CVE-2017-12197: libpam4j: Account check bypass

Debian Bug report logs - #879001
CVE-2017-12197: libpam4j: Account check bypass

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Raphael Hertzog <hertzog@debian.org>

To: submit@bugs.debian.org

Subject: CVE-2017-12197: libpam4j: Account check bypass

Date: Wed, 18 Oct 2017 12:21:44 +0200

Source: libpam4j
Version: 1.4-2
Severity: grave
Tags: security

Hi,

the following vulnerability was published for libpam4j.

CVE-2017-12197[0]: libpam4j: Account check bypass

PAM.authentication() does not call pam_acct_mgmt(). As a consequence, the
PAM account is not properly verified. Any user with a valid password but
with deactivated or disabled account is able to log in.

https://bugzilla.redhat.com/show_bug.cgi?id=1503103

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-12197
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12197

Please adjust the affected versions in the BTS as needed.



-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Message #10 received at 879001@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: 879002@bugs.debian.org

Cc: 879001@bugs.debian.org, Raphael Hertzog <hertzog@debian.org>

Subject: Re: Bug#879002: Should the package be removed?

Date: Fri, 3 Nov 2017 21:19:56 +0100

[Message part 1 (text/plain, inline)]

On Wed, 18 Oct 2017 13:29:19 +0200 Emmanuel Bourg <ebourg@apache.org> wrote:
> Upstream has moved to GitHub [1] and the last update was released in
> 2014 but the security issue is still not fixed [2].
> 
> This was a dependency of Jenkins which is now gone. There is a slim
> chance that this package could be useful again in the future since it's
> a dependency of some Apache projects (Zeppelin, Atlas, Ranger and Knox).
> 
> Emmanuel Bourg
> 
> [1] https://github.com/kohsuke
> [2] https://github.com/kohsuke/libpam4j/issues/18

Apparently Red Hat patched their libpam4j package but they didn't
forward the patch upstream.

https://bugzilla.redhat.com/show_bug.cgi?id=1503103

Actually I agree with Raphael. The software is unmaintained upstream and
unused in Debian. It's rather scary that other projects depend on it,
especially when it comes to security sensitive matters like PAM. In the
end it can always be reintroduced if someone really intends to maintain it.

[signature.asc (application/pgp-signature, attachment)]

Message #15 received at 879001@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Markus Koschany <apo@debian.org>, 879002@bugs.debian.org

Cc: 879001@bugs.debian.org, Raphael Hertzog <hertzog@debian.org>, Emmanuel Bourg <ebourg@apache.org>

Subject: Bug#879002: Patch for CVE-2017-12197

Date: Fri, 3 Nov 2017 21:48:21 +0100

Control: forwarded -1 https://github.com/kohsuke/libpam4j/issues/18
Control: tags -1 + patch upstream

Hi Raphael, Emmanuel and Markus,

On Fri, Nov 03, 2017 at 09:19:56PM +0100, Markus Koschany wrote:
> On Wed, 18 Oct 2017 13:29:19 +0200 Emmanuel Bourg <ebourg@apache.org> wrote:
> > Upstream has moved to GitHub [1] and the last update was released in
> > 2014 but the security issue is still not fixed [2].
> > 
> > This was a dependency of Jenkins which is now gone. There is a slim
> > chance that this package could be useful again in the future since it's
> > a dependency of some Apache projects (Zeppelin, Atlas, Ranger and Knox).
> > 
> > Emmanuel Bourg
> > 
> > [1] https://github.com/kohsuke
> > [2] https://github.com/kohsuke/libpam4j/issues/18
> 
> Apparently Red Hat patched their libpam4j package but they didn't
> forward the patch upstream.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1503103

It's likely that Red Hat just used the approeach as
https://github.com/letonez/libpam4j/commit/84f32f4001fc6bdcc125ccc959081de022d18b6d
and referenced from https://github.com/kohsuke/libpam4j/issues/18 .

The issue arises because "PAM.authentication() does not call
pam_acct_mgmt(). As a consequence, the PAM account is not properly
verified. Any user with a valid password but with deactivated or
disabled account is able to log in.".

The above commit should address that.

Regards,
Salvatore

Message #24 received at 879001@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: 879002@bugs.debian.org, 879001@bugs.debian.org, Raphael Hertzog <hertzog@debian.org>

Subject: Re: Bug#879002: Patch for CVE-2017-12197

Date: Fri, 3 Nov 2017 21:57:43 +0100

[Message part 1 (text/plain, inline)]

Am 03.11.2017 um 21:48 schrieb Salvatore Bonaccorso:
[...]
> It's likely that Red Hat just used the approeach as
> https://github.com/letonez/libpam4j/commit/84f32f4001fc6bdcc125ccc959081de022d18b6d
> and referenced from https://github.com/kohsuke/libpam4j/issues/18 .
> 
> The issue arises because "PAM.authentication() does not call
> pam_acct_mgmt(). As a consequence, the PAM account is not properly
> verified. Any user with a valid password but with deactivated or
> disabled account is able to log in.".
> 
> The above commit should address that.

Hi Salvatore,

Thanks for pointing this out. I asked Red Hat for a clarification
though. It would be interesting to know why this line was commented out
in the first place.

Regards,

Markus

[signature.asc (application/pgp-signature, attachment)]

Message #29 received at 879001@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: 879001@bugs.debian.org

Cc: Salvatore Bonaccorso <carnil@debian.org>

Subject: Re: Bug#879002: Patch for CVE-2017-12197

Date: Tue, 7 Nov 2017 13:54:24 +0100

[Message part 1 (text/plain, inline)]

On Fri, 3 Nov 2017 21:48:21 +0100 Salvatore Bonaccorso
<carnil@debian.org> wrote:
[...]

> It's likely that Red Hat just used the approeach as
> https://github.com/letonez/libpam4j/commit/84f32f4001fc6bdcc125ccc959081de022d18b6d
> and referenced from https://github.com/kohsuke/libpam4j/issues/18 .
> 
> The issue arises because "PAM.authentication() does not call
> pam_acct_mgmt(). As a consequence, the PAM account is not properly
> verified. Any user with a valid password but with deactivated or
> disabled account is able to log in.".
> 
> The above commit should address that.

Hi,

I haven't got a response from Red Hat or upstream yet. I will apply this
patch. It's the only hint so far that makes sense.

Regards,

Markus

[signature.asc (application/pgp-signature, attachment)]

Message #32 received at 879001@bugs.debian.org (full text, mbox, reply):

From: pkg-java-maintainers@lists.alioth.debian.org

To: 879001@bugs.debian.org, 879001-submitter@bugs.debian.org

Subject: Pending fixes for bugs in the libpam4j package

Date: Tue, 07 Nov 2017 13:08:15 +0000

tag 879001 + pending
thanks

Some bugs in the libpam4j package are closed in revision
038e3a06fe88fddc9c7709a1cfe2d6d8eb4dfdbd in branch 'master' by Markus
Koschany

The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-java/libpam4j.git/commit/?id=038e3a0

Commit message:

    Fix CVE-2017-12197
    
    Closes: #879001

Message #42 received at 879001-close@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: 879001-close@bugs.debian.org

Subject: Bug#879001: fixed in libpam4j 1.4-3

Date: Tue, 07 Nov 2017 13:19:54 +0000

Source: libpam4j
Source-Version: 1.4-3

We believe that the bug you reported is fixed in the latest version of
libpam4j, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 879001@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <apo@debian.org> (supplier of updated libpam4j package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 07 Nov 2017 13:40:55 +0100
Source: libpam4j
Binary: libpam4j-java libpam4j-java-doc
Architecture: source
Version: 1.4-3
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libpam4j-java - Java binding for libpam.so
 libpam4j-java-doc - Documentation for Java binding for libpam.so
Closes: 879001
Changes:
 libpam4j (1.4-3) unstable; urgency=high
 .
   * Team upload.
   * Fix CVE-2017-12197 (Closes: #879001):
     It was discovered that libpam4j does not call pam_acct_mgmt().
     As a consequence, the PAM account is not properly
     verified. Any user with a valid password but with deactivated or
     disabled account was able to log in.
Checksums-Sha1:
 09cf4f00202a0e858f4dab4b5987989bc14c73a6 2260 libpam4j_1.4-3.dsc
 082cf148e4d423e647c598863f02bc375c3ca234 4956 libpam4j_1.4-3.debian.tar.xz
 60496ca22fd92cea6f78a1891fbfc23602edc0ad 16230 libpam4j_1.4-3_amd64.buildinfo
Checksums-Sha256:
 7e0bf2e67bc7320e3983d9c80d581fd118b822951e78c75b7e913f959bf5203b 2260 libpam4j_1.4-3.dsc
 0b1e66a7958dc008d2eeffff21c98df531fd804c3ff3733e1637051fba8f5b5d 4956 libpam4j_1.4-3.debian.tar.xz
 f7cada6ddf911f4643cc0f47330da436d29b28650fcba4b3b7a0da61dd90d726 16230 libpam4j_1.4-3_amd64.buildinfo
Files:
 8ea6b153c05b0193a1413d17fc18dfda 2260 java optional libpam4j_1.4-3.dsc
 e8a77cfa527236beb2c464dd2f827292 4956 java optional libpam4j_1.4-3.debian.tar.xz
 350d738fbac170aaa49a3f0431a861fb 16230 java optional libpam4j_1.4-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloBsBNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk1rAP/1kYubmlK59X+ZHfTYTRn8T7peSo3A32fPuk
eVw8tPOFXONWrZnVkWWt+sDGCA4OGAbTXlby0iLFiwrnMB4FyQ/kyvZvF2vBFstE
C79fg6oZg3rZUJqQguNB1JhcMWax/3OKgCsvO0VWGxXaVcXCI2RVT8jik0ObN99s
vTpXfQ10J9fHwYXq/CZ7E0Wx1l3vxBexAwqcrEPJAk060S1KziM4L4l57SDGxTsY
42SY1IsnSlnA42GNcZeV2A6Zi7ATgH0sL1HEeIFvU/zXO0zt8JBAS9N839/NiUVU
uc45q6umpILA2p0l8EFxFsnI79+1fwvUPmU3iQVhjjszEdEs5uA+sMLSeMr04e4r
YzwOggTGCfoKgSglHMdpK1Bhd63H4/in17LSQAYZfeqOxPsYEjWlMBPxqWKvA5AF
HqRj6mxf676mB5NMFCI0V7vcnXP5KKAyMy2jk7bJzdn5laR45FACaAwwLoauAuRE
BTUGRCejQvb1RoKMJ3V0i7HtiCDBSfi1yD8BZLlxFg8EFCBaVEU5pDRTdz/C5MEu
gvFJXP6gCdFYU/Ke0kRKdKUwv4ceZG5jmfmk/+rTdSVAOnRax597s5J4c/Lk3+lN
OvR52erfxXYEes/LftiGmORnlLhy5da/06WB+PwMfgdaSgu3ChDcr8thMtWo2qqO
V4eOBdie
=F+Bf
-----END PGP SIGNATURE-----

Message #47 received at 879001-close@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: 879001-close@bugs.debian.org

Subject: Bug#879001: fixed in libpam4j 1.4-2+deb9u1

Date: Sun, 12 Nov 2017 15:33:08 +0000

Source: libpam4j
Source-Version: 1.4-2+deb9u1

We believe that the bug you reported is fixed in the latest version of
libpam4j, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 879001@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <apo@debian.org> (supplier of updated libpam4j package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 07 Nov 2017 18:22:33 +0100
Source: libpam4j
Binary: libpam4j-java libpam4j-java-doc
Architecture: source all
Version: 1.4-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libpam4j-java - Java binding for libpam.so
 libpam4j-java-doc - Documentation for Java binding for libpam.so
Closes: 879001
Changes:
 libpam4j (1.4-2+deb9u1) stretch-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2017-12197 (Closes: #879001):
     It was discovered that libpam4j does not call pam_acct_mgmt().
     As a consequence, the PAM account is not properly
     verified. Any user with a valid password but with deactivated or
     disabled account was able to log in.
Checksums-Sha1:
 38444a2fefe56f6cabc4dd567f4efe54e2fe4554 2288 libpam4j_1.4-2+deb9u1.dsc
 1335e34fba33ab2531265ced9dbd58295476a81c 6880 libpam4j_1.4.orig.tar.gz
 07264c172fb3c2a3d38dc1fe20de7971f5600925 4972 libpam4j_1.4-2+deb9u1.debian.tar.xz
 0f865e8ae403483ef7c43b1f62cf4b7e776cdb8b 24244 libpam4j-java-doc_1.4-2+deb9u1_all.deb
 fa5629353cf55dcb7314e6db74305ccd20e5266d 14700 libpam4j-java_1.4-2+deb9u1_all.deb
 593a7e896bf0502374707fbed462a0bb6fb27c7e 15358 libpam4j_1.4-2+deb9u1_amd64.buildinfo
Checksums-Sha256:
 07dcae78f87e001357eb2069e2d15e507bdb549d286c6fca9c7d5c72445d0028 2288 libpam4j_1.4-2+deb9u1.dsc
 83e738e7e6d5055adaaffccd0caa10ba03a13ea59bd016f9bb4d1306c7c3f550 6880 libpam4j_1.4.orig.tar.gz
 4b6e024b12ce4d74df81629232a3d141a3d04686c0c970b26169c25235f9a79e 4972 libpam4j_1.4-2+deb9u1.debian.tar.xz
 4d5c2f6cbb0343f716c8c7c9624b51af67e5c3b913a4b1417e8e6eca9827b42d 24244 libpam4j-java-doc_1.4-2+deb9u1_all.deb
 0ef43ba693ad70971831067cb2cee8bc468a62ce39082cd85ee1ad99a230a293 14700 libpam4j-java_1.4-2+deb9u1_all.deb
 b5f52537fe8ef42151ed910e7ba2ec2e319653b64c8ddb847d00606dff238b79 15358 libpam4j_1.4-2+deb9u1_amd64.buildinfo
Files:
 91e2e8ec5d74c90ad95de50993d04428 2288 java optional libpam4j_1.4-2+deb9u1.dsc
 20d90b25f700a559f022d870682f5659 6880 java optional libpam4j_1.4.orig.tar.gz
 600f666da593a215305beb5b7b39639d 4972 java optional libpam4j_1.4-2+deb9u1.debian.tar.xz
 9d048975b9c086de3f4783f563f8ad70 24244 doc optional libpam4j-java-doc_1.4-2+deb9u1_all.deb
 d3262cc040d409901e683edaa870f90b 14700 java optional libpam4j-java_1.4-2+deb9u1_all.deb
 1fb1f71ffbef837f868e93ed708c7aaf 15358 java optional libpam4j_1.4-2+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloB7ZdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk2UoQAJp9fN63hWiZb853UHStVM+sOgPL6f1fzV3V
+kJkIX+gN4kgvfx31FiUb6M0YSN+9qHfKOYuoAZ337blPoG+u/UpM6gVt+Px5Uuz
J91S37HNY93trSrd/wzaEF4hy9bzOJYlaM0yd0oGpAhN+lSuJYDqaxIW7kkckcRF
D9C8gdrVtJvfwi1/IuurMMLA4iIDb87bkPFZiDFoK+HSGyuMzuX0yHK4dIr8H+5N
5rncF32Cyr+G/SFQcYoAlRsCKTWamOrzp647BI6iA1VLuN8XW3rWoiOkTsZH09at
X23+Nuybn7q0Ro+fM7cEN7MvqbXGTLY6aKw1rKOOivvZwFCSCFXTStMeBPPNZm3I
0OuDfYEj3ERWNp7PwPIXgSMffxVl0riUsKlpbcPqRhPnnfCQuD2dLrQ1f4+CgTk2
tqRuKCgxs0LWvfB+mtnfjh5PAdYtAwIJwusKBc8bHTTUyZyWNH39S3dYWICcAXDf
HfmLvV9ZnvwVDNL29sQrkX63OiGRCxDb9pnO9OCw2f929zOwsHJQdJeV3S4Ql1F+
lWbx65cLt2OL/51XW1uD4xYu5Nun0tFLrxSwzXXBZQsD1gL3Q9usUWYnNm5jB+xI
ItR5lYEKMMSFlgw3sEi5hqvsIxU0I5booKdOKZX0hXlLY0YVqs/jbhAM/bTQIfOd
5nQe4fSO
=6xcV
-----END PGP SIGNATURE-----

Message #52 received at 879001-close@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: 879001-close@bugs.debian.org

Subject: Bug#879001: fixed in libpam4j 1.4-2+deb8u1

Date: Sat, 18 Nov 2017 22:19:23 +0000

Source: libpam4j
Source-Version: 1.4-2+deb8u1

We believe that the bug you reported is fixed in the latest version of
libpam4j, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 879001@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <apo@debian.org> (supplier of updated libpam4j package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 07 Nov 2017 13:40:55 +0100
Source: libpam4j
Binary: libpam4j-java libpam4j-java-doc
Architecture: source all
Version: 1.4-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libpam4j-java - Java binding for libpam.so
 libpam4j-java-doc - Documentation for Java binding for libpam.so
Closes: 879001
Changes:
 libpam4j (1.4-2+deb8u1) jessie-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2017-12197 (Closes: #879001):
     It was discovered that libpam4j does not call pam_acct_mgmt().
     As a consequence, the PAM account is not properly
     verified. Any user with a valid password but with deactivated or
     disabled account was able to log in.
Checksums-Sha1:
 105d9b87b0572ff220531668a544997812788ac6 2288 libpam4j_1.4-2+deb8u1.dsc
 1335e34fba33ab2531265ced9dbd58295476a81c 6880 libpam4j_1.4.orig.tar.gz
 2500657ab3ebc3545fa6d3e45feac626a6e8c3e6 4980 libpam4j_1.4-2+deb8u1.debian.tar.xz
 2c0ed786161a14cab91cf296adc0c076ca7827d9 14868 libpam4j-java_1.4-2+deb8u1_all.deb
 618779d577c23c5dd835c339013955f2024d7a11 129648 libpam4j-java-doc_1.4-2+deb8u1_all.deb
Checksums-Sha256:
 5fae6bbd99b2cf248270243c6cec0d56e740d618c75bc24032555b20af4c175c 2288 libpam4j_1.4-2+deb8u1.dsc
 83e738e7e6d5055adaaffccd0caa10ba03a13ea59bd016f9bb4d1306c7c3f550 6880 libpam4j_1.4.orig.tar.gz
 7614b9fab4a0102f6dd2a30ed6d76781aea31955f35839513c4a858a06307dc2 4980 libpam4j_1.4-2+deb8u1.debian.tar.xz
 f7fa3cea0a66abaa813daab57eb3be02de07bd23d2a21049699ab0b1c2a77c7d 14868 libpam4j-java_1.4-2+deb8u1_all.deb
 82920e6410269ca366f4dc17d8c38701fff12abe14a7721b68adbc3afd2e42d9 129648 libpam4j-java-doc_1.4-2+deb8u1_all.deb
Files:
 e8fbbb11541dce6adc63149f509dbcf4 2288 java optional libpam4j_1.4-2+deb8u1.dsc
 20d90b25f700a559f022d870682f5659 6880 java optional libpam4j_1.4.orig.tar.gz
 33b0e775cee4e845cb9e45e42e5b7865 4980 java optional libpam4j_1.4-2+deb8u1.debian.tar.xz
 8d3f16b7266b1a7e1f2ad5413252811b 14868 java optional libpam4j-java_1.4-2+deb8u1_all.deb
 8b6f74c2a9b50b6ed9071b4c83a9121f 129648 doc optional libpam4j-java-doc_1.4-2+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloB63JfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkqsgP/jCDxC83xF0xTVu25R8TMEA/WqSIzjbb1hQO
IrY6AiIJUrL+r6H32AQ9MvUZoQfGtFeQ/EiYUlewHvKGhC+XKcKeaLTMXHJ00hGw
+s1Gu/Q6hTi5a/yuWh5rhVi2UE+aKlHJv1gJwXDn8w0FyBBrtReKvY66EaGi+tgk
S3RjuMY8RUMeaThuxUYKEGxfQWRniO/l95VyL1+92rc2YfOj82NRe0GsDf2p8lZk
VhCuHSeqE03HcPHc91sMkHq0CLOCwHErMSxAyvaKS33jxy1xJqnVoRbOTTi2yJGO
kliPCZcm2FrABpCmC6GQH1OLVpinuIhmHY0WwfV0zuw8ALyw8I1vpnrJ+b32d7Pl
o3D/Ir3p6PcsAVja6hmbDzFbQKAhe9l/MDezQcfAVl5tJ49g8NtIV1p4C47hpBpO
ezcJfeFM6rtIVJs8ocd8VQcCuWW7LlrBXd+/azQkzgbT2mcO2u6//lWxR3V1a9p7
0UMcRKbIWMBza+4OqDMK7sRkpOEq+QPWvmOcM3IaCEYW3DU0BOtM+sjBObwZQlqR
JcaKGlZ/ceHMLzJwQoZkaMXw0xutfD60iUu2ZhtGvLbwyQXQJCE8ISBpzo3ytAld
+OMv3FhGdnrtF9F9vf95yvn78bTYHFeyp7/JI3ypP17hJuk7o9d/EeMMmdlsBDx1
B7lE5Kmd
=shRh
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.