bypass default security level of the X wrapper

Debian Bug report logs - #652249
bypass default security level of the X wrapper

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: vladz <vladz@devzero.fr>

To: submit@bugs.debian.org

Subject: bypass default security level of the X wrapper

Date: Thu, 15 Dec 2011 19:02:36 +0100

Package: xserver-xorg
Version: 1:7.5+8
Severity: important
Tags: security


By default, the wrapper's configuration file only allows any user whose
controlling TTY (console) to start the X server with root privileges: 

  # cat /etc/X11/Xwrapper.config
  [...]
  allowed_users=console

To determine if a user is controlling a TTY, the code checks the
properties of the file connected to its standard input:

  $ cat -n debian/local/xserver-wrapper.c
  [...]
  152 static int
  153 onConsole()
  154 {
  155 #if defined(__linux__)
  156   struct stat s;
  157
  158   /* see if stdin is a virtual console device */
  159   if (fstat(0, &s) != 0) {
  160     (void) fprintf(stderr, "X: cannot stat stdin\n");
  161     return FALSE;
  162   }
  163   if (S_ISCHR(s.st_mode) &&
  164         ((((s.st_rdev >> 8) & 0xff) == TTY_MAJOR_DEV &&
  165           (s.st_rdev & 0xff) < 64) ||
  166         (((s.st_rdev >> 8) & 0xff) == ALT_TTY_MAJOR_DEV &&
  167           (s.st_rdev & 0xff) < 64)
  168         )) {
  169     return TRUE;
  170   }

As seen, this is done by checking if this file:

  - is a character device [line 163]
  - has a TTY-specific major number (TTY_MAJOR_DEV or ALT_TTY_MAJOR_DEV,
    respectively 4 or 5) [lines 164, 166]
  - has a minor number lower than 64 [lines 165, 167]

Unfortunately, by connecting a file with similar properties to its
stdin, a user can mislead the X wrapper and launch the X server.  This
file also needs to be readable by the user.

For instance, files "/dev/tty" and "/dev/ptmx" match those conditions:

  $ ls -l /dev/tty /dev/ptmx
  crw-rw-rw- 1 root root 5, 2 14 déc.  18:43 /dev/ptmx
  crw-rw-rw- 1 root root 5, 0 12 déc.  23:03 /dev/tty

Here is a quick PoC by using "/dev/tty":

  $ ssh remote_host
  $ id
  uid=1000(vladz) gid=1000(vladz) groups=1000(vladz)
  $ tty
  /dev/pts/4   // not a TTY, won't have sufficient permissions to start X
  $ X :1
  X: user not authorized to run the X server, aborting.

  // This was the expected result, now lets connect "/dev/tty" to stdin and
  // retry...

  $ exec 0</dev/tty; X :1; exec 0</dev/pts/4
  [... Xorg starts ...]    // start succeed!

This being said, this is a minor issue, but the attack against
CVE-2011-4029[1] which allows to set the read permission on any arbitrary
file, can now be launched from remote sessions and not even from a TTY.  It
become urgent to fix it.

  [1] http://security-tracker.debian.org/tracker/CVE-2011-4029

Thanks,
vladz. 

-- 
http://vladz.devzero.fr
PGP key 8F7E2D3C from pgp.mit.edu

Message #10 received at 652249@bugs.debian.org (full text, mbox, reply):

From: Julien Cristau <jcristau@debian.org>

To: vladz <vladz@devzero.fr>, 652249@bugs.debian.org

Subject: Re: Bug#652249: bypass default security level of the X wrapper

Date: Thu, 15 Dec 2011 19:39:16 +0100

On Thu, Dec 15, 2011 at 19:02:36 +0100, vladz wrote:

> 
> Package: xserver-xorg
> Version: 1:7.5+8
> Severity: important
> Tags: security
> 
> 
> By default, the wrapper's configuration file only allows any user whose
> controlling TTY (console) to start the X server with root privileges: 
> 
>   # cat /etc/X11/Xwrapper.config
>   [...]
>   allowed_users=console
> 
> To determine if a user is controlling a TTY, the code checks the
> properties of the file connected to its standard input:
> 
>   $ cat -n debian/local/xserver-wrapper.c
>   [...]
>   152 static int
>   153 onConsole()
>   154 {
>   155 #if defined(__linux__)
>   156   struct stat s;
>   157
>   158   /* see if stdin is a virtual console device */
>   159   if (fstat(0, &s) != 0) {
>   160     (void) fprintf(stderr, "X: cannot stat stdin\n");
>   161     return FALSE;
>   162   }
>   163   if (S_ISCHR(s.st_mode) &&
>   164         ((((s.st_rdev >> 8) & 0xff) == TTY_MAJOR_DEV &&
>   165           (s.st_rdev & 0xff) < 64) ||
>   166         (((s.st_rdev >> 8) & 0xff) == ALT_TTY_MAJOR_DEV &&
>   167           (s.st_rdev & 0xff) < 64)
>   168         )) {
>   169     return TRUE;
>   170   }
> 
> As seen, this is done by checking if this file:
> 
>   - is a character device [line 163]
>   - has a TTY-specific major number (TTY_MAJOR_DEV or ALT_TTY_MAJOR_DEV,
>     respectively 4 or 5) [lines 164, 166]
>   - has a minor number lower than 64 [lines 165, 167]
> 
> Unfortunately, by connecting a file with similar properties to its
> stdin, a user can mislead the X wrapper and launch the X server.  This
> file also needs to be readable by the user.
> 
> For instance, files "/dev/tty" and "/dev/ptmx" match those conditions:
> 
>   $ ls -l /dev/tty /dev/ptmx
>   crw-rw-rw- 1 root root 5, 2 14 déc.  18:43 /dev/ptmx
>   crw-rw-rw- 1 root root 5, 0 12 déc.  23:03 /dev/tty
> 
> Here is a quick PoC by using "/dev/tty":
> 
>   $ ssh remote_host
>   $ id
>   uid=1000(vladz) gid=1000(vladz) groups=1000(vladz)
>   $ tty
>   /dev/pts/4   // not a TTY, won't have sufficient permissions to start X
>   $ X :1
>   X: user not authorized to run the X server, aborting.
> 
>   // This was the expected result, now lets connect "/dev/tty" to stdin and
>   // retry...
> 
>   $ exec 0</dev/tty; X :1; exec 0</dev/pts/4
>   [... Xorg starts ...]    // start succeed!
> 
> This being said, this is a minor issue, but the attack against
> CVE-2011-4029[1] which allows to set the read permission on any arbitrary
> file, can now be launched from remote sessions and not even from a TTY.  It
> become urgent to fix it.
> 
Seems like we should revert the change accepting major 5 for stdin?

Cheers,
Julien

Message #15 received at 652249-close@bugs.debian.org (full text, mbox, reply):

From: Julien Cristau <jcristau@debian.org>

To: 652249-close@bugs.debian.org

Subject: Bug#652249: fixed in xorg 1:7.6+10

Date: Thu, 15 Dec 2011 23:03:21 +0000

Source: xorg
Source-Version: 1:7.6+10

We believe that the bug you reported is fixed in the latest version of
xorg, which is due to be installed in the Debian FTP archive:

x11-common_7.6+10_all.deb
  to main/x/xorg/x11-common_7.6+10_all.deb
xbase-clients_7.6+10_all.deb
  to main/x/xorg/xbase-clients_7.6+10_all.deb
xorg-dev_7.6+10_all.deb
  to main/x/xorg/xorg-dev_7.6+10_all.deb
xorg_7.6+10.dsc
  to main/x/xorg/xorg_7.6+10.dsc
xorg_7.6+10.tar.gz
  to main/x/xorg/xorg_7.6+10.tar.gz
xorg_7.6+10_amd64.deb
  to main/x/xorg/xorg_7.6+10_amd64.deb
xserver-xorg-input-all_7.6+10_amd64.deb
  to main/x/xorg/xserver-xorg-input-all_7.6+10_amd64.deb
xserver-xorg-video-all_7.6+10_amd64.deb
  to main/x/xorg/xserver-xorg-video-all_7.6+10_amd64.deb
xserver-xorg_7.6+10_amd64.deb
  to main/x/xorg/xserver-xorg_7.6+10_amd64.deb
xutils_7.6+10_all.deb
  to main/x/xorg/xutils_7.6+10_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 652249@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julien Cristau <jcristau@debian.org> (supplier of updated xorg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 15 Dec 2011 23:45:48 +0100
Source: xorg
Binary: x11-common xserver-xorg xserver-xorg-video-all xserver-xorg-input-all xorg xorg-dev xbase-clients xutils
Architecture: source all amd64
Version: 1:7.6+10
Distribution: unstable
Urgency: high
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Julien Cristau <jcristau@debian.org>
Description: 
 x11-common - X Window System (X.Org) infrastructure
 xbase-clients - miscellaneous X clients - metapackage
 xorg       - X.Org X Window System
 xorg-dev   - X.Org X Window System development libraries
 xserver-xorg - X.Org X server
 xserver-xorg-input-all - X.Org X server -- input driver metapackage
 xserver-xorg-video-all - X.Org X server -- output driver metapackage
 xutils     - X Window System utility programs metapackage
Closes: 652249
Changes: 
 xorg (1:7.6+10) unstable; urgency=high
 .
   * Fixes for xserver-wrapper:
     - when we drop privileges, don't forget to also reset effective group id,
       since we're installed setgid root.
     - revert change to allow devices with major 5 as consoles.  This includes
       things like /dev/tty and /dev/ptmx, which are world-readable (closes:
       #652249).  Thanks to vladz for the report.
     - use major() and minor() macros instead of manually extracting them
   * Build the X wrapper with hardening enabled.
Checksums-Sha1: 
 2196ed48dae6b3e1e72696aae107b539b0ac169e 1957 xorg_7.6+10.dsc
 de885202dfb37d4100a8cd3759d1108fa54e5740 921591 xorg_7.6+10.tar.gz
 98c2cf4894b3cbfde9fe2612dd3989b16e412e13 281478 x11-common_7.6+10_all.deb
 81d698f4b3b323bd103c1fd5207ea9c96879eef6 34776 xorg-dev_7.6+10_all.deb
 e446612478c7fb27c0336146172f53a7a6f2b913 34638 xbase-clients_7.6+10_all.deb
 9c71eff492af5c805d071fe36cfb53a93629139c 34528 xutils_7.6+10_all.deb
 3ff678e1537cef7c5dcb1fdb23e92544fa14b301 111386 xserver-xorg_7.6+10_amd64.deb
 4af8ca6f07c86b1ae3fab07963c341fe0033548a 34606 xserver-xorg-video-all_7.6+10_amd64.deb
 f490a88bb2edad11d9ab66ddb2bbbe5080ffe783 34478 xserver-xorg-input-all_7.6+10_amd64.deb
 c98cb08ac28db1b8ecfb6cbc344624c131cce6ff 35122 xorg_7.6+10_amd64.deb
Checksums-Sha256: 
 5802dace6624fd02624ca98d1191ac0c1de986577da195bc3c25f9359309f945 1957 xorg_7.6+10.dsc
 2123aa5a12f31cc56d12cf67716eb02c02cd8e95793dc6f661f1a3e00d466974 921591 xorg_7.6+10.tar.gz
 fc9fca55f8dc298acbbfa9640d554efc249c2fa4bc71e38885c56afcc9b00123 281478 x11-common_7.6+10_all.deb
 f3e55883b5da0fb381ec18b230040ab19315319c5fe156a9d89520869993afde 34776 xorg-dev_7.6+10_all.deb
 0252457262d8c955377c42ea1dec7d97a4b12e00031151ad28e2cfac9c256b11 34638 xbase-clients_7.6+10_all.deb
 39c3d231240f7d636543f6ebed29861198c32495c29b779e6927dade882bf04e 34528 xutils_7.6+10_all.deb
 e19c64f5b9cb17cb86438da654235b73b7cac3def9540fbe892fd36b1d4d8824 111386 xserver-xorg_7.6+10_amd64.deb
 846298148fc63a1c5ce9aa552192334823c0add046b0b384ef4041da29b93c73 34606 xserver-xorg-video-all_7.6+10_amd64.deb
 b4e2313bcb64437d28337a4bdf0b0402b6dbb76b2014d32fcf9007150a0806bf 34478 xserver-xorg-input-all_7.6+10_amd64.deb
 0a6ac501e7050e66fec8f30d22f16d352321bbf841649899b894c326b01364be 35122 xorg_7.6+10_amd64.deb
Files: 
 ba63e983debfcf60258ee60e1ad79bd0 1957 x11 optional xorg_7.6+10.dsc
 b734930a36f3c79ac96a90b3a7840232 921591 x11 optional xorg_7.6+10.tar.gz
 4d05a329f927f662ef467f3e047e72f3 281478 x11 optional x11-common_7.6+10_all.deb
 1e8056b6b758c17c1c55be14f145b02b 34776 x11 optional xorg-dev_7.6+10_all.deb
 6fa485d19dc0378a1a306dabc7b9ac5c 34638 x11 optional xbase-clients_7.6+10_all.deb
 675ff3dd6dbd9a6c7c32af8203f470de 34528 x11 optional xutils_7.6+10_all.deb
 0afb6dec98541982337d59746c931561 111386 x11 optional xserver-xorg_7.6+10_amd64.deb
 1e8cc78f2054d856209478ef5080d614 34606 x11 optional xserver-xorg-video-all_7.6+10_amd64.deb
 fb7b9678b2af8d14dab4238c1babc587 34478 x11 optional xserver-xorg-input-all_7.6+10_amd64.deb
 f65fd8c47c310ff17db166e8aec31c1d 35122 x11 optional xorg_7.6+10_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJO6np8AAoJEDEBgAUJBeQM13kP/j0q1FS+M98AP6VthtnH6D3I
tlArNDIo6KblTtPHltcYLPKsGxc+DoT1pWh4Hsdf59LSsQF53uNUWp3YFL1pgCgX
AmEIGw0JeVzZ1TDyLjh/+lVGWt2GDncvXXMHF4Kfd5YYoVe4VTPxmcgq6Bv/DMHG
8Fuc4xd5fFpret+FuK+rK/yx3pCyZM2A1wrzy45sg7VrIAOnayNsJmvQ3K91eNIE
m9rWCDzgtbyS6nSy7IEVOwQi3b2bVraHOy/wM0BRs0FejJa2wG1cAv7J/0/i8gq2
vXvEO9HsEFK+IsFBKHKUUC3nMI7D6lsm7WjR1dZmR+dmfRTWgJRVBmQp8GuTg4BA
Zf9TnClZld15Nc/rt/vbHk2d3QfPvp1N+W//w818qLl8tte8lJBSYdFzab4+CTa2
46ar5ph4BqnMu2vKXwP3POPDPpP5wrXFBag1qI3F9inVBEgXihj1VuaQEuPZaUfP
R4eYy+K4gt+vUo6w+ekrhLg8pOeBLx2PXqylOYph4uM7RIt8dCv+KBYB40UqlbXa
8R53DKv/H7+p4DXs5/Ty4HfsHPUIMYCaMOSGn/Pwgp0V8CmCEDVxEzZcAfD35xsk
gLkGNxC5RypbqOfD8fowCG87zI6EDQa0SZr5WJ15sD52CUbnajXBoPtii2EMqPGO
kU/Lu2JKXLs/vpAY09uD
=yXZj
-----END PGP SIGNATURE-----

Message #20 received at 652249-close@bugs.debian.org (full text, mbox, reply):

From: Julien Cristau <jcristau@debian.org>

To: 652249-close@bugs.debian.org

Subject: Bug#652249: fixed in xorg 1:7.5+8+squeeze1

Date: Mon, 19 Dec 2011 20:04:55 +0000

Source: xorg
Source-Version: 1:7.5+8+squeeze1

We believe that the bug you reported is fixed in the latest version of
xorg, which is due to be installed in the Debian FTP archive:

libglu1-xorg-dev_7.5+8+squeeze1_all.deb
  to main/x/xorg/libglu1-xorg-dev_7.5+8+squeeze1_all.deb
libglu1-xorg_7.5+8+squeeze1_all.deb
  to main/x/xorg/libglu1-xorg_7.5+8+squeeze1_all.deb
x11-common_7.5+8+squeeze1_all.deb
  to main/x/xorg/x11-common_7.5+8+squeeze1_all.deb
xbase-clients_7.5+8+squeeze1_all.deb
  to main/x/xorg/xbase-clients_7.5+8+squeeze1_all.deb
xlibmesa-gl-dev_7.5+8+squeeze1_all.deb
  to main/x/xorg/xlibmesa-gl-dev_7.5+8+squeeze1_all.deb
xlibmesa-gl_7.5+8+squeeze1_all.deb
  to main/x/xorg/xlibmesa-gl_7.5+8+squeeze1_all.deb
xlibmesa-glu_7.5+8+squeeze1_all.deb
  to main/x/xorg/xlibmesa-glu_7.5+8+squeeze1_all.deb
xorg-dev_7.5+8+squeeze1_all.deb
  to main/x/xorg/xorg-dev_7.5+8+squeeze1_all.deb
xorg_7.5+8+squeeze1.dsc
  to main/x/xorg/xorg_7.5+8+squeeze1.dsc
xorg_7.5+8+squeeze1.tar.gz
  to main/x/xorg/xorg_7.5+8+squeeze1.tar.gz
xorg_7.5+8+squeeze1_amd64.deb
  to main/x/xorg/xorg_7.5+8+squeeze1_amd64.deb
xserver-xorg-input-all_7.5+8+squeeze1_amd64.deb
  to main/x/xorg/xserver-xorg-input-all_7.5+8+squeeze1_amd64.deb
xserver-xorg-video-all_7.5+8+squeeze1_amd64.deb
  to main/x/xorg/xserver-xorg-video-all_7.5+8+squeeze1_amd64.deb
xserver-xorg_7.5+8+squeeze1_amd64.deb
  to main/x/xorg/xserver-xorg_7.5+8+squeeze1_amd64.deb
xutils_7.5+8+squeeze1_all.deb
  to main/x/xorg/xutils_7.5+8+squeeze1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 652249@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julien Cristau <jcristau@debian.org> (supplier of updated xorg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 16 Dec 2011 19:54:40 +0100
Source: xorg
Binary: x11-common xserver-xorg xserver-xorg-video-all xserver-xorg-input-all xorg xorg-dev xlibmesa-gl xlibmesa-gl-dev xlibmesa-glu libglu1-xorg libglu1-xorg-dev xbase-clients xutils
Architecture: source all amd64
Version: 1:7.5+8+squeeze1
Distribution: squeeze-security
Urgency: low
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Julien Cristau <jcristau@debian.org>
Description: 
 libglu1-xorg - transitional package for Debian etch
 libglu1-xorg-dev - transitional package for Debian etch
 x11-common - X Window System (X.Org) infrastructure
 xbase-clients - miscellaneous X clients - metapackage
 xlibmesa-gl - transitional package for Debian etch
 xlibmesa-gl-dev - transitional package for Debian etch
 xlibmesa-glu - transitional package for Debian etch
 xorg       - X.Org X Window System
 xorg-dev   - the X.Org X Window System development libraries
 xserver-xorg - the X.Org X server
 xserver-xorg-input-all - the X.Org X server -- input driver metapackage
 xserver-xorg-video-all - the X.Org X server -- output driver metapackage
 xutils     - X Window System utility programs metapackage
Closes: 652249
Changes: 
 xorg (1:7.5+8+squeeze1) squeeze-security; urgency=low
 .
   * xserver-wrapper: when we drop privileges, don't forget to also reset
     effective group id, since we're installed setgid root.
   * xserver-wrapper: revert change to allow devices with major 5 as consoles.
     This includes things like /dev/tty and /dev/ptmx, which are
     world-readable (closes: #652249).  Thanks to vladz for the report.
     Reference: CVE-2011-4613.
Checksums-Sha1: 
 bc3a37ba340e33838de526532de596f2ebc8be09 1723 xorg_7.5+8+squeeze1.dsc
 45f77ccadf67b5f0916a728c249ca35ba2b2cb7c 904376 xorg_7.5+8+squeeze1.tar.gz
 03038cf51249488bb57578e1a8e06501b4ee909a 279090 x11-common_7.5+8+squeeze1_all.deb
 4aa7668799797da4769486d2eca857334d32a9c7 32156 xorg-dev_7.5+8+squeeze1_all.deb
 c92aa9119f41a62e2e8f84f248820527fbb286d5 31782 xlibmesa-gl_7.5+8+squeeze1_all.deb
 39dc858407db6f42db407c239173c883cfe08d15 31790 xlibmesa-gl-dev_7.5+8+squeeze1_all.deb
 4fa6dd6c9398dcef6ee7b17eef78a25ed496bf13 31784 xlibmesa-glu_7.5+8+squeeze1_all.deb
 9e70ecf6f59e4c0ce172b7d2734bc339c993745b 31776 libglu1-xorg_7.5+8+squeeze1_all.deb
 5b50a7965b2ca80a614478b5ac9000905b74cfb8 31786 libglu1-xorg-dev_7.5+8+squeeze1_all.deb
 399a20912be70af0a96af11a0fb8431f1ae619c4 38160 xbase-clients_7.5+8+squeeze1_all.deb
 0c20f2c7b271da994fe9b38109d1bd69f7ea36eb 38282 xutils_7.5+8+squeeze1_all.deb
 21f55c87b9f2c1360d965309aa8c2558977dcfd1 53346 xserver-xorg_7.5+8+squeeze1_amd64.deb
 de74121fc1b4605010900e9faf8f62b2b6f18f7d 31982 xserver-xorg-video-all_7.5+8+squeeze1_amd64.deb
 5dfa6c3a0252df8bcb33668cf571c85628446813 31842 xserver-xorg-input-all_7.5+8+squeeze1_amd64.deb
 26c9bb033de84e0993a9b2a6c591160465f69dd5 32472 xorg_7.5+8+squeeze1_amd64.deb
Checksums-Sha256: 
 d25ce5d7c2684b351498b7646fa877a46eb04329b2a4805f807238545b02ac96 1723 xorg_7.5+8+squeeze1.dsc
 e0be32e3167ad06cad4519c39c4f6ee3540530ff07b7d93975f5fe3d696bffb8 904376 xorg_7.5+8+squeeze1.tar.gz
 965449a985f6cfd8b8b854046b53047a7c3a62df3f2c867ca929f14eacca585e 279090 x11-common_7.5+8+squeeze1_all.deb
 ab8004a7ba7b56fcdf312d7992912bf58f7f4f5468391af6d524565cd32b437c 32156 xorg-dev_7.5+8+squeeze1_all.deb
 73a93438930a96d9bee84f19eda300d0760cd5b8208611fae44cca31b0a0731b 31782 xlibmesa-gl_7.5+8+squeeze1_all.deb
 36c4a7f71e02eba425e67840726147cabad63cd8e1506294536b28df99c5abbe 31790 xlibmesa-gl-dev_7.5+8+squeeze1_all.deb
 63bb7c2daa049f0f6e85ff5547fba11df7f95c048d6e0c43f3a0bf9827a00ab4 31784 xlibmesa-glu_7.5+8+squeeze1_all.deb
 b3649f36648bfc3826be26d1e169b1b73e57bdbfa40fddda1944e399e224382e 31776 libglu1-xorg_7.5+8+squeeze1_all.deb
 dc06e7321eba68a1353b4afd185e5fd9ab6c1c3bdfe7b1e90a580353fb70a2e2 31786 libglu1-xorg-dev_7.5+8+squeeze1_all.deb
 24bcdeb2f32d99bad416e2cc4df5a4ac7f343fa42dacd865fdb36854eb064c66 38160 xbase-clients_7.5+8+squeeze1_all.deb
 5d92fb6972889869bca9a7fa213e7975465f8a58cbd40433f98a91a8b84bf463 38282 xutils_7.5+8+squeeze1_all.deb
 40dcea675bfb0e8b774bc619489ff0a6bb6a4f6ecc907e8ac0df409874151f59 53346 xserver-xorg_7.5+8+squeeze1_amd64.deb
 2a9a5c0165aa8ff8f198d9799052d80928f7e53e548b83a720327fe350c86fcf 31982 xserver-xorg-video-all_7.5+8+squeeze1_amd64.deb
 ceb094261514e4a7f116c0cf19b5a7273c84d561888aad5552e226737ff58470 31842 xserver-xorg-input-all_7.5+8+squeeze1_amd64.deb
 9326fc8ac9412efff7282df84e8eb38b26257ca882bdc0e00ded3c7e7a2b51a7 32472 xorg_7.5+8+squeeze1_amd64.deb
Files: 
 3cd534237d55ad4f8c7062191e904594 1723 x11 optional xorg_7.5+8+squeeze1.dsc
 98b9112b39d912d8ad47dd8b1dd79196 904376 x11 optional xorg_7.5+8+squeeze1.tar.gz
 9216f776a019d5103a977a291e3de514 279090 x11 optional x11-common_7.5+8+squeeze1_all.deb
 d9deb044f125e25aabf373c5bf647f68 32156 x11 optional xorg-dev_7.5+8+squeeze1_all.deb
 0294b0af7c57926ec5f9012a31c757ad 31782 libs optional xlibmesa-gl_7.5+8+squeeze1_all.deb
 0f1953abe8cea198dc1d470aa87e87d5 31790 libdevel optional xlibmesa-gl-dev_7.5+8+squeeze1_all.deb
 10da38d17bf016882c434b61b3ad0777 31784 libdevel optional xlibmesa-glu_7.5+8+squeeze1_all.deb
 27f3bd0703ce6b6f761ea6ee88e61111 31776 libs optional libglu1-xorg_7.5+8+squeeze1_all.deb
 287484cc07759d54613991d7777b0020 31786 libdevel optional libglu1-xorg-dev_7.5+8+squeeze1_all.deb
 4468dd932eb869a5305012f2b63288cc 38160 x11 optional xbase-clients_7.5+8+squeeze1_all.deb
 e668ce5c7ac04f99a41e79f980ba0cde 38282 x11 optional xutils_7.5+8+squeeze1_all.deb
 06ed8bf8f1fa98045d7da9ddd8841f8c 53346 x11 optional xserver-xorg_7.5+8+squeeze1_amd64.deb
 0e7ebb1d0a9c6b84726ffd9ffb6201e2 31982 x11 optional xserver-xorg-video-all_7.5+8+squeeze1_amd64.deb
 57a5e745409702538307667b5e85de5c 31842 x11 optional xserver-xorg-input-all_7.5+8+squeeze1_amd64.deb
 262c750810336394ce0773385c3c852f 32472 x11 optional xorg_7.5+8+squeeze1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJO65ScAAoJEDEBgAUJBeQMdB0P/idw5Y/BLNYhxoAQxqAOYWvl
WpFzhbb33e6tHeOByCNFtiT6JeWT4ms3K4x71q7BQOBcmcjMP5ao3haNhv1KJ/9p
dATZ8L0vof0oiEqTiSQjZ9q3Q3jKtd2L101Sk0ZZHe9CZ/41PtqkzYnBv0dpQPOH
O6qNhhlXzeV0HLG5Cap4hmJ9NvmyH0uAg7fwKocOLyyRGWgPCDi2p4V59545ycEQ
9NqXfyr1IGaft7xmyvRJJ0YD/h4HZPmKksfnqHpD6IliSL1NNB/ayRKIdB0kFf3r
A+YreynPz+vWdvxsyDq2DFuynrpg5bSQQwja/3PI1vuVpgslGl4CB12Mh+KqxaD3
eZNNkhV7VcitrwCM9ua9Fe6BwTX9/tDhFOIGEFx4111SEMFDEVYtTgd965Mqjg6X
jwXgbaGJ6WMVLiO0iHZ8LOHZhZE7qxxiSYGxH19veMqa2IfBZVavAR5x7yQ2T9Qv
Wbm3OajGru4+vxc3GU5I+SLs5V2flqU6KYo+mNU3zvI/4xnIylz5akPx988amIsG
aciES+5rjvGlT/JPRG5FPEwqqOpm3VmzM7sDP/vPQUH1EPdTX6U+XW9eJZBYDCkr
4nBV2Mx4QLw1MiSzTKcwXG57un7d9lohAjCvjv/YJqqyduUXcQ+3ZqvddTy20Ijj
ATCh9CJimEfY/WWWS4y3
=Gayj
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.