exuberant-ctags: CVE-2014-7204: endless loop + disk usage bomb on minified js file

Debian Bug report logs - #742605
exuberant-ctags: CVE-2014-7204: endless loop + disk usage bomb on minified js file

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Stefano Zacchiroli <zack@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: endless loop + disk usage bomb on minified js file

Date: Tue, 25 Mar 2014 20:39:23 +0900

[Message part 1 (text/plain, inline)]

Package: exuberant-ctags
Version: 1:5.9~svn20110310-7
Severity: important

http://sources.debian.net run ctags on Debian source packages. When, a few days
ago, it hit chromium-browser/33.0.1750.152, it was up to a bad surprise. Ctags
run as follows:

  ctags --recurse --excmd=number --fields=+lnz --sort=no --links=no -o FILE

not only seems to enter an infinite loop (similar to #190717), but does so in a
way that can quickly exhaust disk space (differently from #190717, AFAICT).

I've tracked down the culprit to glge-compiled-min.js (attached, 200 Kb). It
seems that on it ctags end up generating an infinite symbol name whose pattern
looks like this (yes, on a single very long line):

   augment.augment.ParticleSystem...augment.augment.ParticleSystem..augment.augment.ParticleSystem........augment.augment.ParticleSystem..augment.augment.ParticleSystem...augment.augment.ParticleSystem..augment.augment.ParticleSystem....augment.augment.ParticleSystem..augment.augment.ParticleSystem...augment.augment.ParticleSystem..augment.augment.ParticleSystem.....augment.augment

Running ctags on it alone suffices to trigger the bomb. FWIW (and for different
reasons) I've tried various combinations of flags that make ctags use, or not,
tempfiles, and it doesn't affect the outcome. It's either the tempfile or
directly the final output file built incrementally that explodes.

As it is pretty nasty for sources.d.n, forcing me to implement a bare bone
package blacklist, I'm also open to workaround suggestions :)

With many thanks for maintaining ctags!
Cheers.

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.13-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages exuberant-ctags depends on:
ii  libc6  2.18-4

exuberant-ctags recommends no packages.

Versions of packages exuberant-ctags suggests:
ii  emacs-snapshot [emacsen]  2:20140101-1
ii  emacs24 [emacsen]         24.3+1-2+b1
ii  vim                       2:7.4.161-1
ii  vim-gnome [vim]           2:7.4.161-1

-- no debconf information

[glge-compiled-min.js (text/plain, attachment)]

Message #12 received at 742605@bugs.debian.org (full text, mbox, reply):

From: Murray McAllister <mmcallis@redhat.com>

To: 742605@bugs.debian.org

Date: Tue, 10 Jun 2014 14:20:50 +1000

I had a brief look at this, but not enough to find the exact source of 
the issue. I think the issue may start in writeCtagsEntry(), resulting 
in lots of new_do_write() calls.

FWIW, I tried your reproducer on Red Hat Enterprise Linux 5, ctags 
5.6-1.1, and it was not affected. Fedora was affected, which uses ctags 
5.8-10.

Cheers,

--
Murray McAllister / Red Hat Security Response Team

Message #17 received at 742605@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: mmcallis@redhat.com, 742605@bugs.debian.org

Cc: Stefano Zacchiroli <zack@debian.org>

Subject: Re: Bug#742605: (no subject)

Date: Sat, 27 Sep 2014 14:44:19 +0100

On Tue, Jun 10, 2014 at 02:20:50PM +1000, Murray McAllister wrote:
> I had a brief look at this, but not enough to find the exact source
> of the issue. I think the issue may start in writeCtagsEntry(),
> resulting in lots of new_do_write() calls.
> 
> FWIW, I tried your reproducer on Red Hat Enterprise Linux 5, ctags
> 5.6-1.1, and it was not affected. Fedora was affected, which uses
> ctags 5.8-10.

Sorry for taking so long to look at this.  I finally got round to
checking upstream and noticed that it doesn't happen with trunk, so I
bisected and found that this change fixes the bug:

  http://sourceforge.net/p/ctags/code/791/

This applies cleanly to the snapshot we currently have, so I'll apply it
to unstable.  I'll put together a wheezy-security update too.

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]

Message #22 received at 742605@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: team@security.debian.org

Cc: mmcallis@redhat.com, 742605@bugs.debian.org, Stefano Zacchiroli <zack@debian.org>

Subject: Re: Bug#742605: endless loop + disk usage bomb on minified js file

Date: Sat, 27 Sep 2014 16:13:36 +0100

On Sat, Sep 27, 2014 at 02:44:19PM +0100, Colin Watson wrote:
> On Tue, Jun 10, 2014 at 02:20:50PM +1000, Murray McAllister wrote:
> > I had a brief look at this, but not enough to find the exact source
> > of the issue. I think the issue may start in writeCtagsEntry(),
> > resulting in lots of new_do_write() calls.
> > 
> > FWIW, I tried your reproducer on Red Hat Enterprise Linux 5, ctags
> > 5.6-1.1, and it was not affected. Fedora was affected, which uses
> > ctags 5.8-10.
> 
> Sorry for taking so long to look at this.  I finally got round to
> checking upstream and noticed that it doesn't happen with trunk, so I
> bisected and found that this change fixes the bug:
> 
>   http://sourceforge.net/p/ctags/code/791/
> 
> This applies cleanly to the snapshot we currently have, so I'll apply it
> to unstable.  I'll put together a wheezy-security update too.

Hi team@security.d.o,

I'd like to issue security updates for #742605, as above.  As far as I
can tell this does not yet have a CVE identifier assigned.  Please could
you assign one?

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]

Message #27 received at 742605-close@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: 742605-close@bugs.debian.org

Subject: Bug#742605: fixed in exuberant-ctags 1:5.9~svn20110310-8

Date: Sat, 27 Sep 2014 15:50:20 +0000

Source: exuberant-ctags
Source-Version: 1:5.9~svn20110310-8

We believe that the bug you reported is fixed in the latest version of
exuberant-ctags, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 742605@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated exuberant-ctags package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 27 Sep 2014 15:41:06 +0100
Source: exuberant-ctags
Binary: exuberant-ctags
Architecture: source i386
Version: 1:5.9~svn20110310-8
Distribution: unstable
Urgency: medium
Maintainer: Colin Watson <cjwatson@debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
 exuberant-ctags - build tag file indexes of source code definitions
Closes: 742605
Changes:
 exuberant-ctags (1:5.9~svn20110310-8) unstable; urgency=medium
 .
   * Update Vcs-Browser URL for alioth cgit.
   * Support parallel builds.
   * Backport from upstream:
     - Changed the javascript parser to set the tag's scope rather than
       including it in the tag name (closes: #742605).
Checksums-Sha1:
 2ad0003ef897ac071129941bb446146a28bbdc8f 2068 exuberant-ctags_5.9~svn20110310-8.dsc
 d68deb083ded7a5223cd98b563344a512bd0faf0 12772 exuberant-ctags_5.9~svn20110310-8.debian.tar.xz
 54a15dd1e9817e3c1ed252828fa53ce8c8fb05f8 142200 exuberant-ctags_5.9~svn20110310-8_i386.deb
Checksums-Sha256:
 cda70d989e1b5b7d883fe5d74a8e4e1da87a6b42dbbbdf5c29ec0812d9b08f81 2068 exuberant-ctags_5.9~svn20110310-8.dsc
 6be432f1e7fb98ed9179ea33285bbcbae7df995c2a95e0d0acf9ce279d7a9772 12772 exuberant-ctags_5.9~svn20110310-8.debian.tar.xz
 fd0e09fe64c0cabf430fbae36c9b0e728acceda17e9f47f0d4b4453004a13adb 142200 exuberant-ctags_5.9~svn20110310-8_i386.deb
Files:
 e342200bf88731321cc8669da0b346e6 142200 editors optional exuberant-ctags_5.9~svn20110310-8_i386.deb
 6294b1ac8aa4830da28f91f84c3459d3 2068 editors optional exuberant-ctags_5.9~svn20110310-8.dsc
 36fa5c935f33b6869971fb8c9c167bd5 12772 editors optional exuberant-ctags_5.9~svn20110310-8.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIVAwUBVCbNTTk1h9l9hlALAQg5+w//Xgezx7zfEI2p3sUekWd3X5h9aBINBVsq
3c+iKodcZu955xlDzRy6g8yzaC4D2hzQkATgKrIRij/bCT5D4p9y5TdDHlLhLrDI
OAVOL4eHNKRF4/IOIyIXMaDlj4i7TGJ8DoNNDQ3z/Ie04v7Eo98cfNpO1CguLRZz
oxFTv68JOqYpiuCTaFi2PoAqDj2QiQ7gNsRpGn7WHRNY0MbPospT/fCLm0cLt57/
0APPBPNISw4o6lxzo+DC2tkI//JE0ImDiDvqcCaNMPdt8i+r0O2H4UAQBYH3PkCy
CUa6X2BylkHEiyyWTc2qz5z2b5RnCoTn9XnRhJ54So4G1JL+JvY29c3iBep2vMMT
KfzEwlczJWz+nxDrz5ujpVXiEmlaSSUxqt/Tra/n4eFhm6U7+tH0xF+dNe5h4v5G
OXYK6BuPh/GFVB3ogCpoUL4ngv2/HVrzkfP6gtCv8TREiUcbcfK5KogLw5Js0doN
7NV4KZtaS/+1VQ8tVU003Kpa/88b27mZuNj+jDP7wV3zT9bxG9mxZ5D/hLb5zSts
oyQLkbOGD7nfDl/HaeiUbKq2K4A1JlzlJtPomjSbl40j8stYbLrxXAeAYIFyuMq2
XOuz2AMU9sSlw3vZMQhcztknUtOI7Jm8nbZiBu53d1ywWCpuA13tyy4NFIj3ICDS
0syksQK9jG0=
=RGV6
-----END PGP SIGNATURE-----

Message #32 received at 742605-quiet@bugs.debian.org (full text, mbox, reply):

From: Stefano Zacchiroli <zack@debian.org>

To: Colin Watson <cjwatson@debian.org>

Cc: 742605-quiet@bugs.debian.org

Subject: Re: Bug#742605: (no subject)

Date: Sat, 27 Sep 2014 18:09:56 +0200

[Message part 1 (text/plain, inline)]

On Sat, Sep 27, 2014 at 02:44:19PM +0100, Colin Watson wrote:
> Sorry for taking so long to look at this.  I finally got round to
> checking upstream and noticed that it doesn't happen with trunk, so I
> bisected and found that this change fixes the bug:
> 
>   http://sourceforge.net/p/ctags/code/791/
> 
> This applies cleanly to the snapshot we currently have, so I'll apply it
> to unstable.  I'll put together a wheezy-security update too.

That's awesome, Colin, thanks a lot!  One of the blockers to migrating
sources.d.n to sources.d.o just went away, thank to you.

I'm looking forward to the security upload,
Cheers.
-- 
Stefano Zacchiroli  . . . . . . .  zack@upsilon.cc . . . . o . . . o . o
Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o
Former Debian Project Leader  . . @zack on identi.ca . . o o o . . . o .
« the first rule of tautology club is the first rule of tautology club »

[signature.asc (application/pgp-signature, inline)]

Message #43 received at 742605@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: Stefano Zacchiroli <zack@debian.org>, 742605@bugs.debian.org

Cc: team@security.debian.org

Subject: Re: Bug#742605: endless loop + disk usage bomb on minified js file

Date: Fri, 3 Oct 2014 12:17:03 +0100

[Message part 1 (text/plain, inline)]

(CCed back to bug)

On Thu, Oct 02, 2014 at 09:26:20PM +0200, Stefano Zacchiroli wrote:
> On Sat, Sep 27, 2014 at 04:13:36PM +0100, Colin Watson wrote:
> > I'd like to issue security updates for #742605, as above.  As far as I
> > can tell this does not yet have a CVE identifier assigned.  Please could
> > you assign one?
> 
> Hi Colin,
>   You probably noticed it already (or maybe you did it request it
> yourself "upstream"), but just in case there is now one:
> 
>   https://security-tracker.debian.org/tracker/CVE-2014-7204

Right, I requested that one.

team@security, is the attached patch (and .dsc and .debian.tar.gz) fine
with you?  I wouldn't ordinarily leave a commented-out function in place
in my own code, but I thought it best to stick to backporting a single
upstream commit where possible rather than tidying it up further.

If this is OK then I can upload, and also make a similar change to
squeeze-lts.

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]

[exuberant-ctags_5.9~svn20110310-4+deb7u1.debdiff (text/plain, attachment)]

[exuberant-ctags_5.9~svn20110310-4+deb7u1.dsc (text/plain, attachment)]

[exuberant-ctags_5.9~svn20110310-4+deb7u1.debian.tar.gz (application/octet-stream, attachment)]

Message #48 received at 742605@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Colin Watson <cjwatson@debian.org>

Cc: Stefano Zacchiroli <zack@debian.org>, 742605@bugs.debian.org, team@security.debian.org

Subject: Re: Bug#742605: endless loop + disk usage bomb on minified js file

Date: Fri, 3 Oct 2014 14:09:56 +0200

On Fri, Oct 03, 2014 at 12:17:03PM +0100, Colin Watson wrote:
> (CCed back to bug)
> 
> On Thu, Oct 02, 2014 at 09:26:20PM +0200, Stefano Zacchiroli wrote:
> > On Sat, Sep 27, 2014 at 04:13:36PM +0100, Colin Watson wrote:
> > > I'd like to issue security updates for #742605, as above.  As far as I
> > > can tell this does not yet have a CVE identifier assigned.  Please could
> > > you assign one?
> > 
> > Hi Colin,
> >   You probably noticed it already (or maybe you did it request it
> > yourself "upstream"), but just in case there is now one:
> > 
> >   https://security-tracker.debian.org/tracker/CVE-2014-7204
> 
> Right, I requested that one.
> 
> team@security, is the attached patch (and .dsc and .debian.tar.gz) fine
> with you?  I wouldn't ordinarily leave a commented-out function in place
> in my own code, but I thought it best to stick to backporting a single
> upstream commit where possible rather than tidying it up further.

Yes, please upload. Note that exuberant-ctags is new in wheezy-security, so it needs
to be built with "-sa".

I'll take care of the update.

Cheers,
        Moritz

Message #53 received at 742605@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: Moritz Muehlenhoff <jmm@inutil.org>, 742605@bugs.debian.org

Cc: Stefano Zacchiroli <zack@debian.org>, team@security.debian.org

Subject: Re: Bug#742605: endless loop + disk usage bomb on minified js file

Date: Fri, 3 Oct 2014 14:04:37 +0100

On Fri, Oct 03, 2014 at 02:09:56PM +0200, Moritz Muehlenhoff wrote:
> On Fri, Oct 03, 2014 at 12:17:03PM +0100, Colin Watson wrote:
> > team@security, is the attached patch (and .dsc and .debian.tar.gz) fine
> > with you?  I wouldn't ordinarily leave a commented-out function in place
> > in my own code, but I thought it best to stick to backporting a single
> > upstream commit where possible rather than tidying it up further.
> 
> Yes, please upload. Note that exuberant-ctags is new in wheezy-security, so it needs
> to be built with "-sa".

Yep, already built with -sa.  Uploaded, thanks.

-- 
Colin Watson                                       [cjwatson@debian.org]

Message #58 received at 742605-close@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: 742605-close@bugs.debian.org

Subject: Bug#742605: fixed in exuberant-ctags 1:5.8-3squeeze2

Date: Fri, 03 Oct 2014 13:33:55 +0000

Source: exuberant-ctags
Source-Version: 1:5.8-3squeeze2

We believe that the bug you reported is fixed in the latest version of
exuberant-ctags, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 742605@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated exuberant-ctags package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 03 Oct 2014 14:05:42 +0100
Source: exuberant-ctags
Binary: exuberant-ctags
Architecture: source i386
Version: 1:5.8-3squeeze2
Distribution: squeeze-lts
Urgency: high
Maintainer: Colin Watson <cjwatson@debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 exuberant-ctags - build tag file indexes of source code definitions
Closes: 742605
Changes: 
 exuberant-ctags (1:5.8-3squeeze2) squeeze-lts; urgency=high
 .
   * Backport from upstream:
     - CVE-2014-7204: Changed the javascript parser to set the tag's scope
       rather than including it in the tag name (closes: #742605).
Checksums-Sha1: 
 ace5682d37a2b8eed2ee449580040e2d2f8f5de9 1737 exuberant-ctags_5.8-3squeeze2.dsc
 8e5532a37a3277544a12ed9028fd184be404bf20 7475 exuberant-ctags_5.8-3squeeze2.debian.tar.gz
 b7902cc88de3369d294f72b72d42201d84099f60 132092 exuberant-ctags_5.8-3squeeze2_i386.deb
Checksums-Sha256: 
 214ae07889c8fae10f0120b3796bdbaf1bdfb0c040f880dc01c4bcada15fd12b 1737 exuberant-ctags_5.8-3squeeze2.dsc
 7a8189e411c77952ccc300cd23bc432c06a1d22ec01d9bed4971c410f9db8df5 7475 exuberant-ctags_5.8-3squeeze2.debian.tar.gz
 9578a5ce9534b3638eda5b52f0de13b6fd54e3d0c2ecde1fbd20c091e1509ac3 132092 exuberant-ctags_5.8-3squeeze2_i386.deb
Files: 
 121c9319af975f8274c28f43d9cfb8e2 1737 editors optional exuberant-ctags_5.8-3squeeze2.dsc
 f3422775659b1f2c15c37b5f47a36e18 7475 editors optional exuberant-ctags_5.8-3squeeze2.debian.tar.gz
 1cf82f9ad3585525e305a96c31dda6bf 132092 editors optional exuberant-ctags_5.8-3squeeze2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIVAwUBVC6hWjk1h9l9hlALAQhLvw/9GIhsQ1BsNkv7CTSia3kZ3GPtMcTDItA7
irjqEABP2dwJ4e1OMoX53Q6RM40jfZRa5lrr1tz10o137zzl+mPb3hJzlylSeYd+
uzqK2CCZcqPnCd7JZfZ2NgDXviRFHY/lJ9xwWXGSr7c8Qw2gbMGCJjoax5GIqsSC
fAujsufoDaou+HnjCl2V95OmYdYD5aVyguMi/1gR1FdcsdWZGtEDOvixIbI8ZzKy
vMYsn+NVPLIvD4DyRYUjUoelLYIG/ue8ct2tnFI3Mp5BpksjY0UX16haCjwpXUsu
gXmVTOJ33rwwoId5pIoSzebXA2yPNvkS3PtLNhFIa+6BG4gr7Qr2T0isJhjbh+tV
IZaHMSPESUeY1uJfv5OTKb+cd060+MW6BSa9cq3LThfEI7l3Q12EqRY3YwWxWtK8
Ev8acFIWn8y+1c92BgBGxkpcjWX/VinBZkBoeHKP5bA1m7lZZx8FUtTj1VpwEaTq
Ms5BUe+zXey3tiAgWaQe81Z8W27i4L0LH9m0GBdY6r0fJbZuU64b0encWLCDy5lR
9kzCsrwdVPJv3Cw60KKj+59YqoaHbezN74TTq4AGw6Cfm+p2lqHrWOEa0d8/2fVQ
TiFo/uPn10Lyv+/9ubRBaoWYQGvyoLUdNuba0utr0rIdbX9M4BhV4JSq4pGoQrjp
f5kdbh7zevE=
=BOQG
-----END PGP SIGNATURE-----

Message #63 received at 742605-close@bugs.debian.org (full text, mbox, reply):

From: Colin Watson <cjwatson@debian.org>

To: 742605-close@bugs.debian.org

Subject: Bug#742605: fixed in exuberant-ctags 1:5.9~svn20110310-4+deb7u1

Date: Mon, 06 Oct 2014 05:17:05 +0000

Source: exuberant-ctags
Source-Version: 1:5.9~svn20110310-4+deb7u1

We believe that the bug you reported is fixed in the latest version of
exuberant-ctags, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 742605@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated exuberant-ctags package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 03 Oct 2014 11:58:34 +0100
Source: exuberant-ctags
Binary: exuberant-ctags
Architecture: source i386
Version: 1:5.9~svn20110310-4+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Colin Watson <cjwatson@debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 exuberant-ctags - build tag file indexes of source code definitions
Closes: 742605
Changes: 
 exuberant-ctags (1:5.9~svn20110310-4+deb7u1) wheezy-security; urgency=high
 .
   * Backport from upstream:
     - CVE-2014-7204: Changed the javascript parser to set the tag's scope
       rather than including it in the tag name (closes: #742605).
Checksums-Sha1: 
 47ab2e09cd994fa08ef61a8ff2a44c01cd46e1a5 1887 exuberant-ctags_5.9~svn20110310-4+deb7u1.dsc
 a5290970f72c6fb518a5c2c09d3f55e93132f25e 12083 exuberant-ctags_5.9~svn20110310-4+deb7u1.debian.tar.gz
 8d2a9214b26e2b9046f9264ade2f2a528eaf6e23 497076 exuberant-ctags_5.9~svn20110310.orig.tar.gz
 2bf4b55077361204bd37781bcc727927e6059c63 151268 exuberant-ctags_5.9~svn20110310-4+deb7u1_i386.deb
Checksums-Sha256: 
 6dd2f2900764856ed1f461e0c41e35c423e40b38f8f67bf785134cb5c69cd31a 1887 exuberant-ctags_5.9~svn20110310-4+deb7u1.dsc
 cb18c59623e44e8a4a3079c29633b4b81d0e6b8d47db70edb8756c00e3300676 12083 exuberant-ctags_5.9~svn20110310-4+deb7u1.debian.tar.gz
 7348e21502454a1331c58d5eec5c18a546395acd5628599a7a55dc77b48ffd2f 497076 exuberant-ctags_5.9~svn20110310.orig.tar.gz
 b2ea8b3bba33add011d4af04700562a00bf0ab7d0fbbe4be0f9214aa5f7ca248 151268 exuberant-ctags_5.9~svn20110310-4+deb7u1_i386.deb
Files: 
 15f9eb5421c98b24f27c70a3366cbf41 1887 editors optional exuberant-ctags_5.9~svn20110310-4+deb7u1.dsc
 2f67a115fd0c4ef8b9875050eac88cd0 12083 editors optional exuberant-ctags_5.9~svn20110310-4+deb7u1.debian.tar.gz
 d029eb7f61bf18e70fee603019ae829e 497076 editors optional exuberant-ctags_5.9~svn20110310.orig.tar.gz
 d90b795bb955252364c0deba877e1c4a 151268 editors optional exuberant-ctags_5.9~svn20110310-4+deb7u1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIVAwUBVC6FIjk1h9l9hlALAQhYgBAAl7tKSwUBqvFftgpPOy/5ul7q8pzt7JKh
abE2CygtJnhTiTSm59HaqyiQoPaToUhgjQKhUq2qqIbrLjt2j5CULFHSS3hrPYDG
Z7rEZETIT/mi2vNvPnydOIt0Js0N4XMiAGKUhlEoU8f7sfnUVjsVyyE9ogzRIpFm
Cn4f7gLl1yhy4z75931Ne0W89C5VYRKZMPRXK2kzSOkz4x6J+1ObSfYoITJ3ghOH
OeGlWtJNEBfdcOiHLL2o/eR0dYMJU6Rnk11HUS4g7aOgtAPr6dVFRQLeP1MplT2B
SaOId19v5TNnfXToBqY0iKOxYPbC9oK9HxYkaGDkvGqrKy9qCDP9hcUe9IReVYBS
8VrXkZXYp8gRTPEfSHxY2GCbESFlJrNLCRAxiJH4vn1Q2gLdwBR8LM9HXXhHhXP7
Wo2hyb+wlHaVMwrJAvsqS9juTpARx+e/CeeTO2CKsZDGs67NGDrRpd3/ENvm5dJY
JRxEligDYFVH4DuNWiY+Y8k4J3WlOjiZXtdlNu0Zm5mCc9iAHirGw58f8+83u/MU
rVkmmWxjhP14oKcjKyWP9oMUUbw7IVRAVoY+k+TnTxEKjob+7CdJw0q8Qe5NJgyS
VgWlU0EQKieLxe37DMu9X2Z5YCVL/ksCxcPugE2sRs/uLQi8G8EIscNZrXYpQr/f
iOyK08wp3t4=
=/mI/
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.