[ubuntu/quantal] tor 0.2.3.22-rc-1 (Accepted)

[Jamie Strandboge]

tor (0.2.3.22-rc-1) unstable; urgency=high

  [ Peter Palfrader ]
  * New upstream version:
    - Fix an assertion failure in tor_timegm() that could be triggered
      by a badly formatted directory object. Bug found by fuzzing with
      Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.

  [ Stefano Zacchiroli ]
  * README.privoxy, README.polipo: explicitly set socks type to socks5.

tor (0.2.3.21-rc-1) unstable; urgency=low

  * New upstream version, changes including:
    - Tear down the circuit if we get an unexpected SENDME cell. Clients
      could use this trick to make their circuits receive cells faster
      than our flow control would have allowed, or to gum up the network,
      or possibly to do targeted memory denial-of-service attacks on
      entry nodes.
    - Reject any attempt to extend to an internal address. Without
      this fix, a router could be used to probe addresses on an internal
      network to see whether they were accepting connections.
    - Do not crash when comparing an address with port value 0 to an
      address policy.
    For details please see the upstream changelog.

Date: 2012-09-12 16:23:26.661367+00:00
Changed-By: Peter Palfrader <weasel at debian.org>
Signed-By: Jamie Strandboge <jamie at ubuntu.com>
https://launchpad.net/ubuntu/quantal/+source/tor/0.2.3.22-rc-1
-------------- next part --------------
Sorry, changesfile not available.