Your message dated Tue, 23 May 2006 14:17:25 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#349283: fixed in tor 0.1.1.20-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: tor
Version: 0.1.0.16-1
Severity: grave
Tags: security
Justification: user security hole
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Source: http://archives.seul.org/or/announce/Jan-2006/msg00001.html
Basically an attacker who can run a fast Tor server can find the location of a
hidden service in a matter of hours, possibly even minutes. This is fixed in
0.1.1.12-alpha, but as this is an alpha release it may contain other bugs.
- -- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD0s8gqlk5sZw9W7kRArprAKCk6rq93AwexRo3Mnp3ovaPztZTugCfRdZM
noaYhcZw50wxwg4MiKZn5H4=
=RRVR
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: tor
Source-Version: 0.1.1.20-1
We believe that the bug you reported is fixed in the latest version of
tor, which is due to be installed in the Debian FTP archive:
tor-dbg_0.1.1.20-1_i386.deb
to pool/main/t/tor/tor-dbg_0.1.1.20-1_i386.deb
tor_0.1.1.20-1.diff.gz
to pool/main/t/tor/tor_0.1.1.20-1.diff.gz
tor_0.1.1.20-1.dsc
to pool/main/t/tor/tor_0.1.1.20-1.dsc
tor_0.1.1.20-1_i386.deb
to pool/main/t/tor/tor_0.1.1.20-1_i386.deb
tor_0.1.1.20.orig.tar.gz
to pool/main/t/tor/tor_0.1.1.20.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Peter Palfrader <[EMAIL PROTECTED]> (supplier of updated tor package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 23 May 2006 20:16:25 +0200
Source: tor
Binary: tor-dbg tor
Architecture: source i386
Version: 0.1.1.20-1
Distribution: unstable
Urgency: low
Maintainer: Peter Palfrader <[EMAIL PROTECTED]>
Changed-By: Peter Palfrader <[EMAIL PROTECTED]>
Description:
tor - anonymizing overlay network for TCP
tor-dbg - debugging symbols for Tor
Closes: 338797 349283
Changes:
tor (0.1.1.20-1) unstable; urgency=low
.
* New upstream stable release: The 0.1.1.x tree is now the new stable
tree. Upload to unstable rather than experimental.
.
tor (0.1.1.19-rc-1) experimental; urgency=low
.
* New upstream version.
* Remove support for my nodoc DEB_BUILD_OPTIONS variable. It clutters
stuff and I haven't used it in ages.
* Update debian/tor.docs file.
.
tor (0.1.1.18-rc-1) experimental; urgency=low
.
* New upstream version.
* update debian/tor.doc:
- no longer ship INSTALL and README files, they are useless now.
- doc/stylesheet.css, doc/tor-doc-server.html, doc/tor-doc-unix.html,
doc/tor-hidden-service.html, doc/tor-switchproxy.html got replaced
by doc/website/stylesheet.css and doc/website/tor-* which is more
or less the same, only taken from the website. Some links are
probably broken still, but this should get fixed eventually.
.
tor (0.1.1.17-rc-1) experimental; urgency=low
.
* New upstream version.
* Forward port patches/07_log_to_file_by_default.
.
tor (0.1.1.16-rc-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.1.1.15-rc-1) experimental; urgency=low
.
* New upstream version.
* Apparently passing --host to configure when not cross-compiling
is evil now and greatly confuses configure. So don't do it unless it
actually differs from --build host.
.
tor (0.1.1.14-alpha-1) experimental; urgency=low
.
* New upstream version.
* Include 0.1.0.17 changelog in experimental tree.
* doc/FAQ is no longer shipped, so remove it from debian/tor.docs.
.
tor (0.1.1.13-alpha-1) experimental; urgency=low
.
* New upstream version.
* Forward port patches/02_add_debian_files_in_manpage.
* Forward port patches/03_tor_manpage_in_section_8.
* Create /var/run/tor on init script start if it does
not exist already.
