Bug#864424: marked as done (tor onion services: remote assertion failure)

[Debian Bug Tracking System]

Your message dated Thu, 08 Jun 2017 21:08:29 +0000
with message-id <e1dj4fn-000a6m...@fasolo.debian.org>
and subject line Bug#864424: fixed in tor 0.3.0.8-1
has caused the Debian Bug report #864424,
regarding tor onion services: remote assertion failure
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
864424: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864424
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: tor
Version: 0.2.2.1-alpha-1
Severity: serious
Tags: security

There is a remotely triggerable assertion failure in Tor onion services.

This is a DoS issue for any tor instance providing an onion service.
Tor in all of Debian's suites is affected.

It's tracked as TROVE-2017-005, https://bugs.torproject.org/22494, 
CVE-2017-0376.


[Additionally, Tor in experimental is affected by TROVE-2017-004,
 https://bugs.torproject.org/22493 CVE-2017-0375.]
-- 
                            |  .''`.       ** Debian **
      Peter Palfrader       | : :' :      The  universal
 https://www.palfrader.org/ | `. `'      Operating System
                            |   `-    https://www.debian.org/

--- End Message ---

--- Begin Message ---

Source: tor
Source-Version: 0.3.0.8-1

We believe that the bug you reported is fixed in the latest version of
tor, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 864...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Peter Palfrader <wea...@debian.org> (supplier of updated tor package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 08 Jun 2017 21:42:54 +0200
Source: tor
Binary: tor tor-dbg tor-geoipdb
Architecture: source
Version: 0.3.0.8-1
Distribution: experimental
Urgency: medium
Maintainer: Peter Palfrader <wea...@debian.org>
Changed-By: Peter Palfrader <wea...@debian.org>
Description:
 tor        - anonymizing overlay network for TCP
 tor-dbg    - debugging symbols for Tor
 tor-geoipdb - GeoIP database for Tor
Closes: 864424
Changes:
 tor (0.3.0.8-1) experimental; urgency=medium
 .
   * New upstream version.
     - Fix a remotely triggerable assertion failure when a hidden service
       handles a malformed BEGIN cell. Fixes bug 22493, tracked as
       TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
     - Fix a remotely triggerable assertion failure caused by receiving a
       BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
       22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
       on 0.2.2.1-alpha.  (closes: #864424)
Checksums-Sha1:
 734dec62a0dc7017d1c5a5c59c19dfcb82649682 1820 tor_0.3.0.8-1.dsc
 c5e117ad3cc703cb870b7b8a147d6301ace235a7 5796845 tor_0.3.0.8.orig.tar.gz
 d130a775a4191bd7fd79610183b38851681ec629 41902 tor_0.3.0.8-1.diff.gz
Checksums-Sha256:
 130470abf33fdffd85f1ab67d0b8834733b5d4760bdbd4e57b1a40960683d0e5 1820 
tor_0.3.0.8-1.dsc
 663a3ba7b8a124c0f8a7351eaa2dda6fd518de3f3c4ee28fff869bfb03860d48 5796845 
tor_0.3.0.8.orig.tar.gz
 90bfe46527ec99cacb0f23bbf627fc4cb7b79490e6eebed279e3d46b70be6c22 41902 
tor_0.3.0.8-1.diff.gz
Files:
 3d90f38eb41d9002b527d9f212c52528 1820 net optional tor_0.3.0.8-1.dsc
 c5c88b7e17f652c9fb4fc2c2ee92943c 5796845 net optional tor_0.3.0.8.orig.tar.gz
 bb37a5ad8ca4bc7edf84b3d7a650e354 41902 net optional tor_0.3.0.8-1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJZObA6AAoJEIYCyCA4cjMf4h4H/06bq1ScOEsODfKvNTQCcgXq
eaxKgRgVOiDxECXjEgINXvjI8Nf+7z7L4hWVw2l3292m7hsfGgAltMagwltAl+4w
qj0jaeBsoi/VwLjXZXXHrA8ZHK/mUNesZKuGTSrC4BoQC+PbYGBQaiuGgPBw6pZn
2ceiFfVFR2H8kTaUQK2xabBU1Mc83BHHy+vjsYV2aybio2SxPKeCdlVbFKdYitIO
90VzJf2rmGizzDjbnftFjwqZ3ceb/q4g9Q+LuR7QijiI+UBA0EYY+WLbia649+Vl
F9jtwiWkVAzvgStk9cVvzlXWMwEbYxqpS+TTN8kn8ifegAe2SkfkEeKba87BLu8=
=NNN2
-----END PGP SIGNATURE-----

--- End Message ---