Debian Bug report logs -
#887488
openocd: CVE-2018-5704 cross protocol scripting attack
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Electronics Packaging Team <pkg-electronics-devel@lists.alioth.debian.org>:
Bug#887488; Package openocd.
(Wed, 17 Jan 2018 09:54:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Guido Günther <agx@sigxcpu.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Electronics Packaging Team <pkg-electronics-devel@lists.alioth.debian.org>.
(Wed, 17 Jan 2018 09:54:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: openocd
X-Debbugs-CC: team@security.debian.org secure-testing-team@lists.alioth.debian.org
Severity: grave
Tags: important
Hi,
the following vulnerability was published for openocd.
CVE-2018-5704[0]:
| Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use
| HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote
| attackers to conduct cross-protocol scripting attacks, and consequently
| execute arbitrary commands, via a crafted web site.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-5704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5704
Please adjust the affected versions in the BTS as needed.
Marked as found in versions openocd/0.10.0-3.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 17 Jan 2018 11:57:06 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Electronics Packaging Team <pkg-electronics-devel@lists.alioth.debian.org>:
Bug#887488; Package openocd.
(Wed, 17 Jan 2018 12:57:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Jonathan McDowell <noodles@earth.li>:
Extra info received and forwarded to list. Copy sent to Debian Electronics Packaging Team <pkg-electronics-devel@lists.alioth.debian.org>.
(Wed, 17 Jan 2018 12:57:03 GMT) (full text, mbox, link).
Message #14 received at 887488@bugs.debian.org (full text, mbox, reply):
On Wed, Jan 17, 2018 at 10:50:44AM +0100, Guido Günther wrote:
> the following vulnerability was published for openocd.
>
> CVE-2018-5704[0]:
> | Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use
> | HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote
> | attackers to conduct cross-protocol scripting attacks, and consequently
> | execute arbitrary commands, via a crafted web site.
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2018-5704
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5704
>
> Please adjust the affected versions in the BTS as needed.
I see Salvatore has marked this as affecting 0.10.0-3, I'm not sure
there's any reason to believe 0.9.0-1 isn't affected as well but I will
need to check later today. Upstream still seem to be discussing the best
fix but I think at least:
http://openocd.zylin.com/#/c/4335/
and
http://openocd.zylin.com/#/c/4331/
seem appropriate pending anything more complete.
J.
--
Revd Jonathan McDowell, ULC | I've got a trigger inside.
Added tag(s) pending.
Request was from Jonathan McDowell <noodles@earth.li>
to control@bugs.debian.org.
(Thu, 18 Jan 2018 09:54:03 GMT) (full text, mbox, link).
Message sent on
to Guido Günther <agx@sigxcpu.org>:
Bug#887488.
(Thu, 18 Jan 2018 09:54:05 GMT) (full text, mbox, link).
Message #19 received at 887488-submitter@bugs.debian.org (full text, mbox, reply):
tag 887488 pending
thanks
Hello,
Bug #887488 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
https://anonscm.debian.org/cgit/pkg-electronics/openocd.git/commit/?id=ca095a1
---
commit ca095a1fcbf9bc80d4bae493c2833e615b54b51f
Author: Jonathan McDowell <noodles@earth.li>
Date: Thu Jan 18 09:40:26 2018 +0000
Prevent some forms of Cross Protocol Scripting attacks (Closes: #887488)
OpenOCD does not detect when a browser attempts to send data to it using
HTTP POST, allowing for a cross-protocol scripting attack. This is
mitigated by detecting a POST or Host: "command", neither of which are
valid but will come as part of the HTTP POST, and terminating the
telnet connection if they are seen. (CVE-2018-570)
diff --git a/debian/changelog b/debian/changelog
index 2d45901..f451a14 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
-openocd (0.10.0-4) UNRELEASED; urgency=medium
+openocd (0.10.0-4) UNRELEASED; urgency=high
* Bind to localhost by default
+ * Prevent some forms of Cross Protocol Scripting attacks (CVE-2018-5704)
+ (Closes: #887488)
-- Jonathan McDowell <noodles@earth.li> Thu, 18 Jan 2018 09:27:37 +0000
Reply sent
to Jonathan McDowell <noodles@earth.li>:
You have taken responsibility.
