Debian Bug report logs -
#890288
mbedtls: CVE-2018-0487 - Risk of remote code execution when verifying RSASSA-PSS signatures
Reported by: James Cowgill <jcowgill@debian.org>
Date: Mon, 12 Feb 2018 23:30:02 UTC
Severity: grave
Tags: security, upstream
Found in versions mbedtls/2.1.2-1, polarssl/1.2.8-1
Fixed in versions mbedtls/2.7.0-1, mbedtls/2.4.2-1+deb9u2, polarssl/1.3.9-2.1+deb8u3
Done: James Cowgill <jcowgill@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org:
Bug#890288; Package src:mbedtls.
(Mon, 12 Feb 2018 23:30:05 GMT) (full text, mbox, link).
Acknowledgement sent
to James Cowgill <jcowgill@debian.org>:
New Bug report received and forwarded.
(Mon, 12 Feb 2018 23:30:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Source: mbedtls
Version: 2.1.2-1
Severity: grave
Tags: security
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
Vulnerability
When RSASSA-PSS signature verification is enabled, sending a maliciously
constructed certificate chain can be used to cause a buffer overflow on
the peer's stack, potentially leading to crash or remote code execution.
This can be triggered remotely from either side in both TLS and DTLS.
RSASSA-PSS is the part of PKCS #1 v2.1 standard and can be enabled by
the compile time option MBEDTLS_PKCS1_V21 in config.h. If
MBEDTLS_PKCS1_V21 is disabled when compiling the library, then the
vulnerability is not present. RSASSA-PSS signatures are enabled in the
default configuration.
Impact
Depending on the platform, an attack exploiting this vulnerability could
lead to an application crash or remote code execution.
Resolution
Affected users should upgrade to Mbed TLS 1.3.22, Mbed TLS 2.1.10 or
Mbed TLS 2.7.0.
Workaround
Users should wherever possible upgrade to the newer version of Mbed TLS.
Where this is not practical, users should consider if disabling the
option MBEDTLS_PKCS1_V21 in the Mbed TLS configuration is practical for
their application. Disabling RSASSA-PSS signatures in the verification
profile at runtime is not a sufficient countermeasure.
[signature.asc (application/pgp-signature, attachment)]
Added tag(s) upstream.
Request was from James Cowgill <jcowgill@debian.org>
to control@bugs.debian.org.
(Mon, 12 Feb 2018 23:57:03 GMT) (full text, mbox, link).
Reply sent
to James Cowgill <jcowgill@debian.org>:
You have taken responsibility.
(Wed, 14 Feb 2018 13:03:13 GMT) (full text, mbox, link).
Notification sent
to James Cowgill <jcowgill@debian.org>:
Bug acknowledged by developer.
(Wed, 14 Feb 2018 13:03:13 GMT) (full text, mbox, link).
Message #12 received at 890288-close@bugs.debian.org (full text, mbox, reply):
Source: mbedtls
Source-Version: 2.7.0-1
We believe that the bug you reported is fixed in the latest version of
mbedtls, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 890288@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
James Cowgill <jcowgill@debian.org> (supplier of updated mbedtls package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 14 Feb 2018 09:25:58 +0000
Source: mbedtls
Binary: libmbedtls-dev libmbedcrypto1 libmbedtls10 libmbedx509-0 libmbedtls-doc
Architecture: source amd64 all
Version: 2.7.0-1
Distribution: experimental
Urgency: medium
Maintainer: James Cowgill <jcowgill@debian.org>
Changed-By: James Cowgill <jcowgill@debian.org>
Description:
libmbedcrypto1 - lightweight crypto and SSL/TLS library - crypto library
libmbedtls-dev - lightweight crypto and SSL/TLS library - development files
libmbedtls-doc - lightweight crypto and SSL/TLS library - documentation
libmbedtls10 - lightweight crypto and SSL/TLS library - tls library
libmbedx509-0 - lightweight crypto and SSL/TLS library - x509 certificate library
Closes: 890287 890288
Changes:
mbedtls (2.7.0-1) experimental; urgency=medium
.
* New upstream release.
- Fixes CVE-2018-0488. (Closes: #890287)
- Fixes CVE-2018-0487. (Closes: #890288)
* Rename libmbedcrypto0 to libmbedcrypto1 due to SONAME bump.
.
* debian/compat:
- Use debhelper compat 11.
* debian/control:
- Switch to salsa.debian.org Vcs URLs.
- Bump standards version to 4.1.3.
- Drop useless Testsuite field in debian/control.
* debian/copyright:
- Update copyright dates.
* debian/libmbedtls-doc.*:
- Fix various paths to work with the new documentation location used
by debhelper 11.
* debian/patches:
- Refresh config patch.
* debian/*.symbols:
- Add symbols updates for libmbedtls10.
- Rewrite symbols libmbedcrypto1 symbols file.
Checksums-Sha1:
a8d1f6702d69006801e97d778983033ec95c3a7d 2163 mbedtls_2.7.0-1.dsc
01ffebf679c8696cc941c41224fa73d8944d2c85 2108442 mbedtls_2.7.0.orig.tar.gz
057da4c0aefaeee4495fe54712976a6afe7788de 11332 mbedtls_2.7.0-1.debian.tar.xz
ca6eebb2f885ad21a9b2510f98a6cc9688db673e 323092 libmbedcrypto1-dbgsym_2.7.0-1_amd64.deb
f892d3210b1b9a80181a48af0f4241d739ee9d26 183096 libmbedcrypto1_2.7.0-1_amd64.deb
5469576c7fddd83484fc0e89298bb41507c3ec9f 424808 libmbedtls-dev_2.7.0-1_amd64.deb
3d6d244caab24bc77446409ce38692cf3faf7443 4541844 libmbedtls-doc_2.7.0-1_all.deb
3f9235c96d68374939704ee3b0542c932dd9b742 146500 libmbedtls10-dbgsym_2.7.0-1_amd64.deb
40b8e82b819a139974d2eab8d8c9a6ea7025a547 111456 libmbedtls10_2.7.0-1_amd64.deb
9cf84059179981c6cd135c469e6b7f923c57f357 61244 libmbedx509-0-dbgsym_2.7.0-1_amd64.deb
aa5cfea1405a81cd21f58c22f04ce3f29ed74fa3 78536 libmbedx509-0_2.7.0-1_amd64.deb
a609adfafc66959c5d948629ec17105e792a66ff 9833 mbedtls_2.7.0-1_amd64.buildinfo
Checksums-Sha256:
1c9556d6bf22761b8ca982b365d7efefdb4428c84d6e67e8b192dde9b3d7250a 2163 mbedtls_2.7.0-1.dsc
aeb66d6cd43aa1c79c145d15845c655627a7fc30d624148aaafbb6c36d7f55ef 2108442 mbedtls_2.7.0.orig.tar.gz
aecd74c56486f773c6a3dd452f2daa2c8e6eec05a2ed9032e252c2ce901a8a2c 11332 mbedtls_2.7.0-1.debian.tar.xz
3472bd95181aed7f1a5259837aa9a8cf3a8e0d67053d3756d8adc7eee87388eb 323092 libmbedcrypto1-dbgsym_2.7.0-1_amd64.deb
76dc79faeb0103278aa3e37d839273aaf920103d76590c32fc0006a9981f4695 183096 libmbedcrypto1_2.7.0-1_amd64.deb
3a87f81573fd5771936aee2848972bbf1c294f7b4d8464bd0b41cd42006b5dce 424808 libmbedtls-dev_2.7.0-1_amd64.deb
6c9c4a03ff2be8fb462770c219aa4c543d4cbde078e612f38c75802a8b511b8a 4541844 libmbedtls-doc_2.7.0-1_all.deb
1198f5d4003e1e78dbc7eb3399c59fc5a5ea6c90baa58cfae835e6edd494fc40 146500 libmbedtls10-dbgsym_2.7.0-1_amd64.deb
dd3a7b442da338e20efb8cf86c5d4ae24f5b25a89884ead83773a79e399bc7da 111456 libmbedtls10_2.7.0-1_amd64.deb
4f968cfce8cc9b5be9c813cf66ead435210eb12e038a80326cbbffcf7b533fa7 61244 libmbedx509-0-dbgsym_2.7.0-1_amd64.deb
55c8e78f4e3cd6f1256b10b62c39320b90debf8cbcb8054aee5bd99a33d77305 78536 libmbedx509-0_2.7.0-1_amd64.deb
ad360613d629cd03b9613f3c3c46c74310bf3633c913cbece79834cda7ad2dd0 9833 mbedtls_2.7.0-1_amd64.buildinfo
Files:
eefd509700d0672ce213ad19c44046a1 2163 libs optional mbedtls_2.7.0-1.dsc
0c2fc845da79b799c112e3ffdf6e75b4 2108442 libs optional mbedtls_2.7.0.orig.tar.gz
ae6da759d8b24de1280a90150f98615b 11332 libs optional mbedtls_2.7.0-1.debian.tar.xz
3653c95c92a26861a1de4d6a2d757bf7 323092 debug optional libmbedcrypto1-dbgsym_2.7.0-1_amd64.deb
6900e633a0061e9df40518bad0c7d496 183096 libs optional libmbedcrypto1_2.7.0-1_amd64.deb
458cca9c6d3c87f9282749cefeeb4214 424808 libdevel optional libmbedtls-dev_2.7.0-1_amd64.deb
eaf2f5c3a27784eba6a2b4af2c636b51 4541844 doc optional libmbedtls-doc_2.7.0-1_all.deb
35162614818f9a8ec521b5b670028193 146500 debug optional libmbedtls10-dbgsym_2.7.0-1_amd64.deb
ec2b1ec55dfd3e44677f6e8acfa81155 111456 libs optional libmbedtls10_2.7.0-1_amd64.deb
a9c72ee492ee960a44244cd041943ef8 61244 debug optional libmbedx509-0-dbgsym_2.7.0-1_amd64.deb
cac0ba26c2bf5f5e055ffbf20363f569 78536 libs optional libmbedx509-0_2.7.0-1_amd64.deb
038fd1e80b608bfcb504102620f4d906 9833 libs optional mbedtls_2.7.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAlqEDxIACgkQx/Fnbeot
Ae868g//byhqmIbsF+/IBgszro59kpYTJZOfOXLEo6DxYpWsQbkZt5d6lyvLfSKC
r1HUuyqVNj8F7SFK33sdC+HYfBLcbsrjP2BmGw5nwqt3rkPNUsDiGnJN6ICLL+nc
yiQAe2IAtMNJlJ1kx6wPlefPzBx4UrFXt52WrMJSOd0uRlkAssoJx3bIZNoUdjRZ
lApuhIO5I42ung6sfmZDHXSrcJB/K21fmfvyC7+kKaA2cvbMxcMAjP3KuE5PU0Lv
6t+zr/HuNl1CVZD/KHMPIsuEKCuCdOjaT3g3xCG3T42bvpikC9Dk6VLjsYniZecE
j0Md74It+H/fkBl3+RPXWm42pt9cWTisB0RuevpW4noGeLUpw9h/R1/ePpkcCdqq
B4JtnIoKBk6v/VwGdZGX9CRXw2RPMfgy8QiDLnhMjDdIoa4YYHwwwnFrfWTVb+V5
1szkETZEDZVhH8Jjc7BSUAJdAysSBI0XIZEAxx/ENeLF9TaEvKEWsQ70U1z9n1Be
dQB5XMLUpbivh4gqBH/sZFsYi0Y9jdlGPW25Cu8QieE2K3/6TnzSmTOB9SaFG5rV
m9i4nV6mlDvFIksmrPTY7kIg+lC1IPo6G3Qfo954JN+8RMKNrOmM8DPWriXLKTFK
VGloJHp2v0aQlTmk3DKUSZ+/Gwb/HJItgTVg4eajCsos+9+DXDw=
=4Q2m
-----END PGP SIGNATURE-----
Reply sent
to James Cowgill <jcowgill@debian.org>:
You have taken responsibility.
(Sat, 17 Mar 2018 21:45:12 GMT) (full text, mbox, link).
Notification sent
to James Cowgill <jcowgill@debian.org>:
Bug acknowledged by developer.
(Sat, 17 Mar 2018 21:45:12 GMT) (full text, mbox, link).
Message #17 received at 890288-close@bugs.debian.org (full text, mbox, reply):
Source: mbedtls
Source-Version: 2.4.2-1+deb9u2
We believe that the bug you reported is fixed in the latest version of
mbedtls, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 890288@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
James Cowgill <jcowgill@debian.org> (supplier of updated mbedtls package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 05 Mar 2018 18:24:47 +0000
Source: mbedtls
Binary: libmbedtls-dev libmbedcrypto0 libmbedtls10 libmbedx509-0 libmbedtls-doc
Architecture: source
Version: 2.4.2-1+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: James Cowgill <jcowgill@debian.org>
Changed-By: James Cowgill <jcowgill@debian.org>
Description:
libmbedcrypto0 - lightweight crypto and SSL/TLS library - crypto library
libmbedtls-dev - lightweight crypto and SSL/TLS library - development files
libmbedtls-doc - lightweight crypto and SSL/TLS library - documentation
libmbedtls10 - lightweight crypto and SSL/TLS library - tls library
libmbedx509-0 - lightweight crypto and SSL/TLS library - x509 certificate library
Closes: 890287 890288
Changes:
mbedtls (2.4.2-1+deb9u2) stretch-security; urgency=high
.
* Fix CVE-2017-18187:
Unsafe bounds check in ssl_parse_client_psk_identity().
* Fix CVE-2018-0487:
Buffer overflow when verifying RSASSA-PSS signatures. (Closes: #890288)
* Fix CVE-2018-0488:
Buffer overflow when truncated HMAC is enabled. (Closes: #890287)
Checksums-Sha1:
63035736a04d0b6cbae6d6b150c0d41a1ad23004 2248 mbedtls_2.4.2-1+deb9u2.dsc
2ae3ae3fd203e642cce6f2953ae7edf452885af4 18908 mbedtls_2.4.2-1+deb9u2.debian.tar.xz
c0cd4d3a535190d028cbfa6b1ffdeb24262282cc 6713 mbedtls_2.4.2-1+deb9u2_source.buildinfo
Checksums-Sha256:
da25c581f6287a26542490736310f8df993893683545600ae9df95be4e412914 2248 mbedtls_2.4.2-1+deb9u2.dsc
a7e72e80bdeb44f90555348ad40d5e31ed5f01d66d1583bd9a0ebb11ef7ad7fc 18908 mbedtls_2.4.2-1+deb9u2.debian.tar.xz
92179f5483779bb3b96c30f9f9c674964460bb2cdc444f8933f082842b3da02d 6713 mbedtls_2.4.2-1+deb9u2_source.buildinfo
Files:
d2e54e46950a48b3f8327288daa16ad3 2248 libs optional mbedtls_2.4.2-1+deb9u2.dsc
72515ee69ddd36c21e530ca77e5ed047 18908 libs optional mbedtls_2.4.2-1+deb9u2.debian.tar.xz
61b0614143b22a11ed8f4da9af858fff 6713 libs optional mbedtls_2.4.2-1+deb9u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAlqgUg0UHGpjb3dnaWxs
QGRlYmlhbi5vcmcACgkQx/FnbeotAe/uCg/+IlA5q+PXrRKxWlQ1cY1pF9yhmsdr
MJS7L1Es+jlgWIOnQRi2sV6ojJY+vlz/EyXJEzzZcUIVW/QwX64kbkcTyJ0kx/Zy
+BRRq5QIuHqr1NiBzZu2Bfq2oiW8HUGZie//z3hvRLFf7H1x1vi6ABWiPlIta3zb
zIGu+iSVcDVhcvfdj7BdosB9I/osjyTR5wKB0B7n9GChNtRbc+Wnp/LxgNpb1rAT
HzAs//QQ1sFCeI8p7pR1bdYLvqfccUQgg3ZuKUVmDpH7jjIWTjKfhLSXiAN02/5r
+bYUAc+PiDQP/ZNPF6N/DLVm4P7xu05YSv+P9s7K15UpmuxPO3Lwap6FzFeR/+ec
peuI5Sn4NYZph9lF/xeUZayvvl5pfmakwj+C8sJyrXTUxHnFOptyDVX