny+2_i386.deb Files: eaab90bca089e0d4d07973c79d0b5762 1493 comm optional tor_0.2.1.26-1~lenny+2.dsc 71a4d2e6ddc81c7f76f0ba2d91326624 84023 comm optional tor_0.2.1.26-1~lenny+2.diff.gz eecd9acd24b7ee9c10aec594044c2b2c 805210 comm extra tor-geoipdb_0.2.1.26-1~lenny+2_all.deb 92e1d39a07763b7fb1772dea068b424f 1319230 comm optional tor_0.2.1.26-1~lenny+2_i386.deb 9f10edb289a3411258f641ea4c8656c1 914432 debug extra tor-dbg_0.2.1.26-1~lenny+2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJM6ZkYAAoJEDTSCgbh3sV3rtkIAKqW1TRMB9NpjnbPTR4lFnqq 7+AH/RJpyxTd12tj2rYCLstrzfze+m6ORgB0caX7QAuxQ0741+wLppTnjj8I60yd TmATYQdcyMu6j+hqJ5wmrmW43mC42OCnH7MZLq3Iyyzey9hFbeB8dRr+0VV4Y4ZS FQoc3YLUHLX+QupfcflgBu5lQbzVzmBCcFDrvW2YELbG5P4UFyVjCsEGSeUH822b G02AJ0E3CKiQr/Euj82T9IOmxNVmUWssLjUXa7b3iF8SI6H9ypSYR2xW9uMjDnb1 Bnb9pOg5dlQ+mGe6XtsAIIcYFZs2yr+etzgtv8k+3higyWt0iYAQDVBNhakx9YM= =hGO/ -----END PGP SIGNATURE-----
--- End Message ---