* Set default ulimit -n to 8k instead of 4k in /etc/default/tor.
* Print that we're raising the ulimit to stdout in the init script.
* Add CVE numbers to past issues in the changelog where applicable.
.
tor (0.1.1.12-alpha-1) experimental; urgency=low
.
* New upstream version, that was a quick one. :)
* Forward port patches/02_add_debian_files_in_manpage.
.
tor (0.1.1.11-alpha-1) experimental; urgency=low
.
* New upstream version.
- Implement "entry guards": automatically choose a handful of entry
nodes and stick with them for all circuits. This will increase
security dramatically against certain end-point attacks
(closes: #349283, CVE-2006-0414).
* Forward port patches/07_log_to_file_by_default.
* Forward port 0.1.0.16 changelog and change to copyright file.
.
tor (0.1.1.10-alpha-1) experimental; urgency=low
.
* New upstream version.
* doc/tor-doc.css and doc/tor-doc.html are no longer in the upstream
tarball, remove them from debian/tor.docs.
* add the following new files to tor.docs: doc/socks-extensions.txt,
doc/stylesheet.css, doc/tor-doc-server.html, doc/tor-doc-unix.html
.
tor (0.1.1.9-alpha-1) experimental; urgency=low
.
* New upstream version.
* Remove 08_add_newlines_between_serverdescriptors.dpatch.
* Update 06_add_compile_time_defaults.dpatch
* Use bin/bash for the init script instead of bin/sh. We are using
ulimit -n which is not POSIX (closes: #338797).
* Remove the EVENT_NOEPOLL block from etc/default/tor.
* Add an ARGS block to etc/default/tor as suggested in #338425.
.
tor (0.1.1.8-alpha-1) experimental; urgency=low
.
* New upstream version.
* Add patch from CVS to
"Insert a newline between all router descriptors when generating (old
style) signed directories, in case somebody was counting on that".
r1.247 of dirserv.c, <[EMAIL PROTECTED]>
.
tor (0.1.1.7-alpha-1) experimental; urgency=low
.
* New upstream version.
* More merging from 0.1.0.14+XXXX:
- The tor-dbg package does not really need its own copy of copyright
and changelog in usr/share/doc/tor-dbg.
* Forward port 03_tor_manpage_in_section_8.dpatch
.
tor (0.1.1.6-alpha-2) experimental; urgency=low
.
* Merge 0.1.0.14+XXXX changes.
.
tor (0.1.1.6-alpha-1) experimental; urgency=low
.
* Experimental upstream version.
.
tor (0.1.1.5-alpha-cvs-1) UNRELEASED; urgency=low
.
* Even more experimental cvs snapshot.
* Testsuite is mandatory again.
* Forward port 03_tor_manpage_in_section_8.dpatch
* Forward port 06_add_compile_time_defaults.dpatch
.
tor (0.1.1.5-alpha-1) UNRELEASED; urgency=low
.
* Experimental upstream version.
* Allow test suite to fail, it's broken in this version.
* Update list of files from doc/ that should be installed.
* Forward port debian/ patches.
Files:
4896542ee9c29fa2ea729ae101aa72b1 691 comm optional tor_0.1.1.20-1.dsc
51aac1749ff2549e8f3e1a172dc66992 828833 comm optional tor_0.1.1.20.orig.tar.gz
d01b4e34253285f0ca6f94aced1bda7f 69059 comm optional tor_0.1.1.20-1.diff.gz
1e9a05f5cd8cbf8b84d97a7419275e50 779498 comm optional tor_0.1.1.20-1_i386.deb
dec65943ffaee82ea1440936e4d9be23 411828 comm extra tor-dbg_0.1.1.20-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-cvs (GNU/Linux)
iD8DBQFEc1fMz/ccs6+kS90RAoVnAJ4kQ5TwEll9QbsO78liDWOMW5nS5gCeLeDC
Yunv7Jbht6OCyGeIH1djLGY=
=CZBf
-----END PGP SIGNATURE-----
--- End Message ---
