CVE-2012-2451: CWE-377 Insecure Temporary File

Debian Bug report logs - #671255
CVE-2012-2451: CWE-377 Insecure Temporary File

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Henri Salo <henri@nerv.fi>

To: submit@bugs.debian.org

Subject: CVE-2012-2451: CWE-377 Insecure Temporary File

Date: Wed, 2 May 2012 22:02:13 +0300

Package: libconfig-inifiles-perl
Version: 2.52-1
Severity: important
Tags: security

https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
CVE-identifier assigned in here: http://seclists.org/oss-sec/2012/q2/225

-- System Information:
Debian Release: 6.0.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash

-- no debconf information

Message #10 received at 671255@bugs.debian.org (full text, mbox, reply):

From: gregor herrmann <gregoa@debian.org>

To: 671255@bugs.debian.org

Subject: Re: Bug#671255: CVE-2012-2451: CWE-377 Insecure Temporary File

Date: Sun, 6 May 2012 14:28:39 +0200

[Message part 1 (text/plain, inline)]

tag 671255 + patch + fixed-upstream
thanks

On Wed, 02 May 2012 22:02:13 +0300, Henri Salo wrote:

> https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
> CVE-identifier assigned in here: http://seclists.org/oss-sec/2012/q2/225

Here's the diff of this commit.

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Neil Young: Powderfinger

[signature.asc (application/pgp-signature, inline)]

Message #19 received at 671255-close@bugs.debian.org (full text, mbox, reply):

From: gregor herrmann <gregoa@debian.org>

To: 671255-close@bugs.debian.org

Subject: Bug#671255: fixed in libconfig-inifiles-perl 2.72-1

Date: Sun, 06 May 2012 12:53:56 +0000

Source: libconfig-inifiles-perl
Source-Version: 2.72-1

We believe that the bug you reported is fixed in the latest version of
libconfig-inifiles-perl, which is due to be installed in the Debian FTP archive:

libconfig-inifiles-perl_2.72-1.debian.tar.gz
  to main/libc/libconfig-inifiles-perl/libconfig-inifiles-perl_2.72-1.debian.tar.gz
libconfig-inifiles-perl_2.72-1.dsc
  to main/libc/libconfig-inifiles-perl/libconfig-inifiles-perl_2.72-1.dsc
libconfig-inifiles-perl_2.72-1_all.deb
  to main/libc/libconfig-inifiles-perl/libconfig-inifiles-perl_2.72-1_all.deb
libconfig-inifiles-perl_2.72.orig.tar.gz
  to main/libc/libconfig-inifiles-perl/libconfig-inifiles-perl_2.72.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 671255@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
gregor herrmann <gregoa@debian.org> (supplier of updated libconfig-inifiles-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 06 May 2012 14:42:08 +0200
Source: libconfig-inifiles-perl
Binary: libconfig-inifiles-perl
Architecture: source all
Version: 2.72-1
Distribution: unstable
Urgency: low
Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
Changed-By: gregor herrmann <gregoa@debian.org>
Description: 
 libconfig-inifiles-perl - Read .ini-style configuration files
Closes: 671255
Changes: 
 libconfig-inifiles-perl (2.72-1) unstable; urgency=low
 .
   * Team upload.
   * New upstream release:
     SECURITY BUG FIX: Config::IniFiles used to write to a temporary filename
     with a predictable name ("${filename}-new") which opens the door for
     potential exploits. -- CVE-2012-2451, CWE-377
     Closes: #671255
   * (Build-)depend on liblist-moreutils-perl.
Checksums-Sha1: 
 69e11f357d1547b388ab36000a7061e62e523e99 2251 libconfig-inifiles-perl_2.72-1.dsc
 5cd0ecb4f5993c3044080049fca7559733b69c8c 61256 libconfig-inifiles-perl_2.72.orig.tar.gz
 6cdf9be23ab029b41fb1490070dd4a3f9c9d29d2 8564 libconfig-inifiles-perl_2.72-1.debian.tar.gz
 dbd767c15cca337f5d000934040c477c9247260e 54952 libconfig-inifiles-perl_2.72-1_all.deb
Checksums-Sha256: 
 e8c364785ad83b1313a00513ae96b0382baa497e1ca212c9b729a9c626771c50 2251 libconfig-inifiles-perl_2.72-1.dsc
 6ec0a7fee53d47ca03f6f52c05dbe4c0f2788b6fe7b1f765c40a34cd81e80b91 61256 libconfig-inifiles-perl_2.72.orig.tar.gz
 380be855b7160047d22695e58a72caac8b4412db5f0b684bccfa9c282ed0a801 8564 libconfig-inifiles-perl_2.72-1.debian.tar.gz
 9b318bee159a371520ca24485ccb7363d8b7727c4cd007a0a07592d0a524152d 54952 libconfig-inifiles-perl_2.72-1_all.deb
Files: 
 2f419a01164c92b72db3d5f805b444fc 2251 perl extra libconfig-inifiles-perl_2.72-1.dsc
 513d01cf4945e9b1faccc80e153bd27e 61256 perl extra libconfig-inifiles-perl_2.72.orig.tar.gz
 5121b57f388a08973ad32ac0e1ebc986 8564 perl extra libconfig-inifiles-perl_2.72-1.debian.tar.gz
 ad46146fe0caf01849ddafa849a11617 54952 perl extra libconfig-inifiles-perl_2.72-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJPpnHdAAoJELs6aAGGSaoG8gkP/3iMrUEqVGZToDN6vmg4yIif
7VZfzb2elMXbu9t2Q3o+73hK3FUjHJbDCGM16oJdMrpzuGcZmtf4cV/uMqQolTj8
TVNXRBpX9oxSP65fSbJ4E39D+mFWsGz2M1C6hlm7TwHQoz845o/TeLThl5Wu5Kah
/CwHR088pB0BuyzW1FGB2McRapgbszFUasVxP5oYDFC4jHX9XPhi5x0yt4uQhbEc
Ym3HTz/WkY8BySBgwfEi92PcMLS16v09wgSv9YPGhCP17E6cRrJ4/sDV/EF9SKtx
ByVzatuYKoMTK0R62opiKp3LBD7jNPmD+PTa3V1uOY5pBrdMR01F4Nj90YSOF+20
EPtDsKhPaQL3734U2eFKP9eM6Lo15vrA6MZ98TxUyAoCEOdg0zJMlQvGubyPWFX6
DcRi/lRe/jp5sTePiaP9pkKGIIu0lNEV56+3ZXrD7A+6Y7PLKAZfGPrYK8CnCSPq
FmuT+rp/Y1PFFganFuxkpUQKVgQGQHHi7WHvqkkpYlJ5h4US6U3gBL/N+D0W0/Wp
D2ee02tYmnqnEQI/JPAbdW/QUqkFrrKxs9cdJ2bIrJEGkkUhcaFpWDaoh5DhRvM7
jhDB/f2Fog71/ZmTn/SO2vseiGWNHJ/w+qHiRyGtErJizw+cyoR8yzGn+FIyYO5m
9cvAJbocUpEdRejKAmAd
=YwLW
-----END PGP SIGNATURE-----

Message #24 received at 671255@bugs.debian.org (full text, mbox, reply):

From: gregor herrmann <gregoa@debian.org>

To: 671255@bugs.debian.org

Subject: Re: Bug#671255: CVE-2012-2451: CWE-377 Insecure Temporary File

Date: Sun, 6 May 2012 15:05:27 +0200

[Message part 1 (text/plain, inline)]

On Sun, 06 May 2012 14:28:39 +0200, gregor herrmann wrote:

> > https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
> > CVE-identifier assigned in here: http://seclists.org/oss-sec/2012/q2/225
> Here's the diff of this commit.

Next attempt ... 
 
-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Orquesta Chepin: Murmullo

[perl-config-inifiles-a08fa26f4f59.diff (text/x-diff, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #29 received at 671255@bugs.debian.org (full text, mbox, reply):

From: gregor herrmann <gregoa@debian.org>

To: 671255@bugs.debian.org

Subject: Re: Bug#671255: CVE-2012-2451: CWE-377 Insecure Temporary File

Date: Sun, 6 May 2012 15:20:03 +0200

[Message part 1 (text/plain, inline)]

On Wed, 02 May 2012 22:02:13 +0300, Henri Salo wrote:

> https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
> CVE-identifier assigned in here: http://seclists.org/oss-sec/2012/q2/225

Attached is a backport of the fix for squeeze; reviews welcome.

Dear security and release teams: Please advise on how to proceed;
does s-p-u sound right for this isse?

Cheers,
gregor

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Dire Straits: Tunnel Of Love

[671255-squeeze.diff (text/x-diff, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #34 received at 671255@bugs.debian.org (full text, mbox, reply):

From: Cyril Brulebois <kibi@debian.org>

To: gregor herrmann <gregoa@debian.org>, 671255@bugs.debian.org

Cc: debian-release@lists.debian.org, team@security.debian.org

Subject: Re: Bug#671255: CVE-2012-2451: CWE-377 Insecure Temporary File

Date: Sun, 6 May 2012 22:48:45 +0200

[Message part 1 (text/plain, inline)]

Hi,

(strange to see your mail target the bug report and no-one else; Cc
added manually.)

gregor herrmann <gregoa@debian.org> (06/05/2012):
> Attached is a backport of the fix for squeeze; reviews welcome.
> 
> Dear security and release teams: Please advise on how to proceed;
> does s-p-u sound right for this isse?

I'm happy to take it for s-p-u, but the merge window is supposed to
close this weekend. Given the fix looks pretty straightforward, I think
I'd take it even if that's a little late. Adam, do you concur?

(No error handling when doing I/O? Bad. But oh well, using tempfile
makes it look better anyway.)

Mraw,
KiBi.

[signature.asc (application/pgp-signature, inline)]

Message #39 received at 671255@bugs.debian.org (full text, mbox, reply):

From: gregor herrmann <gregoa@debian.org>

To: Cyril Brulebois <kibi@debian.org>

Cc: 671255@bugs.debian.org, debian-release@lists.debian.org, team@security.debian.org

Subject: Re: Bug#671255: CVE-2012-2451: CWE-377 Insecure Temporary File

Date: Sun, 6 May 2012 23:05:26 +0200

[Message part 1 (text/plain, inline)]

On Sun, 06 May 2012 22:48:45 +0200, Cyril Brulebois wrote:

> (strange to see your mail target the bug report and no-one else; Cc
> added manually.)

(Thanks for adding the CCs, and sorry for the confusion; I bounced
the mail later after missing the CCs in my first try.)
 
> > Dear security and release teams: Please advise on how to proceed;
> > does s-p-u sound right for this isse?
> I'm happy to take it for s-p-u, but the merge window is supposed to
> close this weekend. Given the fix looks pretty straightforward, I think
> I'd take it even if that's a little late. Adam, do you concur?

Thank you. Let's see what Adam says afte reviewing the diff.
 

Cheers,
gregor

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Little Walter: Mean Old World

[signature.asc (application/pgp-signature, inline)]

Message #44 received at 671255@bugs.debian.org (full text, mbox, reply):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

To: Cyril Brulebois <kibi@debian.org>

Cc: gregor herrmann <gregoa@debian.org>, 671255@bugs.debian.org, debian-release@lists.debian.org, team@security.debian.org

Subject: Re: Bug#671255: CVE-2012-2451: CWE-377 Insecure Temporary File

Date: Sun, 06 May 2012 22:13:05 +0100

On Sun, 2012-05-06 at 22:48 +0200, Cyril Brulebois wrote:
> gregor herrmann <gregoa@debian.org> (06/05/2012):
> > Attached is a backport of the fix for squeeze; reviews welcome.
> > 
> > Dear security and release teams: Please advise on how to proceed;
> > does s-p-u sound right for this isse?
> 
> I'm happy to take it for s-p-u, but the merge window is supposed to
> close this weekend. Given the fix looks pretty straightforward, I think
> I'd take it even if that's a little late. Adam, do you concur?

It is closing this weekend, although the exact definition may depend on
when I wake up tomorrow :) (given that it's a public holiday)

I'm a little torn here.  The fix is indeed small and straight-forward,
but:

> (No error handling when doing I/O? Bad. But oh well, using tempfile
> makes it look better anyway.)

Specifically, a loss of error handling.  The original version at least
let the caller gracefully handle the failure, whereas the new version is
technically an API change in that the function is defined as returning
undef in the case of failure and no longer does if creating the
temporary file fails; I'm not sure how well the (several) r-deps in the
archive will handle that.

Regards,

Adam

Message #49 received at 671255@bugs.debian.org (full text, mbox, reply):

From: gregor herrmann <gregoa@debian.org>

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Cc: Cyril Brulebois <kibi@debian.org>, 671255@bugs.debian.org, debian-release@lists.debian.org, team@security.debian.org

Subject: Re: Bug#671255: CVE-2012-2451: CWE-377 Insecure Temporary File

Date: Sun, 6 May 2012 23:31:42 +0200

[Message part 1 (text/plain, inline)]

On Sun, 06 May 2012 22:13:05 +0100, Adam D. Barratt wrote:

> > (No error handling when doing I/O? Bad. But oh well, using tempfile
> > makes it look better anyway.)
> Specifically, a loss of error handling.  The original version at least
> let the caller gracefully handle the failure, whereas the new version is
> technically an API change in that the function is defined as returning
> undef in the case of failure and no longer does if creating the
> temporary file fails; I'm not sure how well the (several) r-deps in the
> archive will handle that.

Hm, good catch.
(tempfile() indeed just croak()s on errors according to the
documentation).

Maybe it's better to give this a second look ...

Cheers,
gregor

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Paco de Lucia: Manteca Colora [Rumba]

[signature.asc (application/pgp-signature, inline)]

Message #54 received at 671255@bugs.debian.org (full text, mbox, reply):

From: Cyril Brulebois <kibi@debian.org>

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 671255@bugs.debian.org, debian-release@lists.debian.org, team@security.debian.org

Cc: gregor herrmann <gregoa@debian.org>

Subject: Re: Bug#671255: CVE-2012-2451: CWE-377 Insecure Temporary File

Date: Mon, 7 May 2012 00:04:35 +0200

[Message part 1 (text/plain, inline)]

gregor herrmann <gregoa@debian.org> (06/05/2012):
> > Specifically, a loss of error handling. […]

Yeah, my bad. Shouldn't try and mix paracetamol and s-p-u diff reviews…
Sorry about that.

> Hm, good catch.
> (tempfile() indeed just croak()s on errors according to the
> documentation).
> 
> Maybe it's better to give this a second look ...

Given the above, it very much looks like fixing that bug properly in
unstable first (which is what we encourage all the time anyway), taking
some time to think about it, would be better than hurrying up.

→ Next point release.

Mraw,
KiBi.

[signature.asc (application/pgp-signature, inline)]

Message #59 received at 671255@bugs.debian.org (full text, mbox, reply):

From: gregor herrmann <gregoa@debian.org>

To: Cyril Brulebois <kibi@debian.org>, 671255@bugs.debian.org

Cc: "Adam D. Barratt" <adam@adam-barratt.org.uk>, debian-release@lists.debian.org, team@security.debian.org

Subject: Re: Bug#671255: CVE-2012-2451: CWE-377 Insecure Temporary File

Date: Mon, 7 May 2012 16:52:02 +0200

[Message part 1 (text/plain, inline)]

On Mon, 07 May 2012 00:04:35 +0200, Cyril Brulebois wrote:

> > > Specifically, a loss of error handling. […]
> > Hm, good catch.
> > Maybe it's better to give this a second look ...
> Given the above, it very much looks like fixing that bug properly in
> unstable first (which is what we encourage all the time anyway), taking
> some time to think about it, would be better than hurrying up.

Agreed.
Thanks for taking the time to review the diff and point out this
issue!
 
I've now opened an upstream ticket:
https://rt.cpan.org/Ticket/Display.html?id=77039

Cheers,
gregor

-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Bruce Springsteen: Waitin' on a Sunny Day

[signature.asc (application/pgp-signature, inline)]

Message #64 received at 671255@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: gregor herrmann <gregoa@debian.org>

Cc: 671255@bugs.debian.org

Subject: Re: Bug#671255: CVE-2012-2451: CWE-377 Insecure Temporary File

Date: Mon, 7 May 2012 18:30:16 +0200

On Sun, May 06, 2012 at 03:20:03PM +0200, gregor herrmann wrote:
> On Wed, 02 May 2012 22:02:13 +0300, Henri Salo wrote:
> 
> > https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
> > CVE-identifier assigned in here: http://seclists.org/oss-sec/2012/q2/225
> 
> Attached is a backport of the fix for squeeze; reviews welcome.
> 
> Dear security and release teams: Please advise on how to proceed;
> does s-p-u sound right for this isse?

Please proceed with s-p-u.

Cheers,
        Moritz

Message #69 received at 671255@bugs.debian.org (full text, mbox, reply):

From: gregor herrmann <gregoa@debian.org>

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 671255@bugs.debian.org

Cc: Cyril Brulebois <kibi@debian.org>, debian-release@lists.debian.org, team@security.debian.org

Subject: Re: Bug#671255: CVE-2012-2451: CWE-377 Insecure Temporary File

Date: Mon, 14 May 2012 17:05:12 +0200

[Message part 1 (text/plain, inline)]

On Sun, 06 May 2012 22:13:05 +0100, Adam D. Barratt wrote:

> Specifically, a loss of error handling.  The original version at least
> let the caller gracefully handle the failure, whereas the new version is
> technically an API change in that the function is defined as returning
> undef in the case of failure and no longer does if creating the
> temporary file fails; I'm not sure how well the (several) r-deps in the
> archive will handle that.

Upstream has fixed this regression in the error handling in 2.73 [0],
and I've now backported this change to the backport of the original
fix.

Attached is the new debdiff; I'm looking forward to another review.

Cheers,
gregor

[0]
https://bitbucket.org/shlomif/perl-config-inifiles/changeset/511f34b73b85
https://rt.cpan.org/Public/Bug/Display.html?id=77039
-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Bob Dylan: Blowin' In The Wind

[671255-squeeze.diff (text/x-diff, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #88 received at 671255-close@bugs.debian.org (full text, mbox, reply):

From: gregor herrmann <gregoa@debian.org>

To: 671255-close@bugs.debian.org

Subject: Bug#671255: fixed in libconfig-inifiles-perl 2.52-1+squeeze1

Date: Sat, 04 Aug 2012 19:47:08 +0000

Source: libconfig-inifiles-perl
Source-Version: 2.52-1+squeeze1

We believe that the bug you reported is fixed in the latest version of
libconfig-inifiles-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 671255@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
gregor herrmann <gregoa@debian.org> (supplier of updated libconfig-inifiles-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 03 Aug 2012 00:03:19 +0200
Source: libconfig-inifiles-perl
Binary: libconfig-inifiles-perl
Architecture: source all
Version: 2.52-1+squeeze1
Distribution: stable-proposed-updates
Urgency: low
Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
Changed-By: gregor herrmann <gregoa@debian.org>
Description: 
 libconfig-inifiles-perl - Read .ini-style configuration files
Closes: 671255
Changes: 
 libconfig-inifiles-perl (2.52-1+squeeze1) stable-proposed-updates; urgency=low
 .
   * Team upload.
   * SECURITY BUG FIX: Config::IniFiles used to write to a temporary
     filename with a predictable name ("${filename}-new") which opens the
     door for potential exploits. -- CVE-2012-2451, CWE-377
     (Closes: #671255)
Checksums-Sha1: 
 6349397fc037980dc8d304cb9725f709021fb654 2171 libconfig-inifiles-perl_2.52-1+squeeze1.dsc
 0b5b394b8ec23e4e4b64d05cd5d8eb5714194198 11847 libconfig-inifiles-perl_2.52-1+squeeze1.diff.gz
 ef36fd360edf41df3c54e8cb58c97acc16e40bcd 48032 libconfig-inifiles-perl_2.52-1+squeeze1_all.deb
Checksums-Sha256: 
 f26955538817e406eda61eb2eb6ed6137ca203880883a44014fd384dac4f448c 2171 libconfig-inifiles-perl_2.52-1+squeeze1.dsc
 5f5a05b0a9ac40193a95760aa3e39f70620d05284d901f50afad4e1bc802ea1b 11847 libconfig-inifiles-perl_2.52-1+squeeze1.diff.gz
 4ea093e3503d41c9de8f425e0df0cc2f2d39823e0fc7bb587a955e0941ccbd5e 48032 libconfig-inifiles-perl_2.52-1+squeeze1_all.deb
Files: 
 0e91b9d9cee81d25e7bcfd4234900a21 2171 perl extra libconfig-inifiles-perl_2.52-1+squeeze1.dsc
 2915e67a210ade43adc331c363e87442 11847 perl extra libconfig-inifiles-perl_2.52-1+squeeze1.diff.gz
 4a54951f40826e8f1af4937733fd7ced 48032 perl extra libconfig-inifiles-perl_2.52-1+squeeze1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQGvlrAAoJELs6aAGGSaoGmWIP/05IUxLnNEqaoOPBnSXThb6l
5L6KvDIZgOw/5VYe7GWtKJ1cNGGfkYzS0Zqk8CMCYvWKSs7W/PJXQRA+m2Bexwvn
fdKvuI0cExzEZm3antFgwO0FulO3eD3l2V+G3RpeNEAf2FH7KcBdtVHUAuwToSiL
VaEE8TkEYS3b5goMEtWB/qEDuiNEBzQVvOXkgWjHg/wOsoqHQzCFJ2b4w2fJdH3Q
rFQP9KJI+g1l0qWp22iUIM5gwV4vH8q2L3E40Vnrt61JMBd3qtj2JtUnVZnnIcTX
NLF3LvJ3m+ElFTf1wbhHXocsrawR6hEMpeYe3YncNGFQEhmXfZsuVeIJMxOYV40y
c6bGHtjgEyRrIOJM76j6ICPjHDyg+RV/WEMALZ4wgcIeAgRAoSEyhbsFPRXgfGXp
LbURNJOzF4SpcdB7Z0Egqlc4cu7gE/9+7IH5dMbgTMswM1umhD+C855H+ggEQzSY
EFxznHwyF0KS/zlrxcgN6Pnq7uMcpy0MB+XCCPqIIpMKxzuX8NK7wYnMQi6siHYl
sbxoY0g5Qit06Z92rKEgVr4Gb6sMU5HO7SM2yUqFNCjq/6SnWLUii0Gj2V8ZegDZ
ZhgI8xrsbZUDmIBmbrqVOHm8wAgmXZMUiBYIUKpOOlVBpFhpjGhI9Xvno6piIp8c
Ysq00V2ybmqgpyniLtdA
=oD5T
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.