rpm: CVE-2012-6088

Debian Bug report logs - #697375
rpm: CVE-2012-6088

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: rpm: CVE-2012-6088

Date: Fri, 04 Jan 2013 15:55:13 +0100

Package: rpm
Severity: grave
Tags: security
Justification: user security hole

This was assigned CVE-2012-6088:
http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=3d74c43e7424bc8bf95f5e031446ecb6b08381e8

Cheers,
        Moritz

Message #10 received at 697375@bugs.debian.org (full text, mbox, reply):

From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>

To: Debian Bug Tracking System <697375@bugs.debian.org>

Subject: Re: rpm: CVE-2012-6088

Date: Fri, 04 Jan 2013 23:07:13 +0100

Package: rpm
Followup-For: Bug #697375

Linking directly to the patch:

> http://rpm.org/gitweb?p=rpm.git;a=patch;h=3d74c43e7424bc8bf95f5e031446ecb6b08381e8

Tagging as patch.

Cheers,

Adrian

Message #17 received at 697375@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Moritz Muehlenhoff <jmm@inutil.org>, 697375@bugs.debian.org

Cc: Michal Čihař <nijel@debian.org>

Subject: Re: Bug#697375: rpm: CVE-2012-6088

Date: Sat, 5 Jan 2013 13:33:41 +0100

[Message part 1 (text/plain, inline)]

Hi Michal

On Fri, Jan 04, 2013 at 03:55:13PM +0100, Moritz Muehlenhoff wrote:
> Package: rpm
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> This was assigned CVE-2012-6088:
> http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=3d74c43e7424bc8bf95f5e031446ecb6b08381e8

I have checked, the patch seems to apply to both version in testing
and unstable as it is. Attached are the two debdiffs.

I have seen you are in the LowNMU and the package maintained in
collab-maint. I can do a NMU in case you have not the time to prepare
the upload.

Regards,
Salvatore

[rpm_4.10.0-5+deb7u1.debdiff (text/plain, attachment)]

[rpm_4.10.1-2.1.debdiff (text/plain, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #22 received at 697375@bugs.debian.org (full text, mbox, reply):

From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: Michal Čihař <nijel@debian.org>, Moritz Muehlenhoff <jmm@inutil.org>, 697375@bugs.debian.org

Subject: Re: Bug#697375: rpm: CVE-2012-6088

Date: Sat, 5 Jan 2013 21:13:21 +0100

Hi Salvatore,

> I have seen you are in the LowNMU and the package maintained in
> collab-maint. I can do a NMU in case you have not the time to prepare
> the upload.

Why not do an NMU and upload it into DELAYED/5 or /10? This time
Michal will have enough time to respond, yet we won't let too much
time elapse until this vulnerability gets fixed.

Cheers,

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaubitz@debian.org
`. `'   Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Message #27 received at 697375@bugs.debian.org (full text, mbox, reply):

From: Michal Čihař <nijel@debian.org>

To: Salvatore Bonaccorso <carnil@debian.org>, 697375@bugs.debian.org

Subject: Re: Bug#697375: rpm: CVE-2012-6088

Date: Sat, 5 Jan 2013 21:06:49 +0100

[Message part 1 (text/plain, inline)]

Hi

Dne Sat, 5 Jan 2013 13:33:41 +0100
Salvatore Bonaccorso <carnil@debian.org> napsal(a):

> Hi Michal
> 
> On Fri, Jan 04, 2013 at 03:55:13PM +0100, Moritz Muehlenhoff wrote:
> > Package: rpm
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> > 
> > This was assigned CVE-2012-6088:
> > http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=3d74c43e7424bc8bf95f5e031446ecb6b08381e8
> 
> I have checked, the patch seems to apply to both version in testing
> and unstable as it is. Attached are the two debdiffs.
> 
> I have seen you are in the LowNMU and the package maintained in
> collab-maint. I can do a NMU in case you have not the time to prepare
> the upload.

The diff looks okay, so feel free to go ahead (it would be great if you
can commit that to collab-maint as well). I probably won't have time
earlier than sometimes in second half of next week.


-- 
	Michal Čihař | http://cihar.com | http://blog.cihar.com

[signature.asc (application/pgp-signature, attachment)]

Message #32 received at 697375@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Michal Čihař <nijel@debian.org>

Cc: 697375@bugs.debian.org

Subject: Re: Bug#697375: rpm: CVE-2012-6088

Date: Sat, 5 Jan 2013 23:37:40 +0100

[Message part 1 (text/plain, inline)]

Hi Michal

On Sat, Jan 05, 2013 at 09:06:49PM +0100, Michal Čihař wrote:
> Hi
> 
> Dne Sat, 5 Jan 2013 13:33:41 +0100
> Salvatore Bonaccorso <carnil@debian.org> napsal(a):
> 
> > Hi Michal
> > 
> > On Fri, Jan 04, 2013 at 03:55:13PM +0100, Moritz Muehlenhoff wrote:
> > > Package: rpm
> > > Severity: grave
> > > Tags: security
> > > Justification: user security hole
> > > 
> > > This was assigned CVE-2012-6088:
> > > http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=3d74c43e7424bc8bf95f5e031446ecb6b08381e8
> > 
> > I have checked, the patch seems to apply to both version in testing
> > and unstable as it is. Attached are the two debdiffs.
> > 
> > I have seen you are in the LowNMU and the package maintained in
> > collab-maint. I can do a NMU in case you have not the time to prepare
> > the upload.
> 
> The diff looks okay, so feel free to go ahead (it would be great if you
> can commit that to collab-maint as well). I probably won't have time
> earlier than sometimes in second half of next week.

Thank you for confirming! I will do the NMU then and also make sure
for the t-p-u. Yes will also push my changes in collab-maint, I indeed
have them already ready for it.

Regards,
Salvatore

[signature.asc (application/pgp-signature, inline)]

Message #37 received at 697375@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>

Cc: Michal Čihař <nijel@debian.org>, Moritz Muehlenhoff <jmm@inutil.org>, 697375@bugs.debian.org

Subject: Re: Bug#697375: rpm: CVE-2012-6088

Date: Sat, 5 Jan 2013 23:42:04 +0100

[Message part 1 (text/plain, inline)]

Hi Adrian

On Sat, Jan 05, 2013 at 09:13:21PM +0100, John Paul Adrian Glaubitz wrote:
> Hi Salvatore,
> 
> > I have seen you are in the LowNMU and the package maintained in
> > collab-maint. I can do a NMU in case you have not the time to prepare
> > the upload.
> 
> Why not do an NMU and upload it into DELAYED/5 or /10? This time
> Michal will have enough time to respond, yet we won't let too much
> time elapse until this vulnerability gets fixed.

See Dev-Ref 5.11.1.[1], the 4th and 5th item. I know Michal is quite
active so I first wanted to confirm with him. And I first at least
like to express that I intend to NMU before uploading to a delayed
queue.

I have now recieved the confirmation from Michal, so will do the
NMU[2] (without delaying now).

 [1]: http://www.debian.org/doc/manuals/developers-reference/pkgs.html#nmu-guidelines
 [2]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697375#27

Hope that clarifies why I did not do straight the NMU with delayed
queue :-)

Regards,
Salvatore

[signature.asc (application/pgp-signature, inline)]

Message #42 received at 697375-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 697375-close@bugs.debian.org

Subject: Bug#697375: fixed in rpm 4.10.1-2.1

Date: Sat, 05 Jan 2013 23:17:45 +0000

Source: rpm
Source-Version: 4.10.1-2.1

We believe that the bug you reported is fixed in the latest version of
rpm, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 697375@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated rpm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 05 Jan 2013 13:06:25 +0100
Source: rpm
Binary: rpm rpm2cpio rpm-common rpm-i18n librpm-dbg librpm3 librpmio3 librpmbuild3 librpmsign1 librpm-dev python-rpm
Architecture: source amd64 all
Version: 4.10.1-2.1
Distribution: unstable
Urgency: low
Maintainer: Michal Čihař <nijel@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 librpm-dbg - debugging symbols for RPM
 librpm-dev - RPM shared library, development kit
 librpm3    - RPM shared library
 librpmbuild3 - RPM build shared library
 librpmio3  - RPM IO shared library
 librpmsign1 - RPM signing shared library
 python-rpm - Python bindings for RPM
 rpm        - package manager for RPM
 rpm-common - common files for RPM
 rpm-i18n   - localization and localized man pages for rpm
 rpm2cpio   - tool to convert RPM package to CPIO archive
Closes: 697375
Changes: 
 rpm (4.10.1-2.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Add 0001-Ensure-correct-return-code-on-malformed-signature-in.patch
     [SECURITY] CVE-2012-6088: Ensure correct return code on malformed
     signature in packages. Patch cherry-picked from upstream git repository.
     (Closes: #697375)
Checksums-Sha1: 
 7e28fa2f97f1d38a6b154ca7cc42f3dba3a0dc65 2698 rpm_4.10.1-2.1.dsc
 3256f354d2e338e9f37599c1dabcab8cfcf3181c 36282 rpm_4.10.1-2.1.debian.tar.gz
 aad1843e3a56e25d23dc9369cb752e3311c25ff5 1076690 rpm_4.10.1-2.1_amd64.deb
 8fd2154c59672f5670021a7a42091fba97add33e 929214 rpm2cpio_4.10.1-2.1_amd64.deb
 4eca73b66244164473141d8725e379444eb3475c 949150 rpm-common_4.10.1-2.1_amd64.deb
 2e178cdd3bbdf2ede006aa1f60ff13e9b3edce62 1445578 rpm-i18n_4.10.1-2.1_all.deb
 59665b99fdf2768c8672dc00d4cc41f1620acb7d 2323726 librpm-dbg_4.10.1-2.1_amd64.deb
 7d8f3d3fb706df8b210ad7d414108a42b857d215 1108278 librpm3_4.10.1-2.1_amd64.deb
 94a023231319d629afc251ea4fb74e9f5371312a 1002770 librpmio3_4.10.1-2.1_amd64.deb
 fb93c1d454ba2b7af90f4a0a861b7aaa83803376 993668 librpmbuild3_4.10.1-2.1_amd64.deb
 46eb3ee6a73b422816cccb37ae44212d6a20f754 932870 librpmsign1_4.10.1-2.1_amd64.deb
 77b0b69a7e3da28b438d896a2698b9ae94c2eecc 985984 librpm-dev_4.10.1-2.1_amd64.deb
 2157e2d02967493ce0c58033174e9bf8fd572fda 1006768 python-rpm_4.10.1-2.1_amd64.deb
Checksums-Sha256: 
 e045b31450953542e70d4aa1fdaa4688721dde73b7ea379301b94a4c19a9f42d 2698 rpm_4.10.1-2.1.dsc
 12d0fbd5324c60d8b3bf41bb777f682a71d8bc10e90971af6b48361a39205dfa 36282 rpm_4.10.1-2.1.debian.tar.gz
 fa5d7f40d3b96b47ea5850873934e244a9bfcb2dead384a4aed921d9ca3b1b69 1076690 rpm_4.10.1-2.1_amd64.deb
 cf27e1f6c1edd5141a905958b91f3ea591176bf73e2164483aa2cea42ffc5cb7 929214 rpm2cpio_4.10.1-2.1_amd64.deb
 15de4c5d56e46e58d4419e039353e218a61c789bb0fe6931e46b85b008d42905 949150 rpm-common_4.10.1-2.1_amd64.deb
 f4380105decbe8bdcee5fd817003740dd4b9d8cd294acc6d06f0054c42f1f35c 1445578 rpm-i18n_4.10.1-2.1_all.deb
 837b5569054b4629963347b07ea74e05d1d10b0b0ea00af9adfdc33d19c97a8e 2323726 librpm-dbg_4.10.1-2.1_amd64.deb
 ec633f90261f83b0fcf271109da85bf68f0671d20d59172b26e63cfafa18ffb1 1108278 librpm3_4.10.1-2.1_amd64.deb
 a94ff401d3440051823f2c0facbeb134ee43f204a864cbcc622a0856ebd53091 1002770 librpmio3_4.10.1-2.1_amd64.deb
 d96b78c76203ab7f8c1df6c4e7ac6b1b69d84742b766fe152cf6207fba863e05 993668 librpmbuild3_4.10.1-2.1_amd64.deb
 1efef1e0413fcdc9322e3449dc767ab3140004fbacbb06d37f5dcfbbaae84082 932870 librpmsign1_4.10.1-2.1_amd64.deb
 fcfff9aececa644e7091a1d65b4bbae67d81988b2c9cdcfefee072b87db76845 985984 librpm-dev_4.10.1-2.1_amd64.deb
 91a79d329ed68560a9cdeda9af69a532d5c2597b70052b8a2dcf56d93c806f91 1006768 python-rpm_4.10.1-2.1_amd64.deb
Files: 
 4fcbf8f7f4baf377261508e406bc2807 2698 admin optional rpm_4.10.1-2.1.dsc
 968b10d34ce7b3b86fd8d3debc2c5dfd 36282 admin optional rpm_4.10.1-2.1.debian.tar.gz
 296af3affe14217ba358afcfbf20d66f 1076690 admin optional rpm_4.10.1-2.1_amd64.deb
 6e1ac10e2c6f911baaf375d65d19a6eb 929214 admin optional rpm2cpio_4.10.1-2.1_amd64.deb
 bbec01eb88c8a439fcffd8e0ac55ac91 949150 admin optional rpm-common_4.10.1-2.1_amd64.deb
 f24c229d55bcd9b20ac2090bc401ae56 1445578 localization optional rpm-i18n_4.10.1-2.1_all.deb
 009def86abc27ca3632da1f4ffd6e910 2323726 debug extra librpm-dbg_4.10.1-2.1_amd64.deb
 e862c8fc7199bf954c0b64ae92a8c38f 1108278 libs optional librpm3_4.10.1-2.1_amd64.deb
 966732279138555fc54006301337e6ca 1002770 libs optional librpmio3_4.10.1-2.1_amd64.deb
 fc0caa8b67c9c70a1f7ed0b7e85d23e9 993668 libs optional librpmbuild3_4.10.1-2.1_amd64.deb
 50091927be9a05e3e6038713785989a5 932870 libs optional librpmsign1_4.10.1-2.1_amd64.deb
 65a7ad1a2a76643449bba7a40db8173f 985984 libdevel extra librpm-dev_4.10.1-2.1_amd64.deb
 3da37b2a3caa271a1ea132f77aa7676d 1006768 python extra python-rpm_4.10.1-2.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJQ6K/BAAoJEHidbwV/2GP+0CYQAI5S0pcCvcYgCDrFq9YMj1ds
iye+xLd5kQJ5eLOkJnS02fIZDE21GbddLkFdcv9MImIeK5U89KdkkRfup1CSJoLF
K2K8V6u5VZk9vQGU5FCHRXwCk7Vvaj/dqwpu43LhyxQS+EZEBpvAHs+VLnyeJBQN
3aBpoLKL8c/Wop3gQ5nWunBzImXdgoHqX9eHGGftDX10n8ReBDTxwLrA3hasssaw
RWvDN/a3OfaHeNl4mb/cq6oFvLZb3tXw4R39yeonnn4hwpwnYJYqLHR9cGYEx3Bj
cSHL+x0isNUOa8LnZGshoHyYolzaSQoci0MWz8j+uJY+TL4puV7FE4lE1AGmhZdM
9njrRO3kvm3apDndh+82NlmzqDJBPCK4Fbn0756SDLEaq77flIY+z0JOCj/qHMMr
YufxpZA4iKokR4B1N1WD/OLrtXwni9Mx4O30xMqgrT6zi7/bHyywxCN3D8wP+4tH
wofl4DReaFmC9pRGYdnXxE8cwbGwzAkwa0j/7ml+sGhNGVrFf9jTUCZdH0Fht6Yg
DHXXWmYOCU2rSKZiw3dEKP7I4cCc+cKODJhYT0h89BAgaoxMuO05XyQg0ptE5hW3
NlzEtoSvgbqe+DauxGklm9J3GeE6PX++onsv+OzbARuZ/jhih4VFGMQslr8fJNEn
oTOIixWPeaJhBBlWSLZc
=VwzX
-----END PGP SIGNATURE-----

Message #51 received at 697375@bugs.debian.org (full text, mbox, reply):

From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: Michal Čihař <nijel@debian.org>, Moritz Muehlenhoff <jmm@inutil.org>, 697375@bugs.debian.org

Subject: Re: Bug#697375: rpm: CVE-2012-6088

Date: Sun, 6 Jan 2013 02:06:51 +0100

Hi Salvatore,

On Sat, Jan 05, 2013 at 11:42:04PM +0100, Salvatore Bonaccorso wrote:
> See Dev-Ref 5.11.1.[1], the 4th and 5th item. I know Michal is quite
> active so I first wanted to confirm with him. And I first at least
> like to express that I intend to NMU before uploading to a delayed
> queue.
> 
> I have now recieved the confirmation from Michal, so will do the
> NMU[2] (without delaying now).
> 
>  [1]: http://www.debian.org/doc/manuals/developers-reference/pkgs.html#nmu-guidelines
>  [2]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697375#27
> 
> Hope that clarifies why I did not do straight the NMU with delayed
> queue :-)

Sure, I am just sometimes worried people forget to work on important
issues.

Thanks for your quick reaction and the upload. And please don't forget
the unblock request for the release team :).

Cheers,

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaubitz@debian.org
`. `'   Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Message #56 received at 697375@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>

Cc: Michal Čihař <nijel@debian.org>, Moritz Muehlenhoff <jmm@inutil.org>, 697375@bugs.debian.org

Subject: Re: Bug#697375: rpm: CVE-2012-6088

Date: Sun, 6 Jan 2013 14:41:12 +0100

[Message part 1 (text/plain, inline)]

Hey Andrian

On Sun, Jan 06, 2013 at 02:06:51AM +0100, John Paul Adrian Glaubitz wrote:
> Hi Salvatore,
> 
> On Sat, Jan 05, 2013 at 11:42:04PM +0100, Salvatore Bonaccorso wrote:
> > See Dev-Ref 5.11.1.[1], the 4th and 5th item. I know Michal is quite
> > active so I first wanted to confirm with him. And I first at least
> > like to express that I intend to NMU before uploading to a delayed
> > queue.
> > 
> > I have now recieved the confirmation from Michal, so will do the
> > NMU[2] (without delaying now).
> > 
> >  [1]: http://www.debian.org/doc/manuals/developers-reference/pkgs.html#nmu-guidelines
> >  [2]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697375#27
> > 
> > Hope that clarifies why I did not do straight the NMU with delayed
> > queue :-)
> 
> Sure, I am just sometimes worried people forget to work on important
> issues.
> 
> Thanks for your quick reaction and the upload. And please don't forget
> the unblock request for the release team :).

Thanks for taking care about these serious issues pending for wheezy!
Indeed I have already filled a tpu unblock request #697483 :-)

As soon I hear back from Release Team I can proceed.

Regards,
Salvatore

[signature.asc (application/pgp-signature, inline)]

Message #61 received at 697375-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 697375-close@bugs.debian.org

Subject: Bug#697375: fixed in rpm 4.10.0-5+deb7u1

Date: Sun, 06 Jan 2013 14:49:27 +0000

Source: rpm
Source-Version: 4.10.0-5+deb7u1

We believe that the bug you reported is fixed in the latest version of
rpm, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 697375@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated rpm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 05 Jan 2013 13:11:49 +0100
Source: rpm
Binary: rpm rpm2cpio rpm-common rpm-i18n librpm-dbg librpm3 librpmio3 librpmbuild3 librpmsign1 librpm-dev python-rpm
Architecture: source amd64 all
Version: 4.10.0-5+deb7u1
Distribution: testing-proposed-updates
Urgency: low
Maintainer: Michal Čihař <nijel@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 librpm-dbg - debugging symbols for RPM
 librpm-dev - RPM shared library, development kit
 librpm3    - RPM shared library
 librpmbuild3 - RPM build shared library
 librpmio3  - RPM IO shared library
 librpmsign1 - RPM signing shared library
 python-rpm - Python bindings for RPM
 rpm        - package manager for RPM
 rpm-common - common files for RPM
 rpm-i18n   - localization and localized man pages for rpm
 rpm2cpio   - tool to convert RPM package to CPIO archive
Closes: 697375
Changes: 
 rpm (4.10.0-5+deb7u1) testing-proposed-updates; urgency=low
 .
   * Non-maintainer upload.
   * Add 0001-Ensure-correct-return-code-on-malformed-signature-in.patch
     [SECURITY] CVE-2012-6088: Ensure correct return code on malformed
     signature in packages. Patch cherry-picked from upstream git repository.
     (Closes: #697375)
Checksums-Sha1: 
 524dffa096d3d7173f9667d1f718001194fc5414 2718 rpm_4.10.0-5+deb7u1.dsc
 58f42356f2f4c681d50d93e863950aee14dbc9d6 36138 rpm_4.10.0-5+deb7u1.debian.tar.gz
 a371f5e8158df9a951f628f5a345ac98455c9ec9 1066956 rpm_4.10.0-5+deb7u1_amd64.deb
 b2a9f57c5a19e217c5397e1edded5466e51ba04e 922646 rpm2cpio_4.10.0-5+deb7u1_amd64.deb
 94aebe22870cec3341de3f83b732241a44672b06 941966 rpm-common_4.10.0-5+deb7u1_amd64.deb
 91048891d509fe6ce1348d564f5ca5984daba3b6 1439802 rpm-i18n_4.10.0-5+deb7u1_all.deb
 27945207c66155a4784c8f3d7884b43793fbad26 2316658 librpm-dbg_4.10.0-5+deb7u1_amd64.deb
 2e7950b43c31b80879e4d4631b827554e15e6a90 1101254 librpm3_4.10.0-5+deb7u1_amd64.deb
 b4c7fb57aa917cac05045825cfdd737b7fac248a 996742 librpmio3_4.10.0-5+deb7u1_amd64.deb
 73f5ed9110655d8640900b7a064a095c9ca4d32f 987116 librpmbuild3_4.10.0-5+deb7u1_amd64.deb
 3e11d7cefe50624ff6bc3bccdb92be5172665bbf 926316 librpmsign1_4.10.0-5+deb7u1_amd64.deb
 f8c0133296522bbbd5093708d040e1814c518862 978668 librpm-dev_4.10.0-5+deb7u1_amd64.deb
 60f683147a1cc25c490dc6cd5bf92e5de05fea8d 999804 python-rpm_4.10.0-5+deb7u1_amd64.deb
Checksums-Sha256: 
 87b14ea39476c764da3a5dab04398b28f84583d06cb91702641eb99847c8105b 2718 rpm_4.10.0-5+deb7u1.dsc
 182f8bb4d480b497a71c84a33761f4e43eda1dee0d7efca079e0c9ee07c7fbcb 36138 rpm_4.10.0-5+deb7u1.debian.tar.gz
 f75003b6507247995a26161f2701524d826787538eb9471ca1bcd16023ea1d2a 1066956 rpm_4.10.0-5+deb7u1_amd64.deb
 6cbe3647a3dfc81e7147abacf8aff38fb31f4b17db155a690e03dd90482a2795 922646 rpm2cpio_4.10.0-5+deb7u1_amd64.deb
 9d5de8e2ac87dc7edc7bee309d21a55d80d8e7070d6b3898074fc79a596a7ced 941966 rpm-common_4.10.0-5+deb7u1_amd64.deb
 9b38c522cee4db7c7bf6ceb12da7eeea117a4bff4dcdd528276b9c297dbf3d25 1439802 rpm-i18n_4.10.0-5+deb7u1_all.deb
 dceadb20e9887b611924b661bb9596ec648525b96f334250b3aba9cbcf955431 2316658 librpm-dbg_4.10.0-5+deb7u1_amd64.deb
 c43e10b867beaaf51874e68f99333c497a56b1072f36b39ea6e46ce432e60caf 1101254 librpm3_4.10.0-5+deb7u1_amd64.deb
 33f3445dfea287c7f87adcb1d3f04c5efeb7de8bf52e2a53fb1412f466562022 996742 librpmio3_4.10.0-5+deb7u1_amd64.deb
 003567f88788176df16d4c9c5bbda50870671b2f0c2e6bd548825233364d648d 987116 librpmbuild3_4.10.0-5+deb7u1_amd64.deb
 fd99b175d08426a30cea3a29fc1d90cd7460d1a1bf4ca9cc7dc0f0ae70f86029 926316 librpmsign1_4.10.0-5+deb7u1_amd64.deb
 00a0eafa5232ad7a9f07e2e4ea1bec3b0ed0131fad65bd186ad3691eb23b0b76 978668 librpm-dev_4.10.0-5+deb7u1_amd64.deb
 835d488acceabcf53db8020c7c5f02041d20e653823004ecf3b9461c13a0f952 999804 python-rpm_4.10.0-5+deb7u1_amd64.deb
Files: 
 80039ef3bb44f3234ba70ded463a82f8 2718 admin optional rpm_4.10.0-5+deb7u1.dsc
 8af82a6fb07a9e9252a889971ad4083b 36138 admin optional rpm_4.10.0-5+deb7u1.debian.tar.gz
 6f053445f22626706e06e1ded8b899b2 1066956 admin optional rpm_4.10.0-5+deb7u1_amd64.deb
 dc4e9f08288c4dd4dbc1fb7807bddd85 922646 admin optional rpm2cpio_4.10.0-5+deb7u1_amd64.deb
 1effe25d4b7112434669c2367fdd8d28 941966 admin optional rpm-common_4.10.0-5+deb7u1_amd64.deb
 f4551ad76f6874019a36971ad86a0271 1439802 localization optional rpm-i18n_4.10.0-5+deb7u1_all.deb
 8b81a4011a96517c100597830757686f 2316658 debug extra librpm-dbg_4.10.0-5+deb7u1_amd64.deb
 adccada5656a948b0ed74fb1ec789477 1101254 libs optional librpm3_4.10.0-5+deb7u1_amd64.deb
 d6745f1ec5ebb560633d821796f73ddc 996742 libs optional librpmio3_4.10.0-5+deb7u1_amd64.deb
 4abf9c2b0abbe1a575764c14170d15f5 987116 libs optional librpmbuild3_4.10.0-5+deb7u1_amd64.deb
 885d240c52e15d87e6532e0568a5f6c2 926316 libs optional librpmsign1_4.10.0-5+deb7u1_amd64.deb
 3510a00f7785b91591a160771ce75582 978668 libdevel extra librpm-dev_4.10.0-5+deb7u1_amd64.deb
 eaefde55c9b8b8c2f8fb2ffaea5a2095 999804 python extra python-rpm_4.10.0-5+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJQ6YiNAAoJEHidbwV/2GP+BAQP+QFp7fJj5iQI/mvA4qwd2PcB
4AmREUBmpQ1izOMB9udcFc1/znei96ib6Y9F21uSUeOnCgctZYjvjfq5bje+cZqG
Ni4WBwUcB+6dqBgEjlm1X4l1BttPB7MX/wHt0o/rEVd3+HTEffO2glTYbsLUdXo2
WJubmL2HxcXi2etgheqlF86vtJxpcigwNb9b/es1pyQ+njkcsr9PlmXFprkgf/kh
M9uzFUT8iHzlb0kUp2PBfb6HM283LvbZEPZeyNhB8Z9XAsQfH5v1lq1hWFjuElxx
UQq5oKDI+AUuXNls2WY+Nmo2echRYcS9dDH3Kkji8t9bgYfbCiTbnlfP5tNHdDMp
3N5wiIydLPb1Z7ZCgm6y7sJm1YwHuqMwRB2N2mq0XklGQdz39FSz9RvBuWYNtLQJ
U1gNijliAOwOol1/yoVWIqF9M1fvJ/kRH+pn2TS6KR3W2ZphJz57NOvA4hpVSUYm
SqneOC06PQiQQMX8/SuoId9fKT5vohl6gFumfN6alVxlFZLfcm9GSsJCzDlPfINK
tMi8iTHi6ezUyzP3sJWP3d8/4hDUv267FOMu22wDZfX7S8T4ibmO2sBG3NhK/CyH
E2NZS9KHByqgbwMSv81OGWjCjOVGsM25CYn42Eozdkx64uBwelcSzmGOmbqxvKpo
Ng0kQd1jITZEs7wrXSBZ
=g0oS
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.