aboutsummaryrefslogtreecommitdiff
path: root/debian/tor.NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'debian/tor.NEWS')
-rw-r--r--debian/tor.NEWS16
1 files changed, 16 insertions, 0 deletions
diff --git a/debian/tor.NEWS b/debian/tor.NEWS
new file mode 100644
index 0000000000..18860ccaae
--- /dev/null
+++ b/debian/tor.NEWS
@@ -0,0 +1,16 @@
+tor (0.2.0.26-rc-1) experimental; urgency=critical
+
+ * weak cryptographic keys
+
+ It has been discovered that the random number generator in Debian's
+ openssl package is predictable. This is caused by an incorrect
+ Debian-specific change to the openssl package (CVE-2008-0166). As a
+ result, cryptographic key material may be guessable.
+
+ See Debian Security Advisory number 1571 (DSA-1571) for more information:
+ http://lists.debian.org/debian-security-announce/2008/msg00152.html
+
+ If you run a Tor server using this package please see
+ /var/lib/tor/keys/moved-away-by-tor-package/README.REALLY
+
+ -- Peter Palfrader <weasel@debian.org> Tue, 13 May 2008 12:49:05 +0200
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion