CVE-2009-3736 local privilege escalation

Debian Bug report logs - #559797
CVE-2009-3736 local privilege escalation

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <michael.s.gilbert@gmail.com>

To: submit@bugs.debian.org

Subject: CVE-2009-3736 local privilege escalation

Date: Sun, 6 Dec 2009 23:44:36 -0500

Package: libtool
Severity: grave
Tags: security

Hi,

The following CVE (Common Vulnerabilities & Exposures) id was
published for libtool.

CVE-2009-3736[0]:
| ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b,
| attempts to open a .la file in the current working directory, which
| allows local users to gain privileges via a Trojan horse file.

Note that this problem also affects etch and lenny, so please
coordinate with the security team to release a DSA.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736
    http://security-tracker.debian.org/tracker/CVE-2009-3736

Message #10 received at 559797@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <michael.s.gilbert@gmail.com>

To: 559797@bugs.debian.org

Subject: RFS: libtool 2.2.6b

Date: Tue, 8 Dec 2009 23:42:59 -0500

[Message part 1 (text/plain, inline)]

Hi all,

I have packaged the new version of libtool for unstable.  This fixes
CVE-2009-3736. I am looking for a sponsor for the upload.

The upstream changes are substantial (the diff between 2.2.6a and
2.2.6b is 7.3 MiB, so I have chosen not to attach it).  Instead, I have
attached a diff for my changes to just the debian directory.

If you feel more comfortable building the package yourself, you can
download the new upstream release directly, run 'uupdate -v 2.2.6b',
then apply my diff.  The uupdate applies cleanly.

The package can be found on mentors.debian.net:
- URL: http://mentors.debian.net/debian/pool/main/l/libtool
- Source repository: deb-src http://mentors.debian.net/debian unstable
main contrib non-free
- dget
http://mentors.debian.net/debian/pool/main/l/libtool/libtool_2.2.6b-0+nmu1.dsc

I would be glad if someone uploaded this package for me.

Kind regards,
Mike

[libtool.diff (text/x-diff, attachment)]

Message #15 received at 559797@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: Michael Gilbert <michael.s.gilbert@gmail.com>, 559797@bugs.debian.org

Subject: Re: Bug#559797: RFS: libtool 2.2.6b

Date: Wed, 9 Dec 2009 08:50:38 +0100

On Tue, Dec 08, 2009 at 11:42:59PM -0500, Michael Gilbert wrote:
> Hi all,
> 
> I have packaged the new version of libtool for unstable.  This fixes
> CVE-2009-3736. I am looking for a sponsor for the upload.

Please do not upload this.


Kurt

Message #20 received at 559797@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <michael.s.gilbert@gmail.com>

To: 559797@bugs.debian.org

Subject: Re: Bug#559797: RFS: libtool 2.2.6b

Date: Wed, 9 Dec 2009 10:21:04 -0500

On Wed, 9 Dec 2009 08:50:38 +0100, Kurt Roeckx wrote:
> On Tue, Dec 08, 2009 at 11:42:59PM -0500, Michael Gilbert wrote:
> > Hi all,
> > 
> > I have packaged the new version of libtool for unstable.  This fixes
> > CVE-2009-3736. I am looking for a sponsor for the upload.
> 
> Please do not upload this.

I don't have upload rights since I'm not a DD.  I was just trying to
help get things going.

Mike

Message #25 received at 559797@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <michael.s.gilbert@gmail.com>

To: 559797@bugs.debian.org

Subject: Re: Bug#559797: RFS: libtool 2.2.6b

Date: Wed, 9 Dec 2009 10:46:00 -0500

On Wed, 9 Dec 2009 10:21:04 -0500, Michael Gilbert wrote:
> On Wed, 9 Dec 2009 08:50:38 +0100, Kurt Roeckx wrote:
> > On Tue, Dec 08, 2009 at 11:42:59PM -0500, Michael Gilbert wrote:
> > > Hi all,
> > > 
> > > I have packaged the new version of libtool for unstable.  This fixes
> > > CVE-2009-3736. I am looking for a sponsor for the upload.
> > 
> > Please do not upload this.
> 
> I don't have upload rights since I'm not a DD.  I was just trying to
> help get things going.

Is there a transition going on that this would negatively impact?  Would
it be better to patch 2.2.6a?  If so, the patch is fairly
straightforward, and I can do that relatively quickly.  Just let me
know if you would like me to work on that.

Mike

Message #30 received at 559797@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: Michael Gilbert <michael.s.gilbert@gmail.com>, 559797@bugs.debian.org

Subject: Re: Bug#559797: RFS: libtool 2.2.6b

Date: Wed, 9 Dec 2009 19:22:37 +0100

On Wed, Dec 09, 2009 at 10:46:00AM -0500, Michael Gilbert wrote:
> On Wed, 9 Dec 2009 10:21:04 -0500, Michael Gilbert wrote:
> > On Wed, 9 Dec 2009 08:50:38 +0100, Kurt Roeckx wrote:
> > > On Tue, Dec 08, 2009 at 11:42:59PM -0500, Michael Gilbert wrote:
> > > > Hi all,
> > > > 
> > > > I have packaged the new version of libtool for unstable.  This fixes
> > > > CVE-2009-3736. I am looking for a sponsor for the upload.
> > > 
> > > Please do not upload this.
> > 
> > I don't have upload rights since I'm not a DD.  I was just trying to
> > help get things going.

It's mostly a message to people who would consider sponsoring it.

> Is there a transition going on that this would negatively impact?  Would
> it be better to patch 2.2.6a?  If so, the patch is fairly
> straightforward, and I can do that relatively quickly.  Just let me
> know if you would like me to work on that.

I didn't have time this morning to send a proper reply.

I've been trying to upload a new version of libtool for some weeks
now.  I have a whole bunch of changes ready.  But there is a
regression test failure, which seems to be caused by a change in
gcj (#555801).  That has stopped me from uploading a new version
so far.

Note that 2.2.6a-4 disabled failing to build in case of regression
failures.  I've skipped the test suite errors that were broken at
the time of that upload, but 2 new regression tests failured
showed up in the mean time, and upstream now skips the other.

I think I'm going to upload a version that build-conflicts with
gcj for now.

Anyway, I think the following changes should never be part
of the NMU:
   * Update to standards version 3.8.3.
   * Update to debhelper 5.

This is also just wrong:
+Depends: install-info

It should be "dpkg (>= 1.15.4) | install-info", and you would
have gotten that if you used "Depends: ${misc:Depends}"
instead.

Anyway, there is a patch for libtool 1.5 available too.  If you
want you can upload that to stable/oldstable security.


Kurt

Message #35 received at 559797@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <michael.s.gilbert@gmail.com>

To: 559797@bugs.debian.org

Subject: Re: Bug#559797: RFS: libtool 2.2.6b

Date: Wed, 9 Dec 2009 13:57:28 -0500

On Wed, 9 Dec 2009 19:22:37 +0100, Kurt Roeckx wrote:
> Anyway, I think the following changes should never be part
> of the NMU:
>    * Update to standards version 3.8.3.
>    * Update to debhelper 5.

I suppose I went a bit overboard by fixing the lintian warnings.
Technically, I also shouldn't have packaged a new upstream version in an
nmu either; at least not for a package that is well-maintained ;-)  But
I had some free time to look at this, so I went for it.

> Anyway, there is a patch for libtool 1.5 available too.  If you
> want you can upload that to stable/oldstable security.

I'll go ahead with this.

Thanks,
Mike

Message #40 received at 559797-close@bugs.debian.org (full text, mbox, reply):

From: Kurt Roeckx <kurt@roeckx.be>

To: 559797-close@bugs.debian.org

Subject: Bug#559797: fixed in libtool 2.2.6b-1

Date: Wed, 09 Dec 2009 19:32:59 +0000

Source: libtool
Source-Version: 2.2.6b-1

We believe that the bug you reported is fixed in the latest version of
libtool, which is due to be installed in the Debian FTP archive:

libltdl-dev_2.2.6b-1_amd64.deb
  to main/libt/libtool/libltdl-dev_2.2.6b-1_amd64.deb
libltdl7_2.2.6b-1_amd64.deb
  to main/libt/libtool/libltdl7_2.2.6b-1_amd64.deb
libtool-doc_2.2.6b-1_all.deb
  to main/libt/libtool/libtool-doc_2.2.6b-1_all.deb
libtool_2.2.6b-1.diff.gz
  to main/libt/libtool/libtool_2.2.6b-1.diff.gz
libtool_2.2.6b-1.dsc
  to main/libt/libtool/libtool_2.2.6b-1.dsc
libtool_2.2.6b-1_amd64.deb
  to main/libt/libtool/libtool_2.2.6b-1_amd64.deb
libtool_2.2.6b.orig.tar.gz
  to main/libt/libtool/libtool_2.2.6b.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 559797@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kurt Roeckx <kurt@roeckx.be> (supplier of updated libtool package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 09 Dec 2009 20:05:39 +0100
Source: libtool
Binary: libtool libtool-doc libltdl7 libltdl-dev
Architecture: source all amd64
Version: 2.2.6b-1
Distribution: unstable
Urgency: low
Maintainer: Kurt Roeckx <kurt@roeckx.be>
Changed-By: Kurt Roeckx <kurt@roeckx.be>
Description: 
 libltdl-dev - A system independent dlopen wrapper for GNU libtool
 libltdl7   - A system independent dlopen wrapper for GNU libtool
 libtool    - Generic library support script
 libtool-doc - Generic library support script
Closes: 542190 545687 554821 559797
Changes: 
 libtool (2.2.6b-1) unstable; urgency=low
 .
   * New upstream release
     - Fixes CVE-2009-3736 (Closes: #559797)
   * Skip demo-deplibs.test.  This is basicly the same as
     deplibs_test_disable.patch from the 1.5.26 version.
   * Skip the link-order2.at test.  It has the same problem
     as the deplibs test.
   * Since deplibs-ident.at now passes, just let it return that
     the result is ok.
   * Skip localization test when setlocale is not functional.
   * Renable test suite.
   * Remove the "Apps/" part of the doc-base entry.
   * Change debhelper compatibilty to 7.
   * Replace dh_clean -k with dh_prep
   * Change build dependency of automake to 1.10.1 (Closes: #542190)
   * Add support for GNU/kOpenSolaris (Closes: #545687)
   * Update Standards-Version from 3.8.1 to 3.8.3: No changes required.
   * Add ${misc:Depends} to libtool-doc's Depends so we have proper
     depedencies for it.
   * Build-Conflict against gcj for now, to avoid a regression test
     failure.  See #555801.
   * Symbol versioning works with the GNU gold linker now. (Closes: #554821)