(Thu, 18 Jan 2018 19:39:05 GMT) (full text, mbox, link).
Notification sent
to Guido Günther <agx@sigxcpu.org>:
Bug acknowledged by developer.
(Thu, 18 Jan 2018 19:39:05 GMT) (full text, mbox, link).
Message #24 received at 887488-close@bugs.debian.org (full text, mbox, reply):
Source: openocd
Source-Version: 0.10.0-4
We believe that the bug you reported is fixed in the latest version of
openocd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 887488@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonathan McDowell <noodles@earth.li> (supplier of updated openocd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 18 Jan 2018 19:19:47 +0000
Source: openocd
Binary: openocd
Architecture: source amd64
Version: 0.10.0-4
Distribution: sid
Urgency: high
Maintainer: Debian Electronics Packaging Team <pkg-electronics-devel@lists.alioth.debian.org>
Changed-By: Jonathan McDowell <noodles@earth.li>
Description:
openocd - Open on-chip JTAG debug solution for ARM and MIPS systems
Closes: 887488
Changes:
openocd (0.10.0-4) unstable; urgency=high
.
* Bind to localhost by default
* Prevent some forms of Cross Protocol Scripting attacks (CVE-2018-5704)
(Closes: #887488)
Checksums-Sha1:
14a425a8cb92ed3f2ba08d31c086ac3f402b124e 2063 openocd_0.10.0-4.dsc
9cf3862782d6102db455c52ff146d337fb6a6e9e 19808 openocd_0.10.0-4.debian.tar.xz
a84a2a9bd3c66772632ce86a9bf169737256d122 2855268 openocd-dbgsym_0.10.0-4_amd64.deb
dab3d3b0a2e1bfaa0fd434dabd3b90de4fe26353 8720 openocd_0.10.0-4_amd64.buildinfo
c779841a48bbf6739d8a06e39f6e4247c80433eb 2454552 openocd_0.10.0-4_amd64.deb
Checksums-Sha256:
3c21fb8da7fdf9785926697908bd5074932fe4f69e030b41aca59880784848bd 2063 openocd_0.10.0-4.dsc
e2fd7be99a0a8ccc1444cf90562bcdfead3056b03132d9ebd84e1b80832800d5 19808 openocd_0.10.0-4.debian.tar.xz
7617ebbf547e3b26a1e7bbbccec3911f634345731cd6a0555dac1ae3db4c2696 2855268 openocd-dbgsym_0.10.0-4_amd64.deb
994a3e826ec27407350f51ce0973a34e1b6d9f68cff2eb629aedcb18ea0b066f 8720 openocd_0.10.0-4_amd64.buildinfo
00f03d246087d24ccc5c24bebd8d50a397b798463fa092ed55d08597e7d2943d 2454552 openocd_0.10.0-4_amd64.deb
Files:
e82243fa3300f67b263d56eef323b001 2063 embedded optional openocd_0.10.0-4.dsc
377009b0326b627b61ece1a226030bea 19808 embedded optional openocd_0.10.0-4.debian.tar.xz
48302ac2cc0d44e324a8dbba8e393ea4 2855268 debug optional openocd-dbgsym_0.10.0-4_amd64.deb
a432ddc826d3d7949a49c50e517b5777 8720 embedded optional openocd_0.10.0-4_amd64.buildinfo
15f2fc24c1e3fc4e7f88054c55c8a422 2454552 embedded optional openocd_0.10.0-4_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERUuPEyEc/2gMWDpQ/xYvxc8/utEFAlpg9MYACgkQ/xYvxc8/
utGsNA/+O9PCQQqjwPoNIaZS52kBrjYHf9RZodg/y9C6bJ+F0J0WPCgWn4TKdX4o
Xsr1uu8nmHViGC4gj5l4DLa8C1/5ZohBccKVfNyAL5Z/rsHofWTPulxraQ8nWJIU
/lk9CByPxqJLfUVMZYwfjGhWmRvb3yJ989yIuP0VEmTn4letyxkl+vB9jTcrea9k
fG6OcA2mm6H5KkROKiOJsqFDW3hrH9jUfutLz2t/Dac7j+pQJCVqR/EMj++wbvCa
hkEjqGUhM66grgz8Y1YKAbUmkxWNLGsBsL2OISho37FER4vjNJ6s/FpTDJvZrSqa
ttf/IoCWOD+og3OrdwEhi9V4JjPLwpt8xn9Sibz5J99adOLfgu9Ns6D+8X8IQmRU
qbQVOB5R9G5y1st6YJlPVe40CO7Rlb2BG0VbK65f8+rqL7A+5cfVTpvEje+mFbFO
EZYxm78GyYH9xJOC1h/LU5ESyHTMMztPZ70kGqCMOcB2SvMpT07jL/W/0TElvliH
LEAlY45vscJBVtGnMHUNFUHx8qqjBssEhOx7t6Vf7KI5O801BxkjAnqajmlQc7V4
ackf5AT+6xTQDg4C38q5ArYpVYstyfoZLWfR9oKOkC7LzsTwwoXELLiSFqBriBwU
sggsGwX0snpcUOigjGwUgkMAHAvbAwCnhlceMyA87qMUQ0Izi3E=
=4u9v
-----END PGP SIGNATURE-----
Added tag(s) upstream and security.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 18 Jan 2018 19:45:05 GMT) (full text, mbox, link).
Marked as found in versions openocd/0.5.0-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 23 Jan 2018 19:30:09 GMT) (full text, mbox, link).
Reply sent
to Jonathan McDowell <noodles@earth.li>:
You have taken responsibility.
(Fri, 09 Feb 2018 23:51:10 GMT) (full text, mbox, link).
Notification sent
to Guido Günther <agx@sigxcpu.org>:
Bug acknowledged by developer.
(Fri, 09 Feb 2018 23:51:11 GMT) (full text, mbox, link).
Message #33 received at 887488-close@bugs.debian.org (full text, mbox, reply):
Source: openocd
Source-Version: 0.9.0-1+deb8u1
We believe that the bug you reported is fixed in the latest version of
openocd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 887488@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonathan McDowell <noodles@earth.li> (supplier of updated openocd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 18 Jan 2018 14:05:10 +0000
Source: openocd
Binary: openocd
Architecture: source amd64
Version: 0.9.0-1+deb8u1
Distribution: stretch-security
Urgency: high
Maintainer: Uwe Hermann <uwe@debian.org>
Changed-By: Jonathan McDowell <noodles@earth.li>
Description:
openocd - Open on-chip JTAG debug solution for ARM and MIPS systems
Closes: 887488
Changes:
openocd (0.9.0-1+deb8u1) stretch-security; urgency=high
.
* Update debian/gbp.conf to deal with stretch
* Pull "bindto" command from upstream
* Bind to localhost by default
* Prevent some forms of Cross Protocol Scripting attacks (CVE-2018-5704)
(Closes: #887488)
Checksums-Sha1:
6e102d7ec65e63b3532efc88f6c5a27f3005d743 2079 openocd_0.9.0-1+deb8u1.dsc
f57cb48ae09baac7dc6e3961f134317fb1dec290 4970346 openocd_0.9.0.orig.tar.gz
72a0629202620240f46f7a2da0003bf01c24a49b 16008 openocd_0.9.0-1+deb8u1.debian.tar.xz
c2b495c301df9bb73c65b33d9b3f2e1c08d6339a 2613754 openocd-dbgsym_0.9.0-1+deb8u1_amd64.deb
fa5cb2f27380d300b7bf3aa3779015363e19c30b 8973 openocd_0.9.0-1+deb8u1_amd64.buildinfo
8777f2982f08d8c8509dd3127709ff25014ca1ac 2269242 openocd_0.9.0-1+deb8u1_amd64.deb
Checksums-Sha256:
325cd472ae912193f6d6930d8d22259986766c478b49670d01654f60503c52f6 2079 openocd_0.9.0-1+deb8u1.dsc
840ed225216f49f5c07bda8b2cbb5c8384bb4d8724335dcccf26787fa0650513 4970346 openocd_0.9.0.orig.tar.gz
499217f240a4250c57152f7be53f3df714c48eea10b4c65c3b9d6104a14be580 16008 openocd_0.9.0-1+deb8u1.debian.tar.xz
4a8dc913181516f490ca72446bf2fd170e7379a35877d458ec2d29f8c3faee20 2613754 openocd-dbgsym_0.9.0-1+deb8u1_amd64.deb
29cf813309e7642cde5f2307617a86c0beb1557be54ff8ca6cff731764c79b6a 8973 openocd_0.9.0-1+deb8u1_amd64.buildinfo
102d6ffa807be4654648a0b6209ee51cc0c646b50d4f3c3bab739c7ae895252a 2269242 openocd_0.9.0-1+deb8u1_amd64.deb
Files:
676cddf173dd6f3f9343908d230493dd 2079 embedded extra openocd_0.9.0-1+deb8u1.dsc
7973c2c0132b1bb9fb1d12b4534418f4 4970346 embedded extra openocd_0.9.0.orig.tar.gz
b258cc4bc8915eee7e671e5e1a3fb58b 16008 embedded extra openocd_0.9.0-1+deb8u1.debian.tar.xz
47515c006a0adca581b3000f53ac538b 2613754 debug extra openocd-dbgsym_0.9.0-1+deb8u1_amd64.deb
dbf77caa0aeef22c79d8328ac30283b8 8973 embedded extra openocd_0.9.0-1+deb8u1_amd64.buildinfo
1d1b1bec9dc0f391f8ca9a36471dfd06 2269242 embedded extra openocd_0.9.0-1+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERUuPEyEc/2gMWDpQ/xYvxc8/utEFAlpkpIIACgkQ/xYvxc8/
utFReRAAk4qQVAejSrz3yyKoHR/PGY2tNUv7HUXH84y9S+pFSmh5bKrr9kPZa5xN
0pxZH6qex7kYaNLf41qP87t9Laalfk8Nq6RuNePErsiG1KSDsqc4blj4uxM+EARb
OnpVUxgdUUqeT6KVDbOV1vhborqqXwLfTq9ApKqJWyI01v1V17a2GXTgshKDQc9u
XZrkDix/0/O9OwthTSTT581uLVr7Mk/0EYTcM5uF7zVCqM6RMhLmGp3OM+uiJtCf
/lDl9F3FXi2P+yW+CxaLfGzDNoXR1TCnQf8NMH/UV93C7fc7EqCrzbx4B2zOY8rq
Pg/+MG5eLnbHiJxtJu8aMSllW9LFQukI7lKg5bnt1EgW1r/j443RJbpPRpj/sGoR
dD0CFOXBJDC7tcnm6O2Z7pONw7Zz8Ddo7FSxRFSWJsod90wO2hAmLN9hFJiMbIhH
ugnqZfdgClUFyftPk8q39kIbN9MWd9nJR7U0+AxHM4syarYFgkGmkRHbQvURjvYh
cT0kyz5Su/qEuaF1oHpbfu3yDHGwz2pBQC+mwVZkPcx1Ad0lwiBj1Ij4fhB88JQE
hWtF/II28aWEc2+3k+1Hty6e6UiA9e+z0NWKuNn2WouULHV/XXWwT0IowdlBocld
R/N8TxDJEobhEkvjFRYNzqVvl0aPi8BMcrrrfK/B7flUEo34yuQ=
=GT7i
-----END PGP SIGNATURE-----
Reply sent
to Jonathan McDowell <noodles@earth.li>:
You have taken responsibility.
(Sat, 10 Feb 2018 21:09:09 GMT) (full text, mbox, link).
Notification sent
to Guido Günther <agx@sigxcpu.org>:
Bug acknowledged by developer.
(Sat, 10 Feb 2018 21:09:09 GMT) (full text, mbox, link).
Message #38 received at 887488-close@bugs.debian.org (full text, mbox, reply):
Source: openocd
Source-Version: 0.8.0-4+deb7u1
We believe that the bug you reported is fixed in the latest version of
openocd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 887488@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonathan McDowell <noodles@earth.li> (supplier of updated openocd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 21 Jan 2018 18:50:16 +0000
Source: openocd
Binary: openocd
Architecture: source amd64
Version: 0.8.0-4+deb7u1
Distribution: jessie-security
Urgency: high
Maintainer: Uwe Hermann <uwe@debian.org>
Changed-By: Jonathan McDowell <noodles@earth.li>
Description:
openocd - Open on-chip JTAG debug solution for ARM and MIPS systems
Closes: 887488
Changes:
openocd (0.8.0-4+deb7u1) jessie-security; urgency=high
.
* Pull "bindto" command from upstream
* Bind to localhost by default
* Prevent some forms of Cross Protocol Scripting attacks (CVE-2018-5704)
(Closes: #887488)
Checksums-Sha1:
ea25ea54912a0107bbe5151008613c35de388324 1988 openocd_0.8.0-4+deb7u1.dsc
10bf9eeb54e03083cb1a101785b2d69fbdf18f31 3768447 openocd_0.8.0.orig.tar.bz2
8bf26a7464d5206efed3f4acb864fd886dfc4b15 14188 openocd_0.8.0-4+deb7u1.debian.tar.xz
b9dbbd8017407c36a3bf33cf61e6fe2980eecbf3 2216734 openocd_0.8.0-4+deb7u1_amd64.deb
Checksums-Sha256:
a7e7dec7f5b5bbc46b74dd49403ee2f30657c85cd69fba5c803b273d9e0d0222 1988 openocd_0.8.0-4+deb7u1.dsc
5b076c324400ef0198ce6e21616e17f7a1a12f749362821ce0b03ec62c3cd32f 3768447 openocd_0.8.0.orig.tar.bz2
f5c76d8bbb3c8974bc53394f38a7e2b429794a2d99311585b67343bc2c785faa 14188 openocd_0.8.0-4+deb7u1.debian.tar.xz
5220c3dcd7173f6ba6829a804c9370452e2c70719bb43d94b765104819910879 2216734 openocd_0.8.0-4+deb7u1_amd64.deb
Files:
8211174dd0bb672a2085832a37a8ac6a 1988 embedded extra openocd_0.8.0-4+deb7u1.dsc
6d83c34763a5f1d1ac7ad83c5a11f4fb 3768447 embedded extra openocd_0.8.0.orig.tar.bz2
1fd0c3d4532b423d96c4580d2fabf003 14188 embedded extra openocd_0.8.0-4+deb7u1.debian.tar.xz
fe33dfe9a4319b57c9227753d0173c43 2216734 embedded extra openocd_0.8.0-4+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERUuPEyEc/2gMWDpQ/xYvxc8/utEFAlplDFsACgkQ/xYvxc8/
utFk+RAAmWFNG31N4NMIG9bPZq1UMN1SfrnDC7WQxYTvVSvHKozjMtB/Ardc1L+Q
Fp1XnVC2p+9wSt3hcL6KTA8Z2kMdnPsHcwMxJa4urlj5h6TjYLyoa0kWZlNKzscy
MnVHUU2a6t6GpA46U5zZ+aH36hUg+akgPvAbUWQsPrQyn+r2Q9YdOhEajUwBhvE2
Ir3jwGdr7qBUl5YpwjSH0C9HFokiEYtLudCBHnWhzEZSTBOFGd0Xe9vpv9u7ZUay
RoKu/iXr4CO8wvmPPPSA9ghi5M7kVsuj1EoxF1NtdEy0XfGAyHmtSx7RyfHNGpKi
UEvMa3Z+NjeFw+wSTlZ8XwGJxp7kb3zqRd00dI0yn+roUIRicGMgEJhsDUYUcQnH
4aHAeNR5wAYlP6Vn6YqJ4wUDF8Yn590H3qpBX5YP9Nkx7AhCtlaTFmQXBfXCSZjY
CBBsNC1hgu4kjZHdNqIKHGy8rG28XVjUWYCEnpEkGCLutrelCEX/zRNE/++36kcn
hq0M7Ma4wE1fjE0gSKNSTa4GrBlAb69/bUHoYlSleO1vgkh42yJ2Wlm/Y/U4ZdU7
qBtLQNPCp9jSZrfbHWjzr79QBTN7h7EHKfO+RO2Rwad6eWdlGMbRBJeenC4Q+R3n
nbcvEJPXSY5O3jU88FtJNSQj9Sl8EeV21jiIbzKdywKIqawhjF0=
=OuC7
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 05 Jun 2019 08:36:04 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:38:09 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon