CVE-2009-1391: Buffer overflow in Compress::Raw::Zlib

Debian Bug report logs - #532736
CVE-2009-1391: Buffer overflow in Compress::Raw::Zlib

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Stefan Fritsch <sf@sfritsch.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2009-1391: Buffer overflow in Compress::Raw::Zlib

Date: Thu, 11 Jun 2009 10:00:08 +0200

Package: perl
Version: 5.10.0-19
Severity: grave
Tags: security
Justification: user security hole

A security vulnverability was found in Compress::Raw::Zlib:

Compress::Raw::Zlib versions before 2.017 contain a buffer overflow in
inflate(). A badly formed zlib-stream can trigger this buffer overflow and cause
the perl process at least to hang or to crash.

This causes a remote DoS in amavisd-new.

The perl package in lenny and sid contains Compress::Raw::Zlib 2.008.
There is also a separate package libcompress-raw-zlib-perl

More information can be found at
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1391

Message #10 received at 532736@bugs.debian.org (full text, mbox, reply):

From: Niko Tyni <ntyni@debian.org>

To: Stefan Fritsch <sf@sfritsch.de>, 532736@bugs.debian.org, 532738@bugs.debian.org

Cc: team@security.debian.org

Subject: Re: Bug#532736: CVE-2009-1391: Buffer overflow in Compress::Raw::Zlib

Date: Thu, 11 Jun 2009 12:42:12 +0300

On Thu, Jun 11, 2009 at 10:00:08AM +0200, Stefan Fritsch wrote:
> Package: perl
> Version: 5.10.0-19
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> A security vulnverability was found in Compress::Raw::Zlib:
> 
> Compress::Raw::Zlib versions before 2.017 contain a buffer overflow in
> inflate(). A badly formed zlib-stream can trigger this buffer overflow and cause
> the perl process at least to hang or to crash.
> 
> This causes a remote DoS in amavisd-new.
> 
> The perl package in lenny and sid contains Compress::Raw::Zlib 2.008.
> There is also a separate package libcompress-raw-zlib-perl
> 
> More information can be found at
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1391

Thanks.

My preliminary understanding is that the minimal fix could be just this hunk:

--- Compress-Raw-Zlib-2.015/Zlib.xs	2008-09-03 22:42:10.000000000 +0100
+++ Compress-Raw-Zlib-2.017/Zlib.xs	2009-04-04 13:09:59.000000000 +0100
@@ -1322,7 +1322,7 @@ inflate (s, buf, output, eof=FALSE)
     while (RETVAL == Z_OK) {
         if (s->stream.avail_out == 0 ) {
 	    /* out of space in the output buffer so make it bigger */
-            Sv_Grow(output, SvLEN(output) + bufinc) ;
+            Sv_Grow(output, SvLEN(output) + bufinc +1) ;
             cur_length += increment ;
             s->stream.next_out = (Bytef*) SvPVbyte_nolen(output) + cur_length ;
             increment = bufinc ;

but I'm not quite sure if we also need the "Only setup the stream output
pointers if there is spare capacity in the outout SV" part in

 http://search.cpan.org/diff?from=Compress-Raw-Zlib-2.015&to=Compress-Raw-Zlib-2.017#Zlib.xs 

This needs further investigation. Help would be welcome.
-- 
Niko Tyni   ntyni@debian.org

Message #15 received at 532736@bugs.debian.org (full text, mbox, reply):

From: Niko Tyni <ntyni@debian.org>

To: Stefan Fritsch <sf@sfritsch.de>, 532736@bugs.debian.org, 532738@bugs.debian.org

Cc: team@security.debian.org

Subject: Re: Bug#532736: CVE-2009-1391: Buffer overflow in Compress::Raw::Zlib

Date: Fri, 12 Jun 2009 00:00:11 +0300

[Message part 1 (text/plain, inline)]

On Thu, Jun 11, 2009 at 12:42:12PM +0300, Niko Tyni wrote:
> On Thu, Jun 11, 2009 at 10:00:08AM +0200, Stefan Fritsch wrote:
> > Package: perl
> > Version: 5.10.0-19
> > Severity: grave
> > Tags: security
> > Justification: user security hole

> > Compress::Raw::Zlib versions before 2.017 contain a buffer overflow in
> > inflate(). A badly formed zlib-stream can trigger this buffer overflow and cause
> > the perl process at least to hang or to crash.

> > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1391

> My preliminary understanding is that the minimal fix could be just this hunk:

> -            Sv_Grow(output, SvLEN(output) + bufinc) ;
> +            Sv_Grow(output, SvLEN(output) + bufinc +1) ;

> but I'm not quite sure if we also need the "Only setup the stream output
> pointers if there is spare capacity in the outout SV" part in
> 
>  http://search.cpan.org/diff?from=Compress-Raw-Zlib-2.015&to=Compress-Raw-Zlib-2.017#Zlib.xs 

It now seems to me that the latter part is only relevant with the
LIMIT_OUTPUT functionality first introduced in 2.015. So it shouldn't
be needed for the Lenny security updates.

(I've found no way to pass the function an output buffer for appending
 that's already full to the last byte on the C side. So there should
 always be enough room in the buffer at the initialization phase.)

I've verified that the minimal off-by-one fix above (attached for
convenience) removes the valgrind error in the original proof of concept
(available at https://bugzilla.redhat.com/attachment.cgi?id=346729).

The attached version of the patch applies against
libcompress-raw-zlib-perl/2.012-1 as is, and against
ext/Compress/Raw/Zlib/Zlib.xs in perl/5.10.0-19 with minimal fuzz.

The issue doesn't affect Etch AFAICS, as Compress-Raw-Zlib was only
introduced in the Perl core in the 5.9 development line, and the separate
libcompress-raw-zlib-perl package wasn't present in Etch.

Security team, I'd love to have some confirmation on all this. I'll make
my best to get the fix into sid in the weekend, hopefully Friday night.

@pkg-perl: if somebody wants to handle the separate package, be my
guest. I'll prioritize the perl package and will look at the other one
afterwards if necessary.

Cheers,
-- 
Niko Tyni   ntyni@debian.org

[0001-minimal-fix-for-CVE-2009-1391.patch (text/x-diff, attachment)]

Message #20 received at 532736@bugs.debian.org (full text, mbox, reply):

From: Niko Tyni <ntyni@debian.org>

To: Stefan Fritsch <sf@sfritsch.de>, 532736@bugs.debian.org, 532738@bugs.debian.org

Cc: team@security.debian.org

Subject: Re: Bug#532736: CVE-2009-1391: Buffer overflow in Compress::Raw::Zlib

Date: Fri, 12 Jun 2009 23:16:54 +0300

On Fri, Jun 12, 2009 at 12:00:11AM +0300, Niko Tyni wrote:
> 
> > > Compress::Raw::Zlib versions before 2.017 contain a buffer overflow in
> > > inflate(). A badly formed zlib-stream can trigger this buffer overflow and cause
> > > the perl process at least to hang or to crash.
> 
> > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1391

> Security team, I'd love to have some confirmation on all this. I'll make
> my best to get the fix into sid in the weekend, hopefully Friday night.
 
Just uploaded perl/5.10.0-23 with the minimal fix and urgency=high.

> @pkg-perl: if somebody wants to handle the separate package, be my
> guest. I'll prioritize the perl package and will look at the other one
> afterwards if necessary.

For the benefit of testing migration, I suggest a minimal 2.015-2 upload
for libcompress-raw-zlib-perl too, despite the newer upstream version
already pending in the pkg-perl SVN repository.

The libio-compress-zlib-perl, libcompress-raw-zlib-perl, and
libio-compress-base-perl versions are currently tightly coupled and
updating libcompress-raw-zlib-perl past 2.015 will need changes to the
other ones too.

I'll prepare a security perl upload for lenny next, probably tomorrow.

Cheers,
-- 
Niko Tyni   ntyni@debian.org

Message #25 received at 532736-close@bugs.debian.org (full text, mbox, reply):

From: Niko Tyni <ntyni@debian.org>

To: 532736-close@bugs.debian.org

Subject: Bug#532736: fixed in perl 5.10.0-23

Date: Fri, 12 Jun 2009 21:18:01 +0000

Source: perl
Source-Version: 5.10.0-23

We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive:

libcgi-fast-perl_5.10.0-23_all.deb
  to pool/main/p/perl/libcgi-fast-perl_5.10.0-23_all.deb
perl-doc_5.10.0-23_all.deb
  to pool/main/p/perl/perl-doc_5.10.0-23_all.deb
perl-modules_5.10.0-23_all.deb
  to pool/main/p/perl/perl-modules_5.10.0-23_all.deb
perl_5.10.0-23.diff.gz
  to pool/main/p/perl/perl_5.10.0-23.diff.gz
perl_5.10.0-23.dsc
  to pool/main/p/perl/perl_5.10.0-23.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 532736@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Niko Tyni <ntyni@debian.org> (supplier of updated perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 12 Jun 2009 21:26:18 +0300
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug perl-suid libperl5.10 libperl-dev perl
Architecture: all source 
Version: 5.10.0-23
Distribution: unstable
Urgency: high
Maintainer: Brendan O'Dea <bod@debian.org>
Changed-By: Niko Tyni <ntyni@debian.org>
Closes: 526974 532736
Description:
 libcgi-fast-perl - CGI::Fast Perl module
 libperl5.10 - Shared Perl library
 libperl-dev - Perl library: development files
 perl-base  - minimal Perl system
 perl-debug - Debug-enabled Perl interpreter
 perl-doc   - Perl documentation
 perl       - Larry Wall's Practical Extraction and Report Language
 perl-modules - Core Perl modules
 perl-suid  - Runs setuid Perl scripts
Changes:
 perl (5.10.0-23) unstable; urgency=high
 .
   * Don't try to check nonexistent .ph files: the kFreeBSD port
     doesn't have <asm/termios.h>. (Closes: #526974)
   * [SECURITY] CVE-2009-1391: Fix a buffer overflow in Compress::Raw::Zlib.
     (Closes: #532736)
Checksums-Sha1: 
 223d75a94fc3ff8abb3b3be2ca2185fd6a10cc75 8218660 perl-doc_5.10.0-23_all.deb
 53aab37e52a350cd4b173f3ce4e2603206f7b2b8 167952 perl_5.10.0-23.diff.gz
 6e3fe2367ab8b786860eada2cd464211807553ca 48486 libcgi-fast-perl_5.10.0-23_all.deb
 83abcb070c2a50ec8999d624498172514bc8df0f 3198274 perl-modules_5.10.0-23_all.deb
 f2ec44c921ec746bad5b314fde6b80500536c00f 1340 perl_5.10.0-23.dsc
Checksums-Sha256: 
 1c83b9fd8632353e4baaacdf5c4ba7be8d3bca64a17a3d66f9c3bdeec43b6b73 1340 perl_5.10.0-23.dsc
 300d0d63b25f10393799f7c0a67912da443c86d46c88ab8faf6d2bfce5e9013a 3198274 perl-modules_5.10.0-23_all.deb
 6f5c898d9e45b6350cd52340f064a407dada671792bb74016fe3f9837f51849f 48486 libcgi-fast-perl_5.10.0-23_all.deb
 7a216d6bc0586f78353d8891e94485d0b32300dd703830764ecada25500ee4c6 167952 perl_5.10.0-23.diff.gz
 c85c085c3314f43016193ea88868cf27324f1d2f40a13dd8e654ef35d0a96446 8218660 perl-doc_5.10.0-23_all.deb
Files: 
 02b34ce32c57629fa3990cdba7a25e5f 8218660 doc optional perl-doc_5.10.0-23_all.deb
 1e10d9c6f54742c615ee7d95d0fdf149 1340 perl standard perl_5.10.0-23.dsc
 90aae52e1002fa12767de88890157d8a 48486 perl optional libcgi-fast-perl_5.10.0-23_all.deb
 ae4cd5a66b5bb45066353a35268fb3a2 3198274 perl standard perl-modules_5.10.0-23_all.deb
 f21b58a0cabb10c348e8b055ebc032aa 167952 perl standard perl_5.10.0-23.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkoyp1MACgkQiyizGWoHLTnZjwCbBpDWlMYJmzX3sMicYlAscuSI
n5kAoIlUf/nKAV/g0Ybdn1Gx3c+3oXdH
=U1GT
-----END PGP SIGNATURE-----

Message #30 received at 532736@bugs.debian.org (full text, mbox, reply):

From: Niko Tyni <ntyni@debian.org>

To: Stefan Fritsch <sf@sfritsch.de>, 532736@bugs.debian.org, 532738@bugs.debian.org

Cc: team@security.debian.org

Subject: Re: Bug#532736: CVE-2009-1391: Buffer overflow in Compress::Raw::Zlib

Date: Sat, 13 Jun 2009 22:43:55 +0300

[Message part 1 (text/plain, inline)]

On Fri, Jun 12, 2009 at 11:16:54PM +0300, Niko Tyni wrote:

> > > > Compress::Raw::Zlib versions before 2.017 contain a buffer overflow in
> > > > inflate(). A badly formed zlib-stream can trigger this buffer overflow and cause
> > > > the perl process at least to hang or to crash.
> > 
> > > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1391
 
> Just uploaded perl/5.10.0-23 with the minimal fix and urgency=high.
 
libcompress-raw-zlib-perl 2.015-2 with the fix is now in incoming as well.

Security team: I'm attaching proposed debdiffs for stable updates.
Do you agree that this fix is sufficient? Shall I go ahead and upload?

Cheers,
-- 
Niko Tyni   ntyni@debian.org

[perl_5.10.0-19lenny1.debdiff (text/plain, attachment)]

[libcompress-raw-zlib-perl_2.012-1lenny1.debdiff (text/plain, attachment)]

Message #35 received at 532736@bugs.debian.org (full text, mbox, reply):

From: Niko Tyni <ntyni@debian.org>

To: Stefan Fritsch <sf@sfritsch.de>, 532736@bugs.debian.org, 532738@bugs.debian.org

Cc: team@security.debian.org

Subject: Re: Bug#532736: CVE-2009-1391: Buffer overflow in Compress::Raw::Zlib

Date: Sun, 14 Jun 2009 23:50:24 +0300

On Sat, Jun 13, 2009 at 10:43:55PM +0300, Niko Tyni wrote:
 
> Security team: I'm attaching proposed debdiffs for stable updates.
> Do you agree that this fix is sufficient? Shall I go ahead and upload?

Update: I've got confirmation from upstream that the one line fix should be
fine. Just say the word and I'll upload.
-- 
Niko Tyni   ntyni@debian.org

Message #40 received at 532736-close@bugs.debian.org (full text, mbox, reply):

From: Niko Tyni <ntyni@debian.org>

To: 532736-close@bugs.debian.org

Subject: Bug#532736: fixed in perl 5.10.0-19lenny2

Date: Fri, 28 Aug 2009 19:59:37 +0000

Source: perl
Source-Version: 5.10.0-19lenny2

We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive:

libcgi-fast-perl_5.10.0-19lenny2_all.deb
  to pool/main/p/perl/libcgi-fast-perl_5.10.0-19lenny2_all.deb
perl-doc_5.10.0-19lenny2_all.deb
  to pool/main/p/perl/perl-doc_5.10.0-19lenny2_all.deb
perl-modules_5.10.0-19lenny2_all.deb
  to pool/main/p/perl/perl-modules_5.10.0-19lenny2_all.deb
perl_5.10.0-19lenny2.diff.gz
  to pool/main/p/perl/perl_5.10.0-19lenny2.diff.gz
perl_5.10.0-19lenny2.dsc
  to pool/main/p/perl/perl_5.10.0-19lenny2.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 532736@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Niko Tyni <ntyni@debian.org> (supplier of updated perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 27 Aug 2009 23:12:30 +0300
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug perl-suid libperl5.10 libperl-dev perl
Architecture: all source 
Version: 5.10.0-19lenny2
Distribution: stable
Urgency: high
Maintainer: Brendan O'Dea <bod@debian.org>
Changed-By: Niko Tyni <ntyni@debian.org>
Closes: 516289 528332 532736
Description:
 libcgi-fast-perl - CGI::Fast Perl module
 libperl5.10 - Shared Perl library
 libperl-dev - Perl library: development files
 perl-base  - minimal Perl system
 perl-debug - Debug-enabled Perl interpreter
 perl-doc   - Perl documentation
 perl       - Larry Wall's Practical Extraction and Report Language
 perl-modules - Core Perl modules
 perl-suid  - Runs setuid Perl scripts
Changes:
 perl (5.10.0-19lenny2) stable; urgency=low
 .
   * Fix a typo in the replaces/conflicts/provides: libcpan-plus-perl
     should have been libcpanplus-perl. (Closes: #516289)
   * Fix a memory leak with the map operator. (Closes: #528332)
 .
 perl (5.10.0-19lenny1) stable-security; urgency=high
 .
   * [SECURITY] CVE-2009-1391: Fix a buffer overflow in Compress::Raw::Zlib.
     (Closes: #532736)
Checksums-Sha1: 
 3fb1ca3cbf85aa420f03939478ab3f1d27f8bd70 3197670 perl-modules_5.10.0-19lenny2_all.deb
 4b83a97715958ef5a54bfffffcc3258e94a4ce7c 142470 perl_5.10.0-19lenny2.diff.gz
 a3f790f433bbea589fa1126c6777889ed63eb5ba 1331 perl_5.10.0-19lenny2.dsc
 afd0d36e65e37095899f87c8488998397a630070 8217858 perl-doc_5.10.0-19lenny2_all.deb
 ea0d6e2f07fe44ab72693d4af9c4c98a10d1dc20 44730 libcgi-fast-perl_5.10.0-19lenny2_all.deb
Checksums-Sha256: 
 58d46b059c7578a79e3504b1dc7e5e380a3102747aba53c1359b36ffbf08a485 44730 libcgi-fast-perl_5.10.0-19lenny2_all.deb
 7e3961ce2928dd63fbd1166e8568c78b4059d767462ac34b3df5cc6678e7dd90 1331 perl_5.10.0-19lenny2.dsc
 a1aa1fd48c79cc55ef8642732bcbcf06c77a6277bd1d56ab0da02b4f23c9aa45 8217858 perl-doc_5.10.0-19lenny2_all.deb
 b0734bc8b625149cb32954977bd3dadfaafe5644b80f7432d389c8b8e18a61e4 142470 perl_5.10.0-19lenny2.diff.gz
 fc5ad5b5c515169b5e083e0f97774fe26a23b0000ba404bafaeda545449428ac 3197670 perl-modules_5.10.0-19lenny2_all.deb
Files: 
 055bed89b91888926a7e7540e20e99b0 1331 perl standard perl_5.10.0-19lenny2.dsc
 670ca856380c4b9c4ab9a291c02cfb01 142470 perl standard perl_5.10.0-19lenny2.diff.gz
 930e49d0d99ea2dfda1a274a0722d193 3197670 perl standard perl-modules_5.10.0-19lenny2_all.deb
 c38b659f557ebbe13d7a44b038d76474 8217858 doc optional perl-doc_5.10.0-19lenny2_all.deb
 ef22c0691afcd9f03d300effedf71867 44730 perl optional libcgi-fast-perl_5.10.0-19lenny2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqW/fAACgkQiyizGWoHLTmJOACfS/o8WsSPLTfB5oTpO1N4g/xd
T1QAn2ee9aNVwO20STHuqkGx9VRj8BCa
=N2aR
-----END PGP SIGNATURE-----

Message #45 received at 532736-close@bugs.debian.org (full text, mbox, reply):

From: Niko Tyni <ntyni@debian.org>

To: 532736-close@bugs.debian.org

Subject: Bug#532736: fixed in perl 5.10.0-19lenny2

Date: Fri, 04 Sep 2009 18:32:40 +0000

Source: perl
Source-Version: 5.10.0-19lenny2

We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive:

libcgi-fast-perl_5.10.0-19lenny2_all.deb
  to pool/main/p/perl/libcgi-fast-perl_5.10.0-19lenny2_all.deb
perl-doc_5.10.0-19lenny2_all.deb
  to pool/main/p/perl/perl-doc_5.10.0-19lenny2_all.deb
perl-modules_5.10.0-19lenny2_all.deb
  to pool/main/p/perl/perl-modules_5.10.0-19lenny2_all.deb
perl_5.10.0-19lenny2.diff.gz
  to pool/main/p/perl/perl_5.10.0-19lenny2.diff.gz
perl_5.10.0-19lenny2.dsc
  to pool/main/p/perl/perl_5.10.0-19lenny2.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 532736@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Niko Tyni <ntyni@debian.org> (supplier of updated perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 27 Aug 2009 23:12:30 +0300
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug perl-suid libperl5.10 libperl-dev perl
Architecture: all source 
Version: 5.10.0-19lenny2
Distribution: stable
Urgency: high
Maintainer: Brendan O'Dea <bod@debian.org>
Changed-By: Niko Tyni <ntyni@debian.org>
Closes: 516289 528332 532736
Description:
 libcgi-fast-perl - CGI::Fast Perl module
 libperl5.10 - Shared Perl library
 libperl-dev - Perl library: development files
 perl-base  - minimal Perl system
 perl-debug - Debug-enabled Perl interpreter
 perl-doc   - Perl documentation
 perl       - Larry Wall's Practical Extraction and Report Language
 perl-modules - Core Perl modules
 perl-suid  - Runs setuid Perl scripts
Changes:
 perl (5.10.0-19lenny2) stable; urgency=low
 .
   * Fix a typo in the replaces/conflicts/provides: libcpan-plus-perl
     should have been libcpanplus-perl. (Closes: #516289)
   * Fix a memory leak with the map operator. (Closes: #528332)
 .
 perl (5.10.0-19lenny1) stable-security; urgency=high
 .
   * [SECURITY] CVE-2009-1391: Fix a buffer overflow in Compress::Raw::Zlib.
     (Closes: #532736)
Checksums-Sha1: 
 3fb1ca3cbf85aa420f03939478ab3f1d27f8bd70 3197670 perl-modules_5.10.0-19lenny2_all.deb
 4b83a97715958ef5a54bfffffcc3258e94a4ce7c 142470 perl_5.10.0-19lenny2.diff.gz
 a3f790f433bbea589fa1126c6777889ed63eb5ba 1331 perl_5.10.0-19lenny2.dsc
 afd0d36e65e37095899f87c8488998397a630070 8217858 perl-doc_5.10.0-19lenny2_all.deb
 ea0d6e2f07fe44ab72693d4af9c4c98a10d1dc20 44730 libcgi-fast-perl_5.10.0-19lenny2_all.deb
Checksums-Sha256: 
 58d46b059c7578a79e3504b1dc7e5e380a3102747aba53c1359b36ffbf08a485 44730 libcgi-fast-perl_5.10.0-19lenny2_all.deb
 7e3961ce2928dd63fbd1166e8568c78b4059d767462ac34b3df5cc6678e7dd90 1331 perl_5.10.0-19lenny2.dsc
 a1aa1fd48c79cc55ef8642732bcbcf06c77a6277bd1d56ab0da02b4f23c9aa45 8217858 perl-doc_5.10.0-19lenny2_all.deb
 b0734bc8b625149cb32954977bd3dadfaafe5644b80f7432d389c8b8e18a61e4 142470 perl_5.10.0-19lenny2.diff.gz
 fc5ad5b5c515169b5e083e0f97774fe26a23b0000ba404bafaeda545449428ac 3197670 perl-modules_5.10.0-19lenny2_all.deb
Files: 
 055bed89b91888926a7e7540e20e99b0 1331 perl standard perl_5.10.0-19lenny2.dsc
 670ca856380c4b9c4ab9a291c02cfb01 142470 perl standard perl_5.10.0-19lenny2.diff.gz
 930e49d0d99ea2dfda1a274a0722d193 3197670 perl standard perl-modules_5.10.0-19lenny2_all.deb
 c38b659f557ebbe13d7a44b038d76474 8217858 doc optional perl-doc_5.10.0-19lenny2_all.deb
 ef22c0691afcd9f03d300effedf71867 44730 perl optional libcgi-fast-perl_5.10.0-19lenny2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqW/fAACgkQiyizGWoHLTmJOACfS/o8WsSPLTfB5oTpO1N4g/xd
T1QAn2ee9aNVwO20STHuqkGx9VRj8BCa
=N2aR
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.