jhead: CVE-2018-17088: Integer overflow in gpsinfo.c while running jhead

Debian Bug report logs - #907925
jhead: CVE-2018-17088: Integer overflow in gpsinfo.c while running jhead

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Hanfang Zhang <hanfangzhang9@gmail.com>

To: submit@bugs.debian.org

Subject: jhead: Interger overflow while running jhead

Date: Tue, 4 Sep 2018 15:32:02 +0800

[Message part 1 (text/plain, inline)]

Package: jhead
Version: 3.00-7

Interger overflow while running jhead. There is an interger overflow in
exif.c line 530. When OffseVal=0xffff0014, ByteCount=0xffff,
ExifLength=0X13e, this check will be passed. So when executing strncpy
function it will lead to a segmentation fault. It may allow a remote
attacker to cause unspecified impact including denial-of-service attack.Deatil
log as follow:

zhang123@ubuntu:~/Desktop/jhead-3.00$ ./jhead ./testfile
ASAN:SIGSEGV
=================================================================
==21157==ERROR: AddressSanitizer: SEGV on unknown address
0x6130ffffde90 (pc 0x7efd4499e900 bp 0x7fffcbe95d50 sp 0x7fffcbe954d8
T0)
    #0 0x7efd4499e8ff in strnlen (/lib/x86_64-linux-gnu/libc.so.6+0x8b8ff)
    #1 0x7efd4505c4e2 in __interceptor_strncpy
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x764e2)
    #2 0x40efad in ProcessExifDir
(/home/zhang123/Desktop/jhead-3.00/jhead+0x40efad)
    #3 0x410399 in process_EXIF
(/home/zhang123/Desktop/jhead-3.00/jhead+0x410399)
    #4 0x40830d in ReadJpegSections.part.0
(/home/zhang123/Desktop/jhead-3.00/jhead+0x40830d)
    #5 0x4087dd in ReadJpegFile
(/home/zhang123/Desktop/jhead-3.00/jhead+0x4087dd)
    #6 0x4049f6 in ProcessFile
(/home/zhang123/Desktop/jhead-3.00/jhead+0x4049f6)
    #7 0x402575 in main (/home/zhang123/Desktop/jhead-3.00/jhead+0x402575)
    #8 0x7efd4493382f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #9 0x403998 in _start (/home/zhang123/Desktop/jhead-3.00/jhead+0x403998)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 strnlen
==21157==ABORTING

This bug was found by Hanfang Zhang at Sichuan University. Request a
CVE ID. Thanks.

[Message part 2 (text/html, inline)]

[testfile (application/octet-stream, attachment)]

Message #10 received at 907925-done@bugs.debian.org (full text, mbox, reply):

From: Ludovic Rousseau <ludovic.rousseau@gmail.com>

To: Hanfang Zhang <hanfangzhang9@gmail.com>, 907925-done@bugs.debian.org

Subject: Re: Bug#907925: jhead: Interger overflow while running jhead

Date: Wed, 5 Sep 2018 10:10:29 +0200

Hello,

Le 04/09/2018 à 09:32, Hanfang Zhang a écrit :
> Package: jhead
> Version: 3.00-7
> 
> Interger overflow while running jhead. There is an interger overflow in exif.c line 530. When OffseVal=0xffff0014, ByteCount=0xffff, ExifLength=0X13e, this check will be passed. So when executing strncpy function it will lead to a segmentation fault. It may allow a remote attacker to cause unspecified impact including denial-of-service attack.Deatil log as follow:
> 
> zhang123@ubuntu:~/Desktop/jhead-3.00$ ./jhead ./testfile
> ASAN:SIGSEGV
> =================================================================
> ==21157==ERROR: AddressSanitizer: SEGV on unknown address 0x6130ffffde90 (pc 0x7efd4499e900 bp 0x7fffcbe95d50 sp 0x7fffcbe954d8 T0)
>      #0 0x7efd4499e8ff in strnlen (/lib/x86_64-linux-gnu/libc.so.6+0x8b8ff)
>      #1 0x7efd4505c4e2 in __interceptor_strncpy (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x764e2)
>      #2 0x40efad in ProcessExifDir (/home/zhang123/Desktop/jhead-3.00/jhead+0x40efad)
>      #3 0x410399 in process_EXIF (/home/zhang123/Desktop/jhead-3.00/jhead+0x410399)
>      #4 0x40830d in ReadJpegSections.part.0 (/home/zhang123/Desktop/jhead-3.00/jhead+0x40830d)
>      #5 0x4087dd in ReadJpegFile (/home/zhang123/Desktop/jhead-3.00/jhead+0x4087dd)
>      #6 0x4049f6 in ProcessFile (/home/zhang123/Desktop/jhead-3.00/jhead+0x4049f6)
>      #7 0x402575 in main (/home/zhang123/Desktop/jhead-3.00/jhead+0x402575)
>      #8 0x7efd4493382f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
>      #9 0x403998 in _start (/home/zhang123/Desktop/jhead-3.00/jhead+0x403998)
> 
> AddressSanitizer can not provide additional info.
> SUMMARY: AddressSanitizer: SEGV ??:0 strnlen
> ==21157==ABORTING
> 
> This bug was found by Hanfang Zhang at Sichuan University. Request a CVE ID. Thanks.

I cannot reproduce your problem using the current version of jhead.
I have:
$ jhead testfile

Nonfatal Error : 'testfile' Illegal value pointer for tag 0132 in Exif

Nonfatal Error : 'testfile' Illegal number format 134 for tag 0000 in Exif

Nonfatal Error : 'testfile' Illegal number format 154 for tag 0000 in Exif

Nonfatal Error : 'testfile' Illegally sized Exif subdirectory (1279 entries)

Nonfatal Error : 'testfile' Extraneous 10 padding bytes before section DB

Nonfatal Error : 'testfile' Extraneous 28 padding bytes before section C0

Error : Premature end of file?
in file 'testfile'


But I can reproduce the crash if I rebuild jhead _without_ using the Debian patches.

Program received signal SIGSEGV, Segmentation fault.
__strncpy_sse2_unaligned ()
    at ../sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S:63
63	../sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S: Aucun fichier ou dossier de ce type.
(gdb) bt
#0  __strncpy_sse2_unaligned ()
    at ../sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S:63
#1  0x000055555555d100 in ProcessExifDir (
    DirStart=DirStart@entry=0x55555556f530 "",
    OffsetBase=OffsetBase@entry=0x55555556f528 "MM",
    ExifLength=ExifLength@entry=318, NestingLevel=NestingLevel@entry=0)
    at exif.c:634
#2  0x000055555555d741 in process_EXIF (
    ExifSection=0x55555556f520 "\001FExif", length=326) at exif.c:1034
#3  0x000055555555a82a in ReadJpegSections (
    infile=infile@entry=0x55555556e2c0, ReadMode=ReadMode@entry=READ_METADATA)
    at jpgfile.c:287
#4  0x000055555555ab06 in ReadJpegSections (ReadMode=READ_METADATA,
    infile=0x55555556e2c0) at jpgfile.c:355
#5  ReadJpegFile (FileName=0x7fffffffe253 "/home/rousseau/testfile",
    ReadMode=READ_METADATA) at jpgfile.c:375
#6  0x0000555555558861 in ProcessFile (
    FileName=0x7fffffffe253 "/home/rousseau/testfile") at jhead.c:896
#7  0x000055555555769c in main (argc=<optimized out>, argv=0x7fffffffdf28)
    at jhead.c:1730
(gdb)

I think the problem you are reporting is known as CVE-2016-3822 and has already been fixed for Debian in https://sources.debian.org/src/jhead/1:3.00-7/debian/patches/31_CVE-2016-3822/ for jhead version 1:3.00-4

If you think I am wrong please comment on this bug report and I will reopen it.

Regards,

-- 
 Dr. Ludovic Rousseau

Message #15 received at 907925@bugs.debian.org (full text, mbox, reply):

From: Hanfang Zhang <hanfangzhang9@gmail.com>

To: 907925@bugs.debian.org

Subject: Re: Bug#907925: jhead: Interger overflow while running jhead

Date: Wed, 5 Sep 2018 18:42:08 +0800

[Message part 1 (text/plain, inline)]

I'm sorry, I did not run jhead with Debian patches before. I patched it
just now. But I did not see the patch file for gpsinfo.c. So this
vulnerability stiil exists in gpsinfo.c(line 104). I am not sure if I
missed the patch file. The poc is in the attachment.

Ludovic Rousseau <ludovic.rousseau@gmail.com> 于2018年9月5日周三 下午4:10写道：

> Hello,
>
> Le 04/09/2018 à 09:32, Hanfang Zhang a écrit :
> > Package: jhead
> > Version: 3.00-7
> >
> > Interger overflow while running jhead. There is an interger overflow in
> exif.c line 530. When OffseVal=0xffff0014, ByteCount=0xffff,
> ExifLength=0X13e, this check will be passed. So when executing strncpy
> function it will lead to a segmentation fault. It may allow a remote
> attacker to cause unspecified impact including denial-of-service
> attack.Deatil log as follow:
> >
> > zhang123@ubuntu:~/Desktop/jhead-3.00$ ./jhead ./testfile
> > ASAN:SIGSEGV
> > =================================================================
> > ==21157==ERROR: AddressSanitizer: SEGV on unknown address 0x6130ffffde90
> (pc 0x7efd4499e900 bp 0x7fffcbe95d50 sp 0x7fffcbe954d8 T0)
> >      #0 0x7efd4499e8ff in strnlen
> (/lib/x86_64-linux-gnu/libc.so.6+0x8b8ff)
> >      #1 0x7efd4505c4e2 in __interceptor_strncpy
> (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x764e2)
> >      #2 0x40efad in ProcessExifDir
> (/home/zhang123/Desktop/jhead-3.00/jhead+0x40efad)
> >      #3 0x410399 in process_EXIF
> (/home/zhang123/Desktop/jhead-3.00/jhead+0x410399)
> >      #4 0x40830d in ReadJpegSections.part.0
> (/home/zhang123/Desktop/jhead-3.00/jhead+0x40830d)
> >      #5 0x4087dd in ReadJpegFile
> (/home/zhang123/Desktop/jhead-3.00/jhead+0x4087dd)
> >      #6 0x4049f6 in ProcessFile
> (/home/zhang123/Desktop/jhead-3.00/jhead+0x4049f6)
> >      #7 0x402575 in main
> (/home/zhang123/Desktop/jhead-3.00/jhead+0x402575)
> >      #8 0x7efd4493382f in __libc_start_main
> (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
> >      #9 0x403998 in _start
> (/home/zhang123/Desktop/jhead-3.00/jhead+0x403998)
> >
> > AddressSanitizer can not provide additional info.
> > SUMMARY: AddressSanitizer: SEGV ??:0 strnlen
> > ==21157==ABORTING
> >
> > This bug was found by Hanfang Zhang at Sichuan University. Request a CVE
> ID. Thanks.
>
> I cannot reproduce your problem using the current version of jhead.
> I have:
> $ jhead testfile
>
> Nonfatal Error : 'testfile' Illegal value pointer for tag 0132 in Exif
>
> Nonfatal Error : 'testfile' Illegal number format 134 for tag 0000 in Exif
>
> Nonfatal Error : 'testfile' Illegal number format 154 for tag 0000 in Exif
>
> Nonfatal Error : 'testfile' Illegally sized Exif subdirectory (1279
> entries)
>
> Nonfatal Error : 'testfile' Extraneous 10 padding bytes before section DB
>
> Nonfatal Error : 'testfile' Extraneous 28 padding bytes before section C0
>
> Error : Premature end of file?
> in file 'testfile'
>
>
> But I can reproduce the crash if I rebuild jhead _without_ using the
> Debian patches.
>
> Program received signal SIGSEGV, Segmentation fault.
> __strncpy_sse2_unaligned ()
>      at ../sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S:63
> 63      ../sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S: Aucun fichier
> ou dossier de ce type.
> (gdb) bt
> #0  __strncpy_sse2_unaligned ()
>      at ../sysdeps/x86_64/multiarch/strcpy-sse2-unaligned.S:63
> #1  0x000055555555d100 in ProcessExifDir (
>      DirStart=DirStart@entry=0x55555556f530 "",
>      OffsetBase=OffsetBase@entry=0x55555556f528 "MM",
>      ExifLength=ExifLength@entry=318, NestingLevel=NestingLevel@entry=0)
>      at exif.c:634
> #2  0x000055555555d741 in process_EXIF (
>      ExifSection=0x55555556f520 "\001FExif", length=326) at exif.c:1034
> #3  0x000055555555a82a in ReadJpegSections (
>      infile=infile@entry=0x55555556e2c0, ReadMode=ReadMode@entry
> =READ_METADATA)
>      at jpgfile.c:287
> #4  0x000055555555ab06 in ReadJpegSections (ReadMode=READ_METADATA,
>      infile=0x55555556e2c0) at jpgfile.c:355
> #5  ReadJpegFile (FileName=0x7fffffffe253 "/home/rousseau/testfile",
>      ReadMode=READ_METADATA) at jpgfile.c:375
> #6  0x0000555555558861 in ProcessFile (
>      FileName=0x7fffffffe253 "/home/rousseau/testfile") at jhead.c:896
> #7  0x000055555555769c in main (argc=<optimized out>, argv=0x7fffffffdf28)
>      at jhead.c:1730
> (gdb)
>
> I think the problem you are reporting is known as CVE-2016-3822 and has
> already been fixed for Debian in
> https://sources.debian.org/src/jhead/1:3.00-7/debian/patches/31_CVE-2016-3822/
> for jhead version 1:3.00-4
>
> If you think I am wrong please comment on this bug report and I will
> reopen it.
>
> Regards,
>
> --
>   Dr. Ludovic Rousseau
>

[Message part 2 (text/html, inline)]

[poc (application/octet-stream, attachment)]

Message #20 received at 907925@bugs.debian.org (full text, mbox, reply):

From: Ludovic Rousseau <ludovic.rousseau@gmail.com>

To: Hanfang Zhang <hanfangzhang9@gmail.com>, 907925@bugs.debian.org

Subject: Re: Bug#907925: jhead: Interger overflow while running jhead

Date: Wed, 5 Sep 2018 15:37:15 +0200

Le 05/09/2018 à 12:42, Hanfang Zhang a écrit :
> I'm sorry, I did not run jhead with Debian patches before. I patched it just now. But I did not see the patch file for gpsinfo.c. So this vulnerability stiil exists in gpsinfo.c(line 104). I am not sure if I missed the patch file. The poc is in the attachment.

Exact.
With the poc file I can reproduce the crash.

I reopened the bug and will provide a fix.

Thanks

-- 
 Dr. Ludovic Rousseau

Message #29 received at 907925@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Hanfang Zhang <hanfangzhang9@gmail.com>, 907925@bugs.debian.org, team@security.debian.org

Subject: Re: Bug#907925: jhead: Interger overflow while running jhead

Date: Wed, 5 Sep 2018 17:05:23 +0200

Hi Hanfang,

On Tue, Sep 04, 2018 at 03:32:02PM +0800, Hanfang Zhang wrote:
> This bug was found by Hanfang Zhang at Sichuan University. Request a
> CVE ID. Thanks.

Can you please request a CVE via the webform at
https://cveform.mitre.org/ and once the CVE assigned loop it back
here?

Thanks already,

Regards,
Salvatore

Message #36 received at 907925@bugs.debian.org (full text, mbox, reply):

From: Hanfang Zhang <hanfangzhang9@gmail.com>

To: carnil@debian.org

Cc: 907925@bugs.debian.org, team@security.debian.org

Subject: Re: Bug#907925: jhead: Interger overflow while running jhead

Date: Fri, 7 Sep 2018 12:53:38 +0800

[Message part 1 (text/plain, inline)]

Hi Salvatore,

I have done that and the CVE ID is CVE-2018-16554. But the status of it is
preserved. Thanks.

Regards,
Hanfang

Salvatore Bonaccorso <carnil@debian.org> 于2018年9月5日周三 下午11:05写道：

> Hi Hanfang,
>
> On Tue, Sep 04, 2018 at 03:32:02PM +0800, Hanfang Zhang wrote:
> > This bug was found by Hanfang Zhang at Sichuan University. Request a
> > CVE ID. Thanks.
>
> Can you please request a CVE via the webform at
> https://cveform.mitre.org/ and once the CVE assigned loop it back
> here?
>
> Thanks already,
>
> Regards,
> Salvatore
>

[Message part 2 (text/html, inline)]

Message #41 received at 907925@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Hanfang Zhang <hanfangzhang9@gmail.com>, 907925@bugs.debian.org

Cc: team@security.debian.org

Subject: Re: Bug#907925: jhead: Interger overflow while running jhead

Date: Fri, 7 Sep 2018 10:48:26 +0200

Control: retitle -1 jhead: CVE-2018-16554: Interger overflow while running jhead

Hi Hanfang,

On Fri, Sep 07, 2018 at 12:53:38PM +0800, Hanfang Zhang wrote:
> Hi Salvatore,
> 
> I have done that and the CVE ID is CVE-2018-16554. But the status of it is
> preserved. Thanks.

Perfect, thank you!

Regards,
Salvatore

Message #48 received at 907925@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 907925@bugs.debian.org, 908176@bugs.debian.org

Cc: Hanfang Zhang <hanfangzhang9@gmail.com>, team@security.debian.org

Subject: Re: Bug#907925: jhead: Interger overflow while running jhead

Date: Sun, 16 Sep 2018 21:08:21 +0200

Control: retitle 907925 jhead: CVE-2018-17088: Integer overflow in gpsinfo.c while running jhead
Control: retitle 908176 jhead: CVE-2018-16554: Buffer overflow in gpsinfo.c while running jhead

Hi

On Fri, Sep 07, 2018 at 10:48:26AM +0200, Salvatore Bonaccorso wrote:
> Control: retitle -1 jhead: CVE-2018-16554: Interger overflow while running jhead

I checked with MITRE on the relative CVE assignments for #907925 and
#908176 and MITRE confirmed they should be as follows:

#907925:
jhead: CVE-2018-17088: Integer overflow in gpsinfo.c while running jhead

#908176:
jhead: CVE-2018-16554: Buffer overflow in gpsinfo.c while running jhead

Regards,
Salvatore

Message #55 received at 907925@bugs.debian.org (full text, mbox, reply):

From: Hanfang Zhang <hanfangzhang9@gmail.com>

To: carnil@debian.org

Cc: 907925@bugs.debian.org, 908176@bugs.debian.org, team@security.debian.org

Subject: Re: Bug#907925: jhead: Interger overflow while running jhead

Date: Mon, 17 Sep 2018 09:43:54 +0800

[Message part 1 (text/plain, inline)]

Thanks a lot!

Regards,
Hanfang

Salvatore Bonaccorso <carnil@debian.org> 于2018年9月17日周一 上午3:08写道：

> Control: retitle 907925 jhead: CVE-2018-17088: Integer overflow in
> gpsinfo.c while running jhead
> Control: retitle 908176 jhead: CVE-2018-16554: Buffer overflow in
> gpsinfo.c while running jhead
>
> Hi
>
> On Fri, Sep 07, 2018 at 10:48:26AM +0200, Salvatore Bonaccorso wrote:
> > Control: retitle -1 jhead: CVE-2018-16554: Interger overflow while
> running jhead
>
> I checked with MITRE on the relative CVE assignments for #907925 and
> #908176 and MITRE confirmed they should be as follows:
>
> #907925:
> jhead: CVE-2018-17088: Integer overflow in gpsinfo.c while running jhead
>
> #908176:
> jhead: CVE-2018-16554: Buffer overflow in gpsinfo.c while running jhead
>
> Regards,
> Salvatore
>

[Message part 2 (text/html, inline)]

Message #60 received at 907925-close@bugs.debian.org (full text, mbox, reply):

From: Ludovic Rousseau <rousseau@debian.org>

To: 907925-close@bugs.debian.org

Subject: Bug#907925: fixed in jhead 1:3.00-8

Date: Wed, 19 Sep 2018 18:04:40 +0000

Source: jhead
Source-Version: 1:3.00-8

We believe that the bug you reported is fixed in the latest version of
jhead, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 907925@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ludovic Rousseau <rousseau@debian.org> (supplier of updated jhead package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 19 Sep 2018 19:55:26 +0200
Source: jhead
Binary: jhead
Architecture: source amd64
Version: 1:3.00-8
Distribution: unstable
Urgency: medium
Maintainer: Ludovic Rousseau <rousseau@debian.org>
Changed-By: Ludovic Rousseau <rousseau@debian.org>
Description:
 jhead      - manipulate the non-image part of Exif compliant JPEG files
Closes: 907925 908176
Changes:
 jhead (1:3.00-8) unstable; urgency=medium
 .
   * Fix "Interger overflow while running jhead" (Closes: #907925)
     debian/patches/32_crash_in_gpsinfo fix CVE-2018-17088
   * Fix "Buffer Overflow while running jhead" (Closes: #908176)
     debian/patches/33_fix_908176 fix CVE-2018-16554
   * Fix another buffer overflow
     debian/patches/34_buffer_overflow
   * Upgrade debhelper version from 9 to 11
   * debian/control: Standards-Version: 3.9.8 -> 4.2.1. No change needed.
   * debian/patches/35_fix_alloc_size: patch from Fedora to fix a compiler
     warning
Checksums-Sha1:
 7b353c99aef716cbb48af49b26612365edf0be17 1815 jhead_3.00-8.dsc
 98f63bc27f86bf8e6ea34ca085c1aae4a42ab000 9080 jhead_3.00-8.debian.tar.xz
 e5c35d95e193823f0ed947abd0ec8f210770f0f0 76832 jhead-dbgsym_3.00-8_amd64.deb
 1881960899c84f9f5da61cc06a8677fe3acc5933 5785 jhead_3.00-8_amd64.buildinfo
 72cf59be94ac74117277c04f517014261f04f0c4 49360 jhead_3.00-8_amd64.deb
Checksums-Sha256:
 115f9567f5ed4b6ab1089fc7ff5ddddd2910b480115a78dcd19447ded4935036 1815 jhead_3.00-8.dsc
 71f718b7e50fa98b6dd012b405995876df38ed576db968f2161f07c2a06d2f8f 9080 jhead_3.00-8.debian.tar.xz
 c2e6f231bc7c2d2a1323b4341d1f1a53d8a240ed89aa509f255030a15e0dd508 76832 jhead-dbgsym_3.00-8_amd64.deb
 a4c5adad30c338a6069c78057ebac6cbd9ea5a9284b43e777d9f2580986d2aea 5785 jhead_3.00-8_amd64.buildinfo
 486a48bac178eddeb8c6147c01a968a68cdf1ef403083e6ff8b904ef9ddc7590 49360 jhead_3.00-8_amd64.deb
Files:
 5d2907e6068f6e69d2446db0c157fd78 1815 graphics optional jhead_3.00-8.dsc
 ff518a2ef847d538dcca1f1282e1e87e 9080 graphics optional jhead_3.00-8.debian.tar.xz
 1ea2f880245e9bcca15f47d6274e3393 76832 debug optional jhead-dbgsym_3.00-8_amd64.deb
 77cb3a4805b2d88c75cd414afcd1e41e 5785 graphics optional jhead_3.00-8_amd64.buildinfo
 02532456f89488f1cbc78b90e348286c 49360 graphics optional jhead_3.00-8_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEE9eEbn/6REUb0HZU9eKG03+j5xX4FAluijeoUHHJvdXNzZWF1
QGRlYmlhbi5vcmcACgkQeKG03+j5xX7eaQ/9EwmTQAvhadzAsO3a8sWTc1Juked6
1CJFweC1ZkENmzPUFJdZx5P98t4ELSVbv4ofKTpR5H+Ut7ivzXfOvnNUllllq2K2
vvZ7OBPmI9lyQqyV6Gf96Rk7OGg9UNqHGpcefuWr1SLqL209H1/lnrKBKtsypDsa
AjxGRGn4wEHXrt8wPFIJivk2c6SN4hJ5ISeBuysqM9JpMmTyC6/NqAkk1z2vyn2o
/Yam+uM6o9gT0J2PSSfCXHj5jAt2W/UsmHSpMV3wG+gVaxQg/iU97jXSqR7wrDob
FKowrZrnh5MSFyT06cQBG1JrNCPFmkWizJx9DMnQeqgZtEhYkV70NPAfuGMfDGjv
zzNQTNy69Q4n9btWHT+O1uRSQsyG39nFvjFD9ADcNL1FehDhfYXw3BX/WE/hZWYx
TBFCEY721P6sBbei1TPvE17VvNwv6I9YFjql7lmBwzh6ITE/w6QgwksgV9MT8MhH
t0HmNjbiQlfKuuQk7KlGRdy+hmlV+pBUSw/TpOPtfuA8WJStzDwaoI8+rglgXpjp
DQ9zgeE5EKkREyjpUChY4VAz+39F1b94nP2QzHL6Y6VxiKOYqYns0zT/EwHonq+u
EWqIpvwYOWm+EV3aeUU0xLvQ3QTG55wT4vozg3/pTSJigXUa9hnuMzt2IyYYW4VM
4QtdLO7tA+c8RZY=
=ZZGp
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.