Bug#864424: marked as done (tor onion services: remote assertion failure)

[Debian Bug Tracking System]

Your message dated Sat, 24 Jun 2017 21:19:19 +0000
with message-id <e1dossd-0000ya...@fasolo.debian.org>
and subject line Bug#864424: fixed in tor 0.2.5.14-1
has caused the Debian Bug report #864424,
regarding tor onion services: remote assertion failure
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
864424: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864424
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: tor
Version: 0.2.2.1-alpha-1
Severity: serious
Tags: security

There is a remotely triggerable assertion failure in Tor onion services.

This is a DoS issue for any tor instance providing an onion service.
Tor in all of Debian's suites is affected.

It's tracked as TROVE-2017-005, https://bugs.torproject.org/22494, 
CVE-2017-0376.


[Additionally, Tor in experimental is affected by TROVE-2017-004,
 https://bugs.torproject.org/22493 CVE-2017-0375.]
-- 
                            |  .''`.       ** Debian **
      Peter Palfrader       | : :' :      The  universal
 https://www.palfrader.org/ | `. `'      Operating System
                            |   `-    https://www.debian.org/

--- End Message ---

--- Begin Message ---

Source: tor
Source-Version: 0.2.5.14-1

We believe that the bug you reported is fixed in the latest version of
tor, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 864...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Peter Palfrader <wea...@debian.org> (supplier of updated tor package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 08 Jun 2017 20:19:22 +0200
Source: tor
Binary: tor tor-dbg tor-geoipdb
Architecture: source all
Version: 0.2.5.14-1
Distribution: jessie-security
Urgency: medium
Maintainer: Peter Palfrader <wea...@debian.org>
Changed-By: Peter Palfrader <wea...@debian.org>
Description:
 tor        - anonymizing overlay network for TCP
 tor-dbg    - debugging symbols for Tor
 tor-geoipdb - GeoIP database for Tor
Closes: 864424
Changes:
 tor (0.2.5.14-1) jessie-security; urgency=medium
 .
   * New upstream version, fixing a hidden service related Denial of
     Service bug:
     - Fix a remotely triggerable assertion failure caused by receiving a
       BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
       22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
       on 0.2.2.1-alpha.  (closes: #864424)
   * The previous release, 0.2.5.13, already incorporates the changes made in
     Debian's updates of the 0.2.5.12 version.  Therefore, drop
     - debian/patches/tor-bug-20384-TROVE-2016-10-001
     - debian/patches/tor-bug-21018-TROVE-2016-12-002-CVE-2016-1254
     - debian/patches/update-authority-set
Checksums-Sha1:
 12a3d1b7f9d69bce58271ecda9fd1f12b51f5520 1761 tor_0.2.5.14-1.dsc
 f623ab0866a7a9ab881c81f9cbdbea59f821a88d 3685957 tor_0.2.5.14.orig.tar.gz
 be3484574c906b7cacf00362a4271c66980e70b0 35155 tor_0.2.5.14-1.diff.gz
 e7b34125211ff9e268b18cb85753208254f9df95 1015592 tor-geoipdb_0.2.5.14-1_all.deb
Checksums-Sha256:
 e6b7f0a197d95764917de7e55d10715ef57f1ffb014df99e04b9a56f8c8324a3 1761 
tor_0.2.5.14-1.dsc
 114f6925add7ab88ea36aea0229f9b9b7c05971d2316b040b3811350f7f3ff34 3685957 
tor_0.2.5.14.orig.tar.gz
 47acb67c827a5b6d31441155337b16f25938758d953c863c1a2cf2d654f1d79e 35155 
tor_0.2.5.14-1.diff.gz
 ac4a50ed2d72f144f66a287cc21e8134b6f5e7c8b7cf4ce965d190d7d8f63693 1015592 
tor-geoipdb_0.2.5.14-1_all.deb
Files:
 58bc512b55a7be961fea1722c94214b9 1761 net optional tor_0.2.5.14-1.dsc
 388484043ded7963c24d8edddd71bf07 3685957 net optional tor_0.2.5.14.orig.tar.gz
 4c7457ad31fff946bc41d9fe20d6dfeb 35155 net optional tor_0.2.5.14-1.diff.gz
 cd5b6da1102d9d9366a73e6d0d173323 1015592 net extra 
tor-geoipdb_0.2.5.14-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJZOZ6lAAoJEIYCyCA4cjMft90IAJ4rOtT+39m+KeVoyBTx2A9z
xan24457x0P5Jr6zdlpFLyNj9vtC5e4igtPrt/nAqJGRIskMEm3eRUozLkLZuaoL
U29SX2BMkqfcvOyRK3CIzS4oQ5IYWMMsfXBlDA6K2o3cU6s+vIuIrjSC55M3lfoE
lZxJCOpwzAT86ldX8GsDnkf0jnegpGTNmgONCdLNKHk8FSq9/15WCS8Xdkt6eSOy
v2Nxq7sE7WKpBEcFoqNCTIDt2/l/owg8QnCq3PJzeWt0kv6blhbF5y8GBXNHXndo
YIDBzjbdcHT3MPLb0MPzJ8/km7ChGJzUnUUE+A+uhxZf/0uNPD+WUc5YW/AxVPk=
=FBqb
-----END PGP SIGNATURE-----

--- End Message ---