Checksums-Sha1: 
 7767c884ed0e48510edc3ae9835578d103c2da4a 1822 libtool_2.2.6b-1.dsc
 5afa73c8ef9ebe64bbb438a0f8779c9036e43c55 2347317 libtool_2.2.6b.orig.tar.gz
 fdb0290dd0af79eb83051f1ff3bd95ac61d35c64 18551 libtool_2.2.6b-1.diff.gz
 90e45528b7486a22c2da692d03c5c5dc753282b2 510230 libtool-doc_2.2.6b-1_all.deb
 4410fb415498df22f22cef4543c8fada828e0d21 523896 libtool_2.2.6b-1_amd64.deb
 78c6aa6c4546b9f7e406a0c1bf03c38a3408c04f 296084 libltdl7_2.2.6b-1_amd64.deb
 aec2ba0436214a1a2936a2d2c570496b8bfe3398 197334 libltdl-dev_2.2.6b-1_amd64.deb
Checksums-Sha256: 
 f374285fab78cdae16b0d41f154024374a349b9037e137ca131a628695862969 1822 libtool_2.2.6b-1.dsc
 efe133e1014bca96998536f2e565a14fe0fde20cc83ff67135451e4e4e64ad57 2347317 libtool_2.2.6b.orig.tar.gz
 b3d1ff696c2b667ed4e002b7977a20c6faf5e1c47eab5698e4b67ffa162e1a61 18551 libtool_2.2.6b-1.diff.gz
 791b4391fbf101203aad2cfbede4a954168d2d8c80533e2052332b8b3a069378 510230 libtool-doc_2.2.6b-1_all.deb
 b279e51c8ed050493e3f273089c60de31066d78974887f0ca2967306b3929b76 523896 libtool_2.2.6b-1_amd64.deb
 f58647ff2db64935a965d9edf30ea652d218cf98b58899ee4da701822c2f064b 296084 libltdl7_2.2.6b-1_amd64.deb
 af876e5949f4792bbb8b85365f176b01422cd3edecf9396ea80e6b95ec499716 197334 libltdl-dev_2.2.6b-1_amd64.deb
Files: 
 1a477b2692c5ba280479c33d1b464cf1 1822 devel optional libtool_2.2.6b-1.dsc
 07da460450490148c6d2df0f21481a25 2347317 devel optional libtool_2.2.6b.orig.tar.gz
 c0d74de3387b71c390eca599e0bdf1c9 18551 devel optional libtool_2.2.6b-1.diff.gz
 c400204209407a7468f5cf98d3e635a3 510230 doc optional libtool-doc_2.2.6b-1_all.deb
 f574302417b84eb4e95731c0cb1d3be4 523896 devel optional libtool_2.2.6b-1_amd64.deb
 2e804565113d3ffaf619995f2c2687a0 296084 libs optional libltdl7_2.2.6b-1_amd64.deb
 7cf3b4bc73def0cc1f940568945e4bfe 197334 libdevel optional libltdl-dev_2.2.6b-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCgAGBQJLH/oXAAoJEGpMZM6DE7XwOVAP/A8KzQj+p37rHMWizR6RAKh+
LOfnbGcRrfY0LCYD2hlUbQhGoKvtVEFg4kIPH2hIbl6O9qPIcwzKSPBeCiJQ4flz
1uuoSnU25qPRixJ0wfAGgt5V0jlza32L8NAnvvgxCfA0oMlxmK8MOrWKvHzpCpm1
9oO2xP1uLiOVAl4VGdzpoVsNvdwEekMhnAJtLeOC07E5RoVYLmqdzWm8pvcHMjg5
p7MW+7MuqkADrg1UeSIXU8nF0KL8KXRdMC8dJ5red9BR1q0yB6Ly8IUeHWyPrHbT
JYxHctGpe8CgOyPVgDnSMNUoLycV9edtnHB8Yiwhht8VWl05Ghsy0IzK8cm92fn/
Of+HM3kGaNJsO3f7SOqIN7DKpPNrDzMsrsEvPI86KIsivyXw/1+L0zdLVFMwKs7N
i5IBZIyXjaPzzmyo9cWoUocJ8haRf6Nslq8O7E/zBNoDuNFsvOaW/EJ4sIl0kPxc
9NxgJUxcfOD2eO0ymFWVa+5/BC+sFMsEumsndJnnLqWfFIDorSAE5yyFqevc8FnJ
X9akk31SEqc3R21mNhp8mPi41WAJMOUfIUDmMv5pHJ6bJ63kvTKZw8MqQ59u4zfR
fMDAOn4CPNBFIu88LNx4EwaMUdkMY4bf1VmcFP3eKTx7iTey4qhJ4M4SUjoK1/LJ
XxA64egoZEI+bHPFaSD9
=wbry
-----END PGP SIGNATURE-----

Message #45 received at 559797-close@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <michael.s.gilbert@gmail.com>

To: 559797-close@bugs.debian.org

Subject: Bug#559797: fixed in libtool 1.5.22-4+etch4

Date: Sun, 03 Jan 2010 02:13:11 +0000

Source: libtool
Source-Version: 1.5.22-4+etch4

We believe that the bug you reported is fixed in the latest version of
libtool, which is due to be installed in the Debian FTP archive:

libltdl3-dev_1.5.22-4+etch4_i386.deb
  to main/libt/libtool/libltdl3-dev_1.5.22-4+etch4_i386.deb
libltdl3_1.5.22-4+etch4_i386.deb
  to main/libt/libtool/libltdl3_1.5.22-4+etch4_i386.deb
libtool-doc_1.5.22-4+etch4_all.deb
  to main/libt/libtool/libtool-doc_1.5.22-4+etch4_all.deb
libtool_1.5.22-4+etch4.diff.gz
  to main/libt/libtool/libtool_1.5.22-4+etch4.diff.gz
libtool_1.5.22-4+etch4.dsc
  to main/libt/libtool/libtool_1.5.22-4+etch4.dsc
libtool_1.5.22-4+etch4_i386.deb
  to main/libt/libtool/libtool_1.5.22-4+etch4_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 559797@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <michael.s.gilbert@gmail.com> (supplier of updated libtool package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 12 Dec 2009 15:51:35 -0500
Source: libtool
Binary: libtool-doc libltdl3 libtool libltdl3-dev
Architecture: source i386 all
Version: 1.5.22-4+etch4
Distribution: oldstable-security
Urgency: high
Maintainer: Kurt Roeckx <kurt@roeckx.be>
Changed-By: Michael Gilbert <michael.s.gilbert@gmail.com>
Description: 
 libltdl3   - A system independent dlopen wrapper for GNU libtool
 libltdl3-dev - A system independent dlopen wrapper for GNU libtool
 libtool    - Generic library support script
 libtool-doc - Generic library support script
Closes: 559797
Changes: 
 libtool (1.5.22-4+etch4) oldstable-security; urgency=high
 .
   * Non-maintainer upload by the security team.
   * Fixes local privilege escalation vulnerability: CVE-2009-3736
     (closes: #559797).
Files: 
 928acd111c5fef379758412cc69d6955 791 devel optional libtool_1.5.22-4+etch4.dsc
 8e0ac9797b62ba4dcc8a2fb7936412b0 2921483 devel optional libtool_1.5.22.orig.tar.gz
 5479bf2874720d1a57bc051938939c0a 15804 devel optional libtool_1.5.22-4+etch4.diff.gz
 48ef3b50f8af4b55f95ab0537dedeae9 340218 doc optional libtool-doc_1.5.22-4+etch4_all.deb
 2f3cf778e937d324b2082286ac531915 327562 devel optional libtool_1.5.22-4+etch4_i386.deb
 5f0f5afefa54c57ff00a1688b79daaae 168334 libs optional libltdl3_1.5.22-4+etch4_i386.deb
 ff14fcaece7267e5af27ebf077caf5ea 361676 libdevel optional libltdl3-dev_1.5.22-4+etch4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkspwjcACgkQYy49rUbZzlpEjwCglW1ihi+49k38TBlB0vadCgqU
KkAAn2QY7AnDT26r29KkeM34im6Uhy5u
=IjAv
-----END PGP SIGNATURE-----

Message #50 received at 559797-close@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <michael.s.gilbert@gmail.com>

To: 559797-close@bugs.debian.org

Subject: Bug#559797: fixed in libtool 1.5.26-4+lenny1

Date: Sun, 03 Jan 2010 02:14:55 +0000

Source: libtool
Source-Version: 1.5.26-4+lenny1

We believe that the bug you reported is fixed in the latest version of
libtool, which is due to be installed in the Debian FTP archive:

libltdl3-dev_1.5.26-4+lenny1_i386.deb
  to main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_i386.deb
libltdl3_1.5.26-4+lenny1_i386.deb
  to main/libt/libtool/libltdl3_1.5.26-4+lenny1_i386.deb
libtool-doc_1.5.26-4+lenny1_all.deb
  to main/libt/libtool/libtool-doc_1.5.26-4+lenny1_all.deb
libtool_1.5.26-4+lenny1.diff.gz
  to main/libt/libtool/libtool_1.5.26-4+lenny1.diff.gz
libtool_1.5.26-4+lenny1.dsc
  to main/libt/libtool/libtool_1.5.26-4+lenny1.dsc
libtool_1.5.26-4+lenny1_i386.deb
  to main/libt/libtool/libtool_1.5.26-4+lenny1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 559797@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <michael.s.gilbert@gmail.com> (supplier of updated libtool package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 12 Dec 2009 14:33:54 -0500
Source: libtool
Binary: libtool libtool-doc libltdl3 libltdl3-dev
Architecture: source all i386
Version: 1.5.26-4+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Kurt Roeckx <kurt@roeckx.be>
Changed-By: Michael Gilbert <michael.s.gilbert@gmail.com>
Description: 
 libltdl3   - A system independent dlopen wrapper for GNU libtool
 libltdl3-dev - A system independent dlopen wrapper for GNU libtool
 libtool    - Generic library support script
 libtool-doc - Generic library support script
Closes: 559797
Changes: 
 libtool (1.5.26-4+lenny1) stable-security; urgency=high
 .
   * Non-maintainer upload by the security team.
   * Fixes local privilege escalation vulnerability: CVE-2009-3736
     (closes: #559797).
Checksums-Sha1: 
 b7b5d26aa00e0ea318661d49a4dad5a3472df777 1158 libtool_1.5.26-4+lenny1.dsc
 4c1738351736562a951a345e24f233d00953ec0a 2961939 libtool_1.5.26.orig.tar.gz
 471e01aa324b1453ab4dd2390885bd530d246737 15298 libtool_1.5.26-4+lenny1.diff.gz
 4ca72941d147f83d809e9fd0f2a075607ed280a5 353398 libtool-doc_1.5.26-4+lenny1_all.deb
 614be810b51c9b7b9ce8fc8da2f0c76eeb20e009 340266 libtool_1.5.26-4+lenny1_i386.deb
 2e642523da0b3b9dcaca7c2e62bd6699cd880a58 177256 libltdl3_1.5.26-4+lenny1_i386.deb
 4a8c646d907a0410852af0889ac4e994302f6bd0 371688 libltdl3-dev_1.5.26-4+lenny1_i386.deb
Checksums-Sha256: 
 f3e19afe7fd8e286c3b49c308d8f1c0a494d24a4bccf3feaf7409be5d886dced 1158 libtool_1.5.26-4+lenny1.dsc
 1c35ae34fe85aa167bd7ab4bc9f477fe019138e1af62678d952fc43c0b7e2f09 2961939 libtool_1.5.26.orig.tar.gz
 ecdfb355111d0d1a38fa33c1dd27dc526703dc208637a78264be4ab245822ebe 15298 libtool_1.5.26-4+lenny1.diff.gz
 08e793094ee604207129e8c0856a344865f2ef09dc2d293a00150769cb5f608d 353398 libtool-doc_1.5.26-4+lenny1_all.deb
 0c0377e706adaf0156cbc4e11d71c446a730dada8d66ad640d01b55eef40a6ae 340266 libtool_1.5.26-4+lenny1_i386.deb
 276bc8fceabc4b937e8a1fe0947ad953f47eeab09da979f20f9e5b4ce97622ab 177256 libltdl3_1.5.26-4+lenny1_i386.deb
 b5790528903440a3b1d7eff1a89ee18703edd3b54ae5cdaa8e8323306d3d4314 371688 libltdl3-dev_1.5.26-4+lenny1_i386.deb
Files: 
 2c0110d02430920cefe418c00b08e5a3 1158 devel optional libtool_1.5.26-4+lenny1.dsc
 aa9c5107f3ec9ef4200eb6556f3b3c29 2961939 devel optional libtool_1.5.26.orig.tar.gz
 7895536891fe733289193346f1211b1f 15298 devel optional libtool_1.5.26-4+lenny1.diff.gz
 00fdb1c5aacbe2bfd76e974072cecd92 353398 doc optional libtool-doc_1.5.26-4+lenny1_all.deb
 56f624655ef5e058047a9f371260b70d 340266 devel optional libtool_1.5.26-4+lenny1_i386.deb
 d719aec237df6bc5b8d750dec91cbef2 177256 libs optional libltdl3_1.5.26-4+lenny1_i386.deb
 296a45a98910fbf8210ebdddd7a32d3d 371688 libdevel optional libltdl3-dev_1.5.26-4+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAksobN0ACgkQYy49rUbZzlrTugCeLgKAPdLiPg27uCuMgcJPsIR6
mUQAnjjX50JQum/uJjGDwNcwM3zD2q5W
=URzy
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.