Debian Bug report logs -
#860226
bind9: CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 13 Apr 2017 04:39:04 UTC
Severity: important
Tags: fixed-upstream, patch, security, upstream
Found in version bind9/1:9.9.5.dfsg-9
Fixed in versions bind9/1:9.10.3.dfsg.P4-12.3, bind9/1:9.9.5.dfsg-9+deb8u11
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, LaMont Jones <lamont@debian.org>:
Bug#860226; Package src:bind9.
(Thu, 13 Apr 2017 04:39:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, LaMont Jones <lamont@debian.org>.
(Thu, 13 Apr 2017 04:39:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: bind9
Version: 1:9.9.5.dfsg-9
Severity: important
Tags: upstream security fixed-upstream
Hi,
the following vulnerability was published for bind9.
CVE-2017-3138[0]:
|named exits with a REQUIRE assertion failure if it receives a null command
|string on its control channel
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-3138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138
[1] https://kb.isc.org/article/AA-01471
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Added tag(s) patch.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 860224-submit@bugs.debian.org.
(Sun, 07 May 2017 14:39:21 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 860224-submit@bugs.debian.org.
(Sun, 07 May 2017 14:39:21 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#860226; Package src:bind9.
(Sun, 07 May 2017 14:39:25 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Sun, 07 May 2017 14:39:25 GMT) (full text, mbox, link).
Message #14 received at 860226@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tags 860224 + patch
Control: tags 860224 + pending
Control: tags 860225 + pending
Control: tags 860226 + patch
Control: tags 860226 + pending
Dear maintainer,
I've prepared an NMU for bind9 (versioned as 1:9.10.3.dfsg.P4-12.3) and
uploaded it to DELAYED/5. Please feel free to tell me if I
should delay it longer.
Please note, I could not test bind9 under real conditions with those
patches. The testsuite passed though the dname tests.
I'm cc'ing as well Mike and Florian for possible review.
Furthermore the version for jessie ist still not yet done.
Regards,
Salvatore
[bind9_9.10.3.dfsg.P4-12.3.debdiff (text/plain, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#860226; Package src:bind9.
(Mon, 08 May 2017 22:27:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <mgilbert@debian.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Mon, 08 May 2017 22:27:06 GMT) (full text, mbox, link).
Message #19 received at 860226@bugs.debian.org (full text, mbox, reply):
On Sun, May 7, 2017 at 10:38 AM, Salvatore Bonaccorso wrote:
> I've prepared an NMU for bind9 (versioned as 1:9.10.3.dfsg.P4-12.3) and
> uploaded it to DELAYED/5. Please feel free to tell me if I
> should delay it longer.
Hi Salvatore,
I reviewed the diff. It does look correct to me, so please feel free
to remove the delay.
I don't have the free time to prepare the jessie DSA right now, are
you willing to do it?
Best wishes,
Mike
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#860226; Package src:bind9.
(Mon, 08 May 2017 22:33:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <mgilbert@debian.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Mon, 08 May 2017 22:33:06 GMT) (full text, mbox, link).
Message #24 received at 860226@bugs.debian.org (full text, mbox, reply):
On Mon, May 8, 2017 at 6:23 PM, Michael Gilbert wrote:
> I reviewed the diff. It does look correct to me, so please feel free
> to remove the delay.
There is also CVE-2017-3139 now [0].
Best wishes,
Mike
[0] https://access.redhat.com/errata/RHSA-2017:1202
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#860226; Package src:bind9.
(Tue, 09 May 2017 04:30:10 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Tue, 09 May 2017 04:30:10 GMT) (full text, mbox, link).
Message #29 received at 860226@bugs.debian.org (full text, mbox, reply):
Hi Michael,
On Mon, May 08, 2017 at 06:23:23PM -0400, Michael Gilbert wrote:
> On Sun, May 7, 2017 at 10:38 AM, Salvatore Bonaccorso wrote:
> > I've prepared an NMU for bind9 (versioned as 1:9.10.3.dfsg.P4-12.3) and
> > uploaded it to DELAYED/5. Please feel free to tell me if I
> > should delay it longer.
>
> Hi Salvatore,
>
> I reviewed the diff. It does look correct to me, so please feel free
> to remove the delay.
Okay rescheduled!
> I don't have the free time to prepare the jessie DSA right now, are
> you willing to do it?
Okay I will try to come up with the patchset/debdiff and will post it
here for testing.
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#860226; Package src:bind9.
(Tue, 09 May 2017 04:30:12 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>.
(Tue, 09 May 2017 04:30:12 GMT) (full text, mbox, link).
Message #34 received at 860226@bugs.debian.org (full text, mbox, reply):
Hi,
On Mon, May 08, 2017 at 06:28:51PM -0400, Michael Gilbert wrote:
> On Mon, May 8, 2017 at 6:23 PM, Michael Gilbert wrote:
> > I reviewed the diff. It does look correct to me, so please feel free
> > to remove the delay.
>
> There is also CVE-2017-3139 now [0].
This should only affect Red Hat bind9 version as in Red Hat 6 and not
ustream bind, so Debian should furthermore not be affected by this.
Was this assessment wrong?
Regards,
Salvatore
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Tue, 09 May 2017 04:51:09 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Tue, 09 May 2017 04:51:09 GMT) (full text, mbox, link).
Message #39 received at 860226-close@bugs.debian.org (full text, mbox, reply):
Source: bind9
Source-Version: 1:9.10.3.dfsg.P4-12.3
We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 860226@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated bind9 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 07 May 2017 15:22:46 +0200
Source: bind9
Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-140 libdns162 libirs141 libisc160 liblwres141 libisccc140 libisccfg140 dnsutils lwresd libbind-export-dev libdns-export162 libdns-export162-udeb libisc-export160 libisc-export160-udeb libisccfg-export140 libisccc-export140 libisccc-export140-udeb libisccfg-export140-udeb libirs-export141 libirs-export141-udeb
Architecture: all source
Version: 1:9.10.3.dfsg.P4-12.3
Distribution: unstable
Urgency: high
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 860224 860225 860226
Description:
bind9 - Internet Domain Name Server
bind9-doc - Documentation for BIND
bind9-host - Version of 'host' bundled with BIND 9.X
bind9utils - Utilities for BIND
dnsutils - Clients provided with BIND
host - Transitional package
libbind-dev - Static Libraries and Headers used by BIND
libbind-export-dev - Development files for the exported BIND libraries
libbind9-140 - BIND9 Shared Library used by BIND
libdns-export162 - Exported DNS Shared Library
libdns-export162-udeb - Exported DNS library for debian-installer (udeb)
libdns162 - DNS Shared Library used by BIND
libirs-export141 - Exported IRS Shared Library
libirs-export141-udeb - Exported IRS library for debian-installer (udeb)
libirs141 - DNS Shared Library used by BIND
libisc-export160 - Exported ISC Shared Library
libisc-export160-udeb - Exported ISC library for debian-installer (udeb)
libisc160 - ISC Shared Library used by BIND
libisccc-export140 - Command Channel Library used by BIND
libisccc-export140-udeb - Command Channel Library used by BIND (udeb)
libisccc140 - Command Channel Library used by BIND
libisccfg-export140 - Exported ISC CFG Shared Library
libisccfg-export140-udeb - Exported ISC CFG library for debian-installer (udeb)
libisccfg140 - Config File Handling Library used by BIND
liblwres141 - Lightweight Resolver Library used by BIND
lwresd - Lightweight Resolver Daemon
Changes:
bind9 (1:9.10.3.dfsg.P4-12.3) unstable; urgency=high
.
* Non-maintainer upload.
* Dns64 with "break-dnssec yes;" can result in a assertion failure
(CVE-2017-3136) (Closes: #860224)
* Some chaining (CNAME or DNAME) responses to upstream queries could trigger
assertion failures (CVE-2017-3137) (Closes: #860225)
* 'rndc ""' could trigger a assertion failure in named (CVE-2017-3138)
(Closes: #860226)
Checksums-Sha1:
c42a613458bb1a31a8dfc902fbdf4cb28134f0bf 3913 bind9_9.10.3.dfsg.P4-12.3.dsc
292ae99f2860c761f4242e47e555be65a3b0b002 81480 bind9_9.10.3.dfsg.P4-12.3.debian.tar.xz
ac70390e89047a73cda40e04dfdfbe982daaa935 377824 bind9-doc_9.10.3.dfsg.P4-12.3_all.deb
6839fa4972999805ed716e7c2ce1f1e12a2d7e86 185186 host_9.10.3.dfsg.P4-12.3_all.deb
Checksums-Sha256:
b39ed8bb8cade9b939ee8fd0144097f046db8392c4f3cf1e7ee5c97e6a3f0417 3913 bind9_9.10.3.dfsg.P4-12.3.dsc
4dd1a5764ac39275598bf96f45d3d7f92d9c0f11d96bebe7b652ed85ada1e98f 81480 bind9_9.10.3.dfsg.P4-12.3.debian.tar.xz
2978dd2869f0d780b8616922d8446993533fcd59565a828961c4b0acb5637763 377824 bind9-doc_9.10.3.dfsg.P4-12.3_all.deb
cfe04de2b313771e1dc9ddbb466afbe17378427b49fad1fd94dd6e3500f23c63 185186 host_9.10.3.dfsg.P4-12.3_all.deb
Files:
938c0473b9a3fa2b52cbdf7b264794c7 3913 net optional bind9_9.10.3.dfsg.P4-12.3.dsc
0b8b0bfd27b6247252fc4d2aa55b20c7 81480 net optional bind9_9.10.3.dfsg.P4-12.3.debian.tar.xz
d0d2c67da0ad57da02d5e4c240e1c441 377824 doc optional bind9-doc_9.10.3.dfsg.P4-12.3_all.deb
ac6b79f92b9eceebca43b8d697f9e59e 185186 net standard host_9.10.3.dfsg.P4-12.3_all.deb
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkPMbxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ElZcP/19SYv4n3Lo4WCPCIjSbLN5v1YxUSc45
te6NFRi70CTP5vYAX4W5v2HazHvvpCaAYQUxjbd+RuaARiKsl//iOsHkHHMcl27t
9Gs++KQXJYhqRbDuUcxY7oS0AQ5a1RYGJRJABxJ2fZ2eA/W8IcCX0R3bLrboHvjt
W8M7CnUn83mfl4oIIuUHHUSLJMHOuwfyKVQQ3DRwcemGJBrxvXi0DVxel6rHr9cj
+83xj3gKKAnJ82A7rjbtcPD61Bxc1AXCTanUPHNLUux52oRhVXFHMDFGkj4dhyxR
Y68Sn4aGoEaWshdMmkJqSxFEGSiXx4cfbO/WRag6qEOhTI+KVQIDwfA9iACD8Ej2
Grgtirap+gzbnZ+5DWFN/ieUMbDgsN8mw8D7zO8gnXAKs+ljVD7/OsBY4yD0MZef
eIsbRlMkx/2P2grtTQ9n4bAThju0wqXHyd+yBdNcqBLTz1hhsENB23PP6C9kTBKN
oN6VULdUpW9TRIykhU746dyLQjjs2sHyTioeHSNV53f2YcSp+rKmv7bM0DWSUqVg
38unXRkN8kUJ+8+zGO9Kq7PJYPfiQ+RO0BuZUmSD+d3itAdab41nyxFhu9tMklyf
u9TRl8F0gOH7NYHnq/Digr3Sixzy2nROBwF4TEq+XaKhdGm3yOUobga/+80WKw1c
vmD3pFVRwmr9
=t00v
-----END PGP SIGNATURE-----
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Sat, 27 May 2017 12:36:21 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 27 May 2017 12:36:21 GMT) (full text, mbox, link).
Message #44 received at 860226-close@bugs.debian.org (full text, mbox, reply):
Source: bind9
Source-Version: 1:9.9.5.dfsg-9+deb8u11
We believe that the bug you reported is fixed in the latest version of
bind9, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 860226@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated bind9 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 11 May 2017 08:39:19 +0200
Source: bind9
Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-90 libdns100 libisc95 liblwres90 libisccc90 libisccfg90 dnsutils lwresd libbind-export-dev libdns-export100 libdns-export100-udeb libisc-export95 libisc-export95-udeb libisccfg-export90 libisccfg-export90-udeb libirs-export91 libirs-export91-udeb
Architecture: all source
Version: 1:9.9.5.dfsg-9+deb8u11
Distribution: jessie-security
Urgency: high
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 860224 860225 860226
Description:
bind9 - Internet Domain Name Server
bind9-doc - Documentation for BIND
bind9-host - Version of 'host' bundled with BIND 9.X
bind9utils - Utilities for BIND
dnsutils - Clients provided with BIND
host - Transitional package
libbind-dev - Static Libraries and Headers used by BIND
libbind-export-dev - Development files for the exported BIND libraries
libbind9-90 - BIND9 Shared Library used by BIND
libdns-export100 - Exported DNS Shared Library
libdns-export100-udeb - Exported DNS library for debian-installer (udeb)
libdns100 - DNS Shared Library used by BIND
libirs-export91 - Exported IRS Shared Library
libirs-export91-udeb - Exported IRS library for debian-installer (udeb)
libisc-export95 - Exported ISC Shared Library
libisc-export95-udeb - Exported ISC library for debian-installer (udeb)
libisc95 - ISC Shared Library used by BIND
libisccc90 - Command Channel Library used by BIND
libisccfg-export90 - Exported ISC CFG Shared Library
libisccfg-export90-udeb - Exported ISC CFG library for debian-installer (udeb)
libisccfg90 - Config File Handling Library used by BIND
liblwres90 - Lightweight Resolver Library used by BIND
lwresd - Lightweight Resolver Daemon
Changes:
bind9 (1:9.9.5.dfsg-9+deb8u11) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Dns64 with "break-dnssec yes;" can result in a assertion failure.
(CVE-2017-3136) (Closes: #860224)
* Prerequisite for CVE-2017-3137 cherry-picked from upstream change #4190.
If not cherry-picking this change the fix for CVE-2017-3137 can cause an
assertion failure to appear in name.c.
* Some chaining (CNAME or DNAME) responses to upstream queries could trigger
assertion failures (CVE-2017-3137) (Closes: #860225)
* Reimplement: Some chaining (CNAME or DNAME) responses to upstream queries
could trigger assertion failures. (CVE-2017-3137)
* Fix regression introduced when handling CNAME to referral below the
current domain
* 'rndc ""' could trigger a assertion failure in named. (CVE-2017-3138)
(Closes: #860226)
Checksums-Sha1:
f2d1670569683e593fda739666c147329f5bd654 3620 bind9_9.9.5.dfsg-9+deb8u11.dsc
32677c500c750f041d5995b9083eee68d90efbf1 128840 bind9_9.9.5.dfsg-9+deb8u11.diff.gz
214a0dcba51e0fe40635299abf710dd099218a82 339460 bind9-doc_9.9.5.dfsg-9+deb8u11_all.deb
1400ac71c2c64cd2d778db3ff321d122aff7fe70 23892 host_9.9.5.dfsg-9+deb8u11_all.deb
Checksums-Sha256:
e00753c33208893e0862372f22b3aeb8a052b3e5aa7396b2e7faed57b24c2f4b 3620 bind9_9.9.5.dfsg-9+deb8u11.dsc
cfa5fe637c27784bf9fb9a48e2fd0432248a76c0c9f8ce3da5b589dec5b45b81 128840 bind9_9.9.5.dfsg-9+deb8u11.diff.gz
2dcb870cfe718ebe3b04a12b372ffb3b6fc207d1c628e83e10707531a55a7f38 339460 bind9-doc_9.9.5.dfsg-9+deb8u11_all.deb
a1965b7ec3429278b9cf5ff7e934a5a062c13aa1eab97138cf3c7dea57074fd2 23892 host_9.9.5.dfsg-9+deb8u11_all.deb
Files:
c1362de32d5501fff5eedf10636f4c57 3620 net optional bind9_9.9.5.dfsg-9+deb8u11.dsc
31d0ce9a68b9f001039b0412ca013645 128840 net optional bind9_9.9.5.dfsg-9+deb8u11.diff.gz
3f1ad3b3c06ffcfb724ea8d482a74a30 339460 doc optional bind9-doc_9.9.5.dfsg-9+deb8u11_all.deb
da9567cf85ffe780c7fd950233751de5 23892 net standard host_9.9.5.dfsg-9+deb8u11_all.deb
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkUCflfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EBvIQAJ1KN1yhzJUgmoEXscgfLTJjBw7bErLi
ixL2HWCHoP9Hs98JwfXKKRm7yYtYbfxnLZ7zXaNo9VALrDaZj22dwamxMRQQbh4Z
R96k7hGDCjLGKvccmCTTkv5NXLo/binqKC6UbOcZllhNK/KQssZLZ6yi8o0CccVr
t+A5Z2jkSAFuQHKmychgHmuoVBTzlW3nk8M0WytjCG9mLvzBN+MOImWBu7weJtJB
AgvwASkGI9mwIMo/AWDljZliwb6xOvqANjDoLYuswWYp1Ugf6F5OrSGqrHyhCT5w
haP6s9LSSzImWBBBAtQ+lfqbABu1kVNlDBXySaDEXkQ0vL0AUGFA5PbtHhB14mzp
/hIevKh4vYc60eLBwmA068oIJ8PjsSsDqj1vDmCOqe7wzVO6mrFL91vYpG4Ea/ab
iRmKPrEVuNkvKCYLhglMFrxnpZMKRHPnbrEGXts51V0pf1t/bjsxInttVw57vFDT
+BDKpH+yUjkHfFlcoyv4zqegL1zPrnMbSTYz0DfsZKpvlN9zw1qFbBEqWFhY1mYO
t4gDmAscb/TUFRaI/iUe14njX0pImIdB1J0s6DMxJyoNouhaXoAMVg3KPSRdmu0W
lpbhJjbs2f38TtfmUXghfQjJVjEPkTtbzUXtpfYc2/r5pD7T+UGaHYMO4jofgmaH
6cjt08XlDAg5
=/vrq
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 07 Dec 2017 07:27:24 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:07:11 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon