Insecure permissions on database files

Debian Bug report logs - #696736
Insecure permissions on database files

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Insecure permissions on database files

Date: Wed, 26 Dec 2012 16:52:48 +0100

Package: python-keyring
Severity: grave
Tags: security

Please see 

http://www.openwall.com/lists/oss-security/2012/11/16/2
http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-5577.html
http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-5578.html

Cheers,
        Moritz

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Message #10 received at 696736@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Moritz Muehlenhoff <jmm@debian.org>, 696736@bugs.debian.org, Carl Chenet <chaica@debian.org>

Subject: Re: Bug#696736: Insecure permissions on database files

Date: Sat, 29 Dec 2012 08:56:07 +0100

[Message part 1 (text/plain, inline)]

Control: tags -1 + patch

Hi Carl

On Wed, Dec 26, 2012 at 04:52:48PM +0100, Moritz Muehlenhoff wrote:
> Package: python-keyring
> Severity: grave
> Tags: security
> 
> Please see 
> 
> http://www.openwall.com/lists/oss-security/2012/11/16/2
> http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-5577.html
> http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-5578.html

Attached is the proposed debdiff for unstable with the patch prepared
in Ubuntu raring for this.

Do you have time to prepare the upload? I have not checked if Squeeze
and Wheezy are affected too, but if Wheezy is affected there needs to
be prepared a separate upload for t-p-u. An unblock of 0.9.2 at this
stage of the freeze is not acceptable.

Regards,
Salvatore

[python-keyring_0.9.2-1.1.debdiff (text/plain, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #17 received at 696736@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 696736@bugs.debian.org

Cc: Moritz Muehlenhoff <jmm@debian.org>, Carl Chenet <chaica@debian.org>

Subject: Re: Bug#696736: Insecure permissions on database files

Date: Sat, 29 Dec 2012 09:42:08 +0100

[Message part 1 (text/plain, inline)]

Hi Carl

Reading trough the code a bit:

On Sat, Dec 29, 2012 at 08:56:07AM +0100, Salvatore Bonaccorso wrote:
> > http://www.openwall.com/lists/oss-security/2012/11/16/2
> > http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-5577.html
> > http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-5578.html

These seems to be introduced in upstream 0.9.1 by fixing:

* CryptedFileKeyring now uses PBKDF2 to derive the key from the user's
  password and a random hash. The IV is chosen randomly as well. All the
  stored passwords are encrypted at once. Any keyrings using the old format
  will be automatically converted to the new format (but will no longer be
  compatible with 0.9 and earlier). The user's password is no longer limited
  to 32 characters. PyCrypto 2.5 or greater is now required for this keyring.

which is [1,2]. If I see it correctly introduced with commit[3],
changed at least to current form in [4].

 [1]: http://bugs.debian.org/675379 (CVE-2012-4571)
 [2]: https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845
 [3]: https://bitbucket.org/kang/python-keyring-lib/commits/576e21ab1e6dba1cfb13a1112841798679c21057 
 [4]: https://bitbucket.org/kang/python-keyring-lib/commits/7b324f00f28d28afb9be371f0f4088d385cc15f2

Does this looks correct?

So if wheezy will get a fix for CVE-2012-4571, then it also needs the
above fixes.

Regards,
Salvatore

[signature.asc (application/pgp-signature, inline)]

Message #24 received at 696736@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 696736@bugs.debian.org

Subject: python-keyring: diff for NMU version 0.9.2-1.1

Date: Sun, 30 Dec 2012 18:44:38 +0100

[Message part 1 (text/plain, inline)]

tags 696736 + pending
thanks

Dear maintainer,

I've prepared an NMU for python-keyring (versioned as 0.9.2-1.1) and
uploaded it to DELAYED/7. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore

[python-keyring-0.9.2-1.1-nmu.diff (text/x-diff, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #31 received at 696736@bugs.debian.org (full text, mbox, reply):

From: Carl Chenet <chaica@debian.org>

To: Salvatore Bonaccorso <carnil@debian.org>, 696736@bugs.debian.org

Subject: Re: Bug#696736: python-keyring: diff for NMU version 0.9.2-1.1

Date: Mon, 31 Dec 2012 11:37:05 +0100

On 30/12/2012 18:44, Salvatore Bonaccorso wrote:
> tags 696736 + pending
> thanks
> 
> Dear maintainer,
> 
> I've prepared an NMU for python-keyring (versioned as 0.9.2-1.1) and
> uploaded it to DELAYED/7. Please feel free to tell me if I
> should delay it longer.
> 
> Regards,
> Salvatore

Hi,

Sorry for the delay in my answer, I'm not available at this time so feel
free to NMU this package. Moreover it is team maintained so
participation is welcome.

Thanks for your work on python-keyring.

Regards,
Carl Chenet

Message #36 received at 696736@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Carl Chenet <chaica@debian.org>

Cc: 696736@bugs.debian.org

Subject: Re: Bug#696736: python-keyring: diff for NMU version 0.9.2-1.1

Date: Mon, 31 Dec 2012 17:06:20 +0100

Hi Carl!

On Mon, Dec 31, 2012 at 11:37:05AM +0100, Carl Chenet wrote:
> On 30/12/2012 18:44, Salvatore Bonaccorso wrote:
> > tags 696736 + pending
> > thanks
> > 
> > Dear maintainer,
> > 
> > I've prepared an NMU for python-keyring (versioned as 0.9.2-1.1) and
> > uploaded it to DELAYED/7. Please feel free to tell me if I
> > should delay it longer.
> > 
> > Regards,
> > Salvatore
> 
> Hi,
> 
> Sorry for the delay in my answer, I'm not available at this time so feel
> free to NMU this package. Moreover it is team maintained so
> participation is welcome.

Thanks for confirming!

Regarding joining the team: I'm already quite active in other areas
(pkg-perl team mainly), so hope it's fine with you that I leave this
only as NMU (but the diff should be incorporated in svn).

Regards,
Salvatore

Message #39 received at 696736@bugs.debian.org (full text, mbox, reply):

From: Sebastian Ramacher <sramacher@debian.org>

To: Salvatore Bonaccorso <carnil@debian.org>, 696736@bugs.debian.org

Cc: Moritz Muehlenhoff <jmm@debian.org>, Carl Chenet <chaica@debian.org>

Subject: Re: Bug#696736: Insecure permissions on database files

Date: Wed, 2 Jan 2013 20:09:10 +0100

[Message part 1 (text/plain, inline)]

Control: found -1 0.7.1-1

On 2012-12-29 09:42:08, Salvatore Bonaccorso wrote:
> Hi Carl
> 
> Reading trough the code a bit:
> 
> On Sat, Dec 29, 2012 at 08:56:07AM +0100, Salvatore Bonaccorso wrote:
> > > http://www.openwall.com/lists/oss-security/2012/11/16/2
> > > http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-5577.html
> > > http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-5578.html
> 
> These seems to be introduced in upstream 0.9.1 by fixing:
> 
> * CryptedFileKeyring now uses PBKDF2 to derive the key from the user's
>   password and a random hash. The IV is chosen randomly as well. All the
>   stored passwords are encrypted at once. Any keyrings using the old format
>   will be automatically converted to the new format (but will no longer be
>   compatible with 0.9 and earlier). The user's password is no longer limited
>   to 32 characters. PyCrypto 2.5 or greater is now required for this keyring.
> 
> which is [1,2]. If I see it correctly introduced with commit[3],
> changed at least to current form in [4].
> 
>  [1]: http://bugs.debian.org/675379 (CVE-2012-4571)
>  [2]: https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845
>  [3]: https://bitbucket.org/kang/python-keyring-lib/commits/576e21ab1e6dba1cfb13a1112841798679c21057 
>  [4]: https://bitbucket.org/kang/python-keyring-lib/commits/7b324f00f28d28afb9be371f0f4088d385cc15f2
> 
> Does this looks correct?
> 
> So if wheezy will get a fix for CVE-2012-4571, then it also needs the
> above fixes.

0.7.x creates the keyring word-readable too. Running
/usr/share/doc/python-keyring/examples/demo.py from 0.7.1-1 gives a
~/crypted_pass.cfg with mode 0644. So this should be fixed in wheezy
anyway [1].

Marking 0.7.1-1 as affected.

Regards

[1] I'm currently preparing a fix for CVE-2012-4571 in wheezy. I'll
backport the fix for this issue too.
-- 
Sebastian Ramacher

[signature.asc (application/pgp-signature, inline)]

Message #46 received at 696736@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Sebastian Ramacher <sramacher@debian.org>

Cc: 696736@bugs.debian.org, Moritz Muehlenhoff <jmm@debian.org>, Carl Chenet <chaica@debian.org>

Subject: Re: Bug#696736: Insecure permissions on database files

Date: Wed, 2 Jan 2013 21:24:20 +0100

[Message part 1 (text/plain, inline)]

Control: found -1 0.2-3

Hi Sebastian

On Wed, Jan 02, 2013 at 08:09:10PM +0100, Sebastian Ramacher wrote:
> Control: found -1 0.7.1-1
> 
> On 2012-12-29 09:42:08, Salvatore Bonaccorso wrote:
> > Hi Carl
> > 
> > Reading trough the code a bit:
> > 
> > On Sat, Dec 29, 2012 at 08:56:07AM +0100, Salvatore Bonaccorso wrote:
> > > > http://www.openwall.com/lists/oss-security/2012/11/16/2
> > > > http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-5577.html
> > > > http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-5578.html
> > 
> > These seems to be introduced in upstream 0.9.1 by fixing:
> > 
> > * CryptedFileKeyring now uses PBKDF2 to derive the key from the user's
> >   password and a random hash. The IV is chosen randomly as well. All the
> >   stored passwords are encrypted at once. Any keyrings using the old format
> >   will be automatically converted to the new format (but will no longer be
> >   compatible with 0.9 and earlier). The user's password is no longer limited
> >   to 32 characters. PyCrypto 2.5 or greater is now required for this keyring.
> > 
> > which is [1,2]. If I see it correctly introduced with commit[3],
> > changed at least to current form in [4].
> > 
> >  [1]: http://bugs.debian.org/675379 (CVE-2012-4571)
> >  [2]: https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845
> >  [3]: https://bitbucket.org/kang/python-keyring-lib/commits/576e21ab1e6dba1cfb13a1112841798679c21057 
> >  [4]: https://bitbucket.org/kang/python-keyring-lib/commits/7b324f00f28d28afb9be371f0f4088d385cc15f2
> > 
> > Does this looks correct?
> > 
> > So if wheezy will get a fix for CVE-2012-4571, then it also needs the
> > above fixes.
> 
> 0.7.x creates the keyring word-readable too. Running
> /usr/share/doc/python-keyring/examples/demo.py from 0.7.1-1 gives a
> ~/crypted_pass.cfg with mode 0644. So this should be fixed in wheezy
> anyway [1].
> 
> Marking 0.7.1-1 as affected.
> 
> Regards
> 
> [1] I'm currently preparing a fix for CVE-2012-4571 in wheezy. I'll
> backport the fix for this issue too.

Thanks for correcting me and rechecking this also for wheezy. Marked
as unfixed now again in the security-tracker. My approach only looking
at the commits was wrong (think learned another lesson).

Also Squeeze produces a worldreadable file with the demo.py!

Regards,
Salvatore

[signature.asc (application/pgp-signature, inline)]

Message #53 received at 696736-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 696736-close@bugs.debian.org

Subject: Bug#696736: fixed in python-keyring 0.9.2-1.1

Date: Sun, 06 Jan 2013 18:18:57 +0000

Source: python-keyring
Source-Version: 0.9.2-1.1

We believe that the bug you reported is fixed in the latest version of
python-keyring, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 696736@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated python-keyring package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 29 Dec 2012 08:46:59 +0100
Source: python-keyring
Binary: python-keyring python3-keyring
Architecture: source all
Version: 0.9.2-1.1
Distribution: unstable
Urgency: low
Maintainer: Carl Chenet <chaica@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 python-keyring - store and access your passwords safely
 python3-keyring - store and access your passwords safely - Python 3 version of the
Closes: 696736
Changes: 
 python-keyring (0.9.2-1.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Add 696736-Fix-insecure-permissions-on-database-files.patch
     [SECURITY]: Fix insecure permissions on database files. Fix
     CVE-2012-5577 and CVE-2012-5578. (Closes: #696736) (LP: #1031465)
Checksums-Sha1: 
 b10c380c8c6870c3972a7f0b5c4af899b0ae85c6 2154 python-keyring_0.9.2-1.1.dsc
 e869b90a3dcf387343482b7de016e7f3476b4427 7508 python-keyring_0.9.2-1.1.debian.tar.gz
 16d83759aff4cf8c6cc37ad8b36211f9ba41bb5a 41664 python-keyring_0.9.2-1.1_all.deb
 ed88526513e3beda1538183d1ad370ee16ad93ac 35126 python3-keyring_0.9.2-1.1_all.deb
Checksums-Sha256: 
 dc1e285cf7fdc339a3b974da0aecef7879d92e618cc51b86f4fc85679f263a8a 2154 python-keyring_0.9.2-1.1.dsc
 d1bb0e19fead9d7b28384f2496bdd3c2b39631b6477b0e5b26e552f055239e01 7508 python-keyring_0.9.2-1.1.debian.tar.gz
 bbde653fb18e2e24f8fa6c950dc0bccf120fa5b4006867f6c13197bb82aa38e6 41664 python-keyring_0.9.2-1.1_all.deb
 699b33b75ffd3dccd6e82d3ea9d287353fedf2985648c33cacaab5bde624efa1 35126 python3-keyring_0.9.2-1.1_all.deb
Files: 
 e7afb132cf7726caf1e7da09035e2b05 2154 python optional python-keyring_0.9.2-1.1.dsc
 f4fb920efc50bfc87c0e17f33b5d28d7 7508 python optional python-keyring_0.9.2-1.1.debian.tar.gz
 26fc94f633a73c2a75beabcff8001451 41664 python optional python-keyring_0.9.2-1.1_all.deb
 b7bd87bb66bbed63dc9b0f62be4a4639 35126 python optional python3-keyring_0.9.2-1.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJQ4HyRAAoJEHidbwV/2GP+lrkP/Rnn0AwUpSsr7f2VdOMtSKH7
3/mOgNtRpok2kixEiodg0/wPJ3QzChtII5gGqppcdgCRTAETm2utUYwLwhRw0QMP
yN6OngBA5UaphgdXr28iMzEJ6/w8bECHcedJEaXCKcoDLwgEIw7wIAAC5hfqXFoW
wvvYg5oTgg8/jKWYWakJQNZhQOECM38lV0lckRbOMSXf4bYMwwUIJut8MViyCg9M
2bJuyKt8xuPHvHbQ/mFzCc+8hFvfMzpGpTPtLM5l5IKZnzca1kdtk9an5NkTbGMj
pLCESKPh+RPCIpFr0cL9EEZEPZIA0amsw1tQQNyrr++6Wntgjuwipg5BSvnk7MVS
vNyHl+6kcA7FwcHyl+UFYrPhp7YiUbcGkM8jXfmRm1UZzjK+Ex5ICTbqUoX4hhQZ
9rereRSCfoAZlN/3yAlZhWfvjh9k75hSpmuuq3OWpy3TBjzRi8KyL0YM/vEirOFf
HqefE77CstHr+ZRAoo8fbuVVJqrOsT1x3C+S2+XqeoXJiYj3eZLPfcA1LWCQSgD4
Vs//SX9bwv7H44Cw9/dXCvr/4l8yyQK5+DRI+WT7Q50ctUVQ27CH+kYbaMpHC3qq
OGHp7cmHBPEKY0/LdfaxbIhm/LWBEcPpCJmaMv/73cdN7LzdlwTfQ7tSLoAcbn8T
tAukvAUvkZnYig9VeJq0
=SKxu
-----END PGP SIGNATURE-----

Message #58 received at 696736-close@bugs.debian.org (full text, mbox, reply):

From: Sebastian Ramacher <sramacher@debian.org>

To: 696736-close@bugs.debian.org

Subject: Bug#696736: fixed in python-keyring 0.7.1-1+deb7u1

Date: Wed, 16 Jan 2013 00:17:33 +0000

Source: python-keyring
Source-Version: 0.7.1-1+deb7u1

We believe that the bug you reported is fixed in the latest version of
python-keyring, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 696736@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Ramacher <sramacher@debian.org> (supplier of updated python-keyring package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 06 Jan 2013 22:22:33 +0100
Source: python-keyring
Binary: python-keyring python3-keyring
Architecture: source all
Version: 0.7.1-1+deb7u1
Distribution: testing-proposed-updates
Urgency: low
Maintainer: Carl Chenet <chaica@ohmytux.com>
Changed-By: Sebastian Ramacher <sramacher@debian.org>
Description: 
 python-keyring - store and access your passwords safely
 python3-keyring - store and access your passwords safely - Python 3 version of the
Closes: 675379 696736
Changes: 
 python-keyring (0.7.1-1+deb7u1) testing-proposed-updates; urgency=low
 .
   * Team upload.
   * debian/patches:
     - CVE-2012-4571.patch: backport CryptedFileKeyring from 0.9.3 to fix
       CVE-2012-4571. (Closes: #675379)
     - 696736-Fix-insecure-permissions-on-database-files.patch: backport fix
       from 0.9.2-1.1 to fix insecure permissions on database files. Fix
       CVE-2012-5578. Thanks Salvatore Bonaccorso. (Closes: #696736)
Checksums-Sha1: 
 e5fcff94564b8ebce26225c347d59986bbdc1d78 2178 python-keyring_0.7.1-1+deb7u1.dsc
 7d3edbe8d31c29ed684e4907f1e7615224486783 12305 python-keyring_0.7.1-1+deb7u1.debian.tar.gz
 eec50b472ef8f3581278633b197d80559c78bb01 38496 python-keyring_0.7.1-1+deb7u1_all.deb
 41f6ae9cdd1273442f934d5e517d91c857b58617 31576 python3-keyring_0.7.1-1+deb7u1_all.deb
Checksums-Sha256: 
 b83f1fbe3ee9fc14e1358d10d2f2150e9857b0d644103e123a61460f1eeecc73 2178 python-keyring_0.7.1-1+deb7u1.dsc
 ef4a62279ce089e9eb63d30b00f3e15453ef39637f21e744960d0456cf3f2e1f 12305 python-keyring_0.7.1-1+deb7u1.debian.tar.gz
 9b179ec6805d4eae0790511b1298d8246cf5489fb81a20cb2893542e750826ac 38496 python-keyring_0.7.1-1+deb7u1_all.deb
 90859bc94ef4fae485691ec02f4803e6cc658986bb8220f3d3be41808943738b 31576 python3-keyring_0.7.1-1+deb7u1_all.deb
Files: 
 c294b880b21aa051feda968d15c53ece 2178 python optional python-keyring_0.7.1-1+deb7u1.dsc
 db06d83a0a3ed96ddffb7c225513abf7 12305 python optional python-keyring_0.7.1-1+deb7u1.debian.tar.gz
 abad2a4a11bca5957b3dbc367358787d 38496 python optional python-keyring_0.7.1-1+deb7u1_all.deb
 ed9743e0fb9e26247a52cedebe7b577d 31576 python optional python3-keyring_0.7.1-1+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQ9fBMAAoJEGny/FFupxmT814QAI/E9IOJz5WmjsJrRcR6BOLU
6aXZfsbSEFlV/bQQ/wTatb8xuISia//JsvZL2uzRM+uBIL5rnlTV6237a8Y3TQqK
RvT3HLLjFCWJIsK83aBoUFVB3ZdyI/40oYemaJjhoihVXF+ojd8/g4w+Yyvxid/v
mcr00I37EdqNbYSVuOsZ8RlUZmAge8SJD0oKGImPYLSgVCARltnEA6HlgqdQQBBP
ox0WaLsUeP4KecTAhqJxSHts5ZjUiyzF3dEu0hir8zo0e0hx+zKzjrBjg46j+etb
1XcsWq6lrpbEY+VfgjsCiCQJJURDt8zPg0vqLazOj/SMGJlBti98ba2MM6qFQFUb
yqdlIrMy2WLHunBTiQocEYlX7oSwZz5TFFHe574u4yU2eyp3YLXEICjVksw7A39S
0flhvVLudGjUAtMfZz1i53XDXqIuiwxRhnH2ZpZDOhX675PcJnKIlCHhyRAfgpNX
epyqntYLpfp7iGe+FlOuq5ZZNPsjaRpH+DeKmmWcN2HxIARmC/9sUYwwzMRbbo2O
RlDrdOjBE5CMi9CUPHo45j4XQKUcXVOkDbxvRtL51AKV7fZFm7TZWcn4k976i0gi
M7VYbt8JMsEyk093PPEnU8E3K4CUDwv65L5/xMA53gnTF7Z7vvlwNPEOCfMZlu/W
v0idxIN4BLEv3H4KzHK4
=2tIQ
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.