Debian Bug report logs -
#492434
pidgin: Connects to Jabber server with bad SSL certificates without warning (CVE-2008-3532)
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, josh@freedesktop.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Robert McQueen <robot101@debian.org>
:
Bug#492434
; Package pidgin
.
(full text, mbox, link).
Message #3 received at submit@bugs.debian.org (full text, mbox, reply):
Package: pidgin
Version: 2.4.3-1
Severity: grave
Tags: security
Justification: user security hole
I recently set up a Jabber server. I used the default snakeoil
certificate. When I configured Pidgin to connect to my new server,
using SSL, it connected without any complaint whatsoever.
- Josh Triplett
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.25-2-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages pidgin depends on:
ii gconf2 2.22.0-1 GNOME configuration database syste
ii libatk1.0-0 1.22.0-1 The ATK accessibility toolkit
ii libc6 2.7-12 GNU C Library: Shared libraries
ii libcairo2 1.6.4-6 The Cairo 2D vector graphics libra
ii libdbus-1-3 1.2.1-2 simple interprocess messaging syst
ii libdbus-glib-1-2 0.76-1 simple interprocess messaging syst
ii libglib2.0-0 2.16.4-2 The GLib library of C routines
ii libgstreamer0.10-0 0.10.20-1 Core GStreamer libraries and eleme
ii libgtk2.0-0 2.12.11-3 The GTK+ graphical user interface
ii libgtkspell0 2.0.13-1 a spell-checking addon for GTK's T
ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library
ii libpango1.0-0 1.20.5-1 Layout and rendering of internatio
ii libpurple0 2.4.3-1 multi-protocol instant messaging l
ii libsm6 2:1.0.3-2 X11 Session Management library
ii libstartup-notification0 0.9-1 library for program launch feedbac
ii libx11-6 2:1.1.4-2 X11 client-side library
ii libxss1 1:1.1.3-1 X11 Screen Saver extension library
ii perl 5.10.0-11.1 Larry Wall's Practical Extraction
ii perl-base [perlapi-5.10.0] 5.10.0-11.1 The Pathologically Eclectic Rubbis
ii pidgin-data 2.4.3-1 multi-protocol instant messaging c
Versions of packages pidgin recommends:
ii gstreamer0.10-plugins-base 0.10.20-1 GStreamer plugins from the "base"
ii gstreamer0.10-plugins-good 0.10.8-4 GStreamer plugins from the "good"
Versions of packages pidgin suggests:
ii evolution-data-server 2.22.3-1 evolution database backend server
ii gnome-panel 2.20.3-5 launcher and docking facility for
ii libsqlite3-0 3.5.9-3 SQLite 3 shared library
-- no debconf information
Information forwarded to debian-bugs-dist@lists.debian.org, Robert McQueen <robot101@debian.org>
:
Bug#492434
; Package pidgin
.
(full text, mbox, link).
Acknowledgement sent to Ari Pollak <ari@debian.org>
:
Extra info received and forwarded to list. Copy sent to Robert McQueen <robot101@debian.org>
.
(full text, mbox, link).
Message #8 received at 492434@bugs.debian.org (full text, mbox, reply):
Is the server certificate present in /etc/ssl/certs or Tools->Certificates?
Information forwarded to debian-bugs-dist@lists.debian.org, Robert McQueen <robot101@debian.org>
:
Bug#492434
; Package pidgin
.
(full text, mbox, link).
Acknowledgement sent to Miron Cuperman <c1.debian@niftybox.net>
:
Extra info received and forwarded to list. Copy sent to Robert McQueen <robot101@debian.org>
.
(full text, mbox, link).
Message #13 received at 492434@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
I believe this bug was introduced with the "fix" for bug #401567.
At that time, the SSL implementation was changed from GNUTLS to NSS.
Unfortunately, the NSS plugin in pidgin does no certificate checking at
all, meaning that any certificate is accepted (including malformed or
self-signed ones).
I recommend switching back to gnutls. Patch attached. The attached
patch also corrects a problem in reading the certificate store from
/etc/ssl/certs . (note that this patch is cumulative to
00_debian-ca-certs.patch .)
Unfortunately, it is now the case that any passwords transmitted over an
NSS created link could have been compromised by man-in-the-middle
attacks, since many people use the PLAIN auth mechanism. Any valuable
passwords compromised in this way should be changed.
--
Miron
[gnutls.diff (text/x-diff, inline)]
diff -ur pidgin-2.4.1/debian/rules pidgin-2.4.1-gnutls/debian/rules
--- pidgin-2.4.1/debian/rules 2008-08-02 19:04:58.000000000 -0700
+++ pidgin-2.4.1-gnutls/debian/rules 2008-08-02 18:43:49.000000000 -0700
@@ -20,7 +20,7 @@
LDFLAGS = -Wl,--as-needed
CFLAGS = -fstack-protector
-DEB_CONFIGURE_EXTRA_FLAGS := --enable-perl --with-zephyr=/usr --enable-dbus --enable-gnutls=no --enable-nss=yes --enable-cyrus-sasl --enable-nm --disable-silc
+DEB_CONFIGURE_EXTRA_FLAGS := --enable-perl --with-zephyr=/usr --enable-dbus --enable-gnutls=yes --enable-nss=no --enable-cyrus-sasl --enable-nm --disable-silc
DEB_DH_MAKESHLIBS_ARGS_pidgin := -V -X/usr/lib/pidgin
DEB_DH_SHLIBDEPS_ARGS_pidgin := -X/usr/lib/pidgin/gevolution.so -X/usr/lib/pidgin/cap.so -- -dSuggests debian/pidgin/usr/lib/pidgin/cap.so -dDepends
diff -ur pidgin-2.4.1/libpurple/certificate.c pidgin-2.4.1-gnutls/libpurple/certificate.c
--- pidgin-2.4.1/libpurple/certificate.c 2008-08-02 19:07:10.000000000 -0700
+++ pidgin-2.4.1-gnutls/libpurple/certificate.c 2008-08-02 18:56:25.000000000 -0700
@@ -745,7 +745,7 @@
x509_ca_paths = g_list_append(NULL, g_build_filename(DATADIR,
"ca-certs", NULL));
#else
- x509_ca_paths = g_list_append(NULL, g_build_filename("etc",
+ x509_ca_paths = g_list_append(NULL, g_build_filename("/etc",
"ssl", "certs", NULL));
#endif
}
Information forwarded to debian-bugs-dist@lists.debian.org, Robert McQueen <robot101@debian.org>
:
Bug#492434
; Package pidgin
.
(full text, mbox, link).
Acknowledgement sent to Tyler MacDonald <tyler@yi.org>
:
Extra info received and forwarded to list. Copy sent to Robert McQueen <robot101@debian.org>
.
(full text, mbox, link).
Message #18 received at 492434@bugs.debian.org (full text, mbox, reply):
tags 492434 patch
thanks
Miron Cuperman <c1.debian@niftybox.net> wrote:
> I believe this bug was introduced with the "fix" for bug #401567.
>
> At that time, the SSL implementation was changed from GNUTLS to NSS.
> Unfortunately, the NSS plugin in pidgin does no certificate checking at
> all, meaning that any certificate is accepted (including malformed or
> self-signed ones).
>
> I recommend switching back to gnutls. Patch attached. The attached
> patch also corrects a problem in reading the certificate store from
> /etc/ssl/certs . (note that this patch is cumulative to
> 00_debian-ca-certs.patch .)
>
> Unfortunately, it is now the case that any passwords transmitted over an
> NSS created link could have been compromised by man-in-the-middle
> attacks, since many people use the PLAIN auth mechanism. Any valuable
> passwords compromised in this way should be changed.
>
> --
> Miron
>
> diff -ur pidgin-2.4.1/debian/rules pidgin-2.4.1-gnutls/debian/rules
> --- pidgin-2.4.1/debian/rules 2008-08-02 19:04:58.000000000 -0700
> +++ pidgin-2.4.1-gnutls/debian/rules 2008-08-02 18:43:49.000000000 -0700
> @@ -20,7 +20,7 @@
> LDFLAGS = -Wl,--as-needed
> CFLAGS = -fstack-protector
>
> -DEB_CONFIGURE_EXTRA_FLAGS := --enable-perl --with-zephyr=/usr --enable-dbus --enable-gnutls=no --enable-nss=yes --enable-cyrus-sasl --enable-nm --disable-silc
> +DEB_CONFIGURE_EXTRA_FLAGS := --enable-perl --with-zephyr=/usr --enable-dbus --enable-gnutls=yes --enable-nss=no --enable-cyrus-sasl --enable-nm --disable-silc
> DEB_DH_MAKESHLIBS_ARGS_pidgin := -V -X/usr/lib/pidgin
> DEB_DH_SHLIBDEPS_ARGS_pidgin := -X/usr/lib/pidgin/gevolution.so -X/usr/lib/pidgin/cap.so -- -dSuggests debian/pidgin/usr/lib/pidgin/cap.so -dDepends
>
> diff -ur pidgin-2.4.1/libpurple/certificate.c pidgin-2.4.1-gnutls/libpurple/certificate.c
> --- pidgin-2.4.1/libpurple/certificate.c 2008-08-02 19:07:10.000000000 -0700
> +++ pidgin-2.4.1-gnutls/libpurple/certificate.c 2008-08-02 18:56:25.000000000 -0700
> @@ -745,7 +745,7 @@
> x509_ca_paths = g_list_append(NULL, g_build_filename(DATADIR,
> "ca-certs", NULL));
> #else
> - x509_ca_paths = g_list_append(NULL, g_build_filename("etc",
> + x509_ca_paths = g_list_append(NULL, g_build_filename("/etc",
> "ssl", "certs", NULL));
> #endif
> }
--
Tags added: patch
Request was from Tyler MacDonald <tyler@yi.org>
to control@bugs.debian.org
.
(Sun, 03 Aug 2008 04:21:04 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Robert McQueen <robot101@debian.org>
:
Bug#492434
; Package pidgin
.
(full text, mbox, link).
Acknowledgement sent to Ari Pollak <ari@debian.org>
:
Extra info received and forwarded to list. Copy sent to Robert McQueen <robot101@debian.org>
.
(full text, mbox, link).
Message #25 received at 492434@bugs.debian.org (full text, mbox, reply):
If what you say is correct, then most Pidgin installations are not
verifying certificates correctly and this isn't just a Debian problem.
Any patch needs to address the real issue, especially since upstream has
discouraged using GNUTLS.
Miron Cuperman wrote:
> I believe this bug was introduced with the "fix" for bug #401567.
>
> At that time, the SSL implementation was changed from GNUTLS to NSS.
> Unfortunately, the NSS plugin in pidgin does no certificate checking at
> all, meaning that any certificate is accepted (including malformed or
> self-signed ones).
Information forwarded to debian-bugs-dist@lists.debian.org, Robert McQueen <robot101@debian.org>
:
Bug#492434
; Package pidgin
.
(full text, mbox, link).
Acknowledgement sent to Miron Cuperman <c1.debian@niftybox.net>
:
Extra info received and forwarded to list. Copy sent to Robert McQueen <robot101@debian.org>
.
(full text, mbox, link).
Message #32 received at 492434@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
As requested, NSS patch submitted to Pidgin in forwarded bug report, so
there's no need to switch to GNUTLS.
However, the second half of the patch above is still needed to grab CA
certs from /etc/ssl/certs. Attaching just that part.
[debian-ca-certs.patch (text/x-diff, inline)]
--- pidgin-2.4.1/libpurple/certificate.c
+++ pidgin-2.4.1.new/libpurple/certificate.c
@@ -745,8 +745,8 @@
x509_ca_paths = g_list_append(NULL, g_build_filename(DATADIR,
"ca-certs", NULL));
#else
- x509_ca_paths = g_list_append(NULL, g_build_filename("etc",
- "ssl", "certs", NULL));
+ x509_ca_paths = g_list_append(NULL, g_build_filename("/etc",
+ "ssl", "certs", NULL));
#endif
}
Information forwarded to debian-bugs-dist@lists.debian.org, Robert McQueen <robot101@debian.org>
:
Bug#492434
; Package pidgin
.
(full text, mbox, link).
Acknowledgement sent to Ethan Blanton <elb@psg.com>
:
Extra info received and forwarded to list. Copy sent to Robert McQueen <robot101@debian.org>
.
(full text, mbox, link).
Message #37 received at 492434@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Why is a patch necessary to enable /etc/ssl/certs? Does
--with-system-ssl-certs= not do what you need? If so, we should fix
it, rather than applying additional hacks.
Ethan
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Robert McQueen <robot101@debian.org>
:
Bug#492434
; Package pidgin
.
(full text, mbox, link).
Acknowledgement sent to Ari Pollak <ari@debian.org>
:
Extra info received and forwarded to list. Copy sent to Robert McQueen <robot101@debian.org>
.
(full text, mbox, link).
Message #42 received at 492434@bugs.debian.org (full text, mbox, reply):
As far as I can tell, --with-system-ssl-certs doesn't exist in 2.4.3.
On Wed, 2008-08-06 at 13:03 -0400, Ethan Blanton wrote:
> Why is a patch necessary to enable /etc/ssl/certs? Does
> --with-system-ssl-certs= not do what you need? If so, we should fix
> it, rather than applying additional hacks.
>
> Ethan
Information forwarded to debian-bugs-dist@lists.debian.org, Robert McQueen <robot101@debian.org>
:
Bug#492434
; Package pidgin
.
(full text, mbox, link).
Acknowledgement sent to Ethan Blanton <elb@psg.com>
:
Extra info received and forwarded to list. Copy sent to Robert McQueen <robot101@debian.org>
.
(full text, mbox, link).
Message #47 received at 492434@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Ari Pollak spake unto us the following wisdom:
> As far as I can tell, --with-system-ssl-certs doesn't exist in 2.4.3.
Whoops, an excellent point. You might want to simply use the attached
(untested, but compiles and looks rather trivial) patch, instead,
which is from upstream. It is upstream revision
90ed1fb17982cbb6355d5dd32d041b8c0027509b and
19703c67fa680f4ee37fb1ff944b7b3a0fcf18a4.
This option will be in 2.5.0 when it releases. Sorry for the
confusion. :-) If *this* doesn't do what you need, let us know ASAP
and we'll make sure what you need is in 2.5.0.
Ethan
--
The laws that forbid the carrying of arms are laws [that have no remedy
for evils]. They disarm only those who are neither inclined nor
determined to commit crimes.
-- Cesare Beccaria, "On Crimes and Punishments", 1764
[with-system-ssl-certs.diff (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Robert McQueen <robot101@debian.org>
:
Bug#492434
; Package pidgin
.
(full text, mbox, link).
Acknowledgement sent to Ari Pollak <ari@debian.org>
:
Extra info received and forwarded to list. Copy sent to Robert McQueen <robot101@debian.org>
.
(full text, mbox, link).
Message #52 received at 492434@bugs.debian.org (full text, mbox, reply):
On Wed, 2008-08-06 at 14:43 -0400, Ethan Blanton wrote:
> Whoops, an excellent point. You might want to simply use the attached
> (untested, but compiles and looks rather trivial) patch, instead,
> which is from upstream. It is upstream revision
> 90ed1fb17982cbb6355d5dd32d041b8c0027509b and
> 19703c67fa680f4ee37fb1ff944b7b3a0fcf18a4.
Unfortunately this means I'd have to re-run autoconf & automake during
build, which I'm trying to avoid doing. Since the current patch
essentially does the same thing in the end, I'll just switch to the
configure option for 2.5.0 and fix the path for now.
Changed Bug title to `pidgin: Connects to Jabber server with bad SSL certificates without warning (CVE-2008-3532)' from `pidgin: Connects to Jabber server with bad SSL certificates without warning'.
Request was from Ari Pollak <apollak@compete.com>
to control@bugs.debian.org
.
(Fri, 08 Aug 2008 18:21:05 GMT) (full text, mbox, link).
Reply sent to Ari Pollak <ari@debian.org>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Josh Triplett <josh@freedesktop.org>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #59 received at 492434-close@bugs.debian.org (full text, mbox, reply):
Source: pidgin
Source-Version: 2.4.3-2
We believe that the bug you reported is fixed in the latest version of
pidgin, which is due to be installed in the Debian FTP archive:
finch-dev_2.4.3-2_all.deb
to pool/main/p/pidgin/finch-dev_2.4.3-2_all.deb
finch_2.4.3-2_amd64.deb
to pool/main/p/pidgin/finch_2.4.3-2_amd64.deb
libpurple-bin_2.4.3-2_all.deb
to pool/main/p/pidgin/libpurple-bin_2.4.3-2_all.deb
libpurple-dev_2.4.3-2_all.deb
to pool/main/p/pidgin/libpurple-dev_2.4.3-2_all.deb
libpurple0_2.4.3-2_amd64.deb
to pool/main/p/pidgin/libpurple0_2.4.3-2_amd64.deb
pidgin-data_2.4.3-2_all.deb
to pool/main/p/pidgin/pidgin-data_2.4.3-2_all.deb
pidgin-dbg_2.4.3-2_amd64.deb
to pool/main/p/pidgin/pidgin-dbg_2.4.3-2_amd64.deb
pidgin-dev_2.4.3-2_all.deb
to pool/main/p/pidgin/pidgin-dev_2.4.3-2_all.deb
pidgin_2.4.3-2.diff.gz
to pool/main/p/pidgin/pidgin_2.4.3-2.diff.gz
pidgin_2.4.3-2.dsc
to pool/main/p/pidgin/pidgin_2.4.3-2.dsc
pidgin_2.4.3-2_amd64.deb
to pool/main/p/pidgin/pidgin_2.4.3-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 492434@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ari Pollak <ari@debian.org> (supplier of updated pidgin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Format: 1.8
Date: Thu, 21 Aug 2008 23:56:42 -0400
Source: pidgin
Binary: libpurple0 pidgin pidgin-data pidgin-dev pidgin-dbg finch finch-dev libpurple-dev libpurple-bin
Architecture: source all amd64
Version: 2.4.3-2
Distribution: unstable
Urgency: low
Maintainer: Ari Pollak <ari@debian.org>
Changed-By: Ari Pollak <ari@debian.org>
Description:
finch - text-based multi-protocol instant messaging client
finch-dev - text-based multi-protocol instant messaging client - development
libpurple-bin - multi-protocol instant messaging library - extra utilities
libpurple-dev - multi-protocol instant messaging library - development files
libpurple0 - multi-protocol instant messaging library
pidgin - graphical multi-protocol instant messaging client for X
pidgin-data - multi-protocol instant messaging client - data files
pidgin-dbg - Debugging symbols for Pidgin
pidgin-dev - multi-protocol instant messaging client - development files
Closes: 492434
Changes:
pidgin (2.4.3-2) unstable; urgency=low
.
* Apply patch from Miron Cuperman to fix path to CA certificates in
00_debian-ca-certs.path
* debian/patches/25_ssl-nss.patch:
- Apply patch from upstream to add SSL certificate checking to the NSS
plugin, which we use (CVE-2008-3532) (Closes: #492434)
Checksums-Sha1:
33442621042807e53c136caede7007823fabe016 1760 pidgin_2.4.3-2.dsc
5ffb9f73789e6cb7b1a5b8189463883b7cf5b0cd 60877 pidgin_2.4.3-2.diff.gz
585990093664cec5e74213c8ac4951fb80e627f0 7014222 pidgin-data_2.4.3-2_all.deb
31fb43c88a32bb47345ea8bf5f183a42ea97cd8a 193246 pidgin-dev_2.4.3-2_all.deb
e91e5d11788f39b74bca04a531d14e6acaff1533 155420 finch-dev_2.4.3-2_all.deb
81377692a8477485253561f8e0ac130a5d81ed48 274612 libpurple-dev_2.4.3-2_all.deb
068a3ad4594061b6b30245ff1f50ee00b21e4ea5 131656 libpurple-bin_2.4.3-2_all.deb
60cbece5e5767fd67a74da57165dad0496b8aa7c 1711098 libpurple0_2.4.3-2_amd64.deb
a7c42107ade9b3f70e0e21f8c4edb02cffe3ed72 727426 pidgin_2.4.3-2_amd64.deb
a3a5b5466df522852eb6f757fdb4572a1e3ec92f 5663642 pidgin-dbg_2.4.3-2_amd64.deb
8c5d7577d66d0a3277c2b01ba532c20672d6fbca 347578 finch_2.4.3-2_amd64.deb
Checksums-Sha256:
64ebb90eb49974754daa8dfe53ec310ba12c7667338b0e022645147efb5500f6 1760 pidgin_2.4.3-2.dsc
7dbb871e7c276d107e365d82d79cfdb83bd3fee554b47061231af63e1ac9dbb3 60877 pidgin_2.4.3-2.diff.gz
d34470b61efb29cf1246bcea2aacf82b8aa94e51784b2e86e36cb683c1f603db 7014222 pidgin-data_2.4.3-2_all.deb
ab5a355bfcffbfd6e2afe3353395dc875233c3ac251ee798b92992a0af375426 193246 pidgin-dev_2.4.3-2_all.deb
6d91a688b374427f83aeb83ea276da182fb6550199319a4f3639bb40b8f87499 155420 finch-dev_2.4.3-2_all.deb
175046507fd273af3581cb877a3b565f3492da6a83975feded23a8eb9289e3af 274612 libpurple-dev_2.4.3-2_all.deb
f44c7c04aa0f767ac6ac212bbe7794db030c80f39592d9c55c2e6c03e5e8b748 131656 libpurple-bin_2.4.3-2_all.deb
8a358f008ef9e51afb76ea4e90b4b0f8b7e9a67588e6dec9c441c97bc0775a08 1711098 libpurple0_2.4.3-2_amd64.deb
25d78ee4c192102a6312c4aa58442179eed5944c798d219ca7b3a3e21f6a7f4c 727426 pidgin_2.4.3-2_amd64.deb
d5ea420a742e2fd90d4684d9e526b06bcc0d9771a6764dfd1477850d1d7d6162 5663642 pidgin-dbg_2.4.3-2_amd64.deb
c4f61ed5e2d80c6761c4546df756f981a710754f44171a41945da82e2bd0589a 347578 finch_2.4.3-2_amd64.deb
Files:
3904b9f4f3be9cede29eb14f7220309b 1760 net optional pidgin_2.4.3-2.dsc
1b6ce18d5f34c6a292485433bcbdcc4f 60877 net optional pidgin_2.4.3-2.diff.gz
54a1010a30f8d9a683688853d914243a 7014222 net optional pidgin-data_2.4.3-2_all.deb
61c922a030a6a93c7d4e814de8c1074d 193246 devel optional pidgin-dev_2.4.3-2_all.deb
9a59d0f64b6de495e467df3deac65d71 155420 devel optional finch-dev_2.4.3-2_all.deb
dd2190cb307bd62152f933df58787ac9 274612 libdevel optional libpurple-dev_2.4.3-2_all.deb
2b621b7d01815c526642b4a3c8f7ca9d 131656 net optional libpurple-bin_2.4.3-2_all.deb
2dc3eabf09a9b948ae7ee348e6c73b5c 1711098 net optional libpurple0_2.4.3-2_amd64.deb
28f70122b4b1126010f6486da55201f2 727426 net optional pidgin_2.4.3-2_amd64.deb
c7e0e2c0e36004f419917618fc341792 5663642 net extra pidgin-dbg_2.4.3-2_amd64.deb
6509947cfa0bdeea20ea868705ae4880 347578 net optional finch_2.4.3-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEAREDAAYFAkiuvroACgkQwO+u47cOQDuQwgCgg+wRDv9vLd0ftL09HHhvNzyG
fUIAnA3EpwmncxU5j4SgVsmxSfA4E/gD
=kguu
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 12 Oct 2008 07:30:04 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Josh Triplett <josh@joshtriplett.org>
to control@bugs.debian.org
.
(Sat, 04 Jul 2009 09:16:10 GMT) (full text, mbox, link).
Changed Bug submitter from Josh Triplett <josh@freedesktop.org> to Josh Triplett <josh@joshtriplett.org>.
Request was from Josh Triplett <josh@joshtriplett.org>
to control@bugs.debian.org
.
(Sat, 04 Jul 2009 09:16:11 GMT) (full text, mbox, link).
Bug archived.
Request was from Josh Triplett <josh@joshtriplett.org>
to control@bugs.debian.org
.
(Sat, 04 Jul 2009 09:16:12 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:37:57 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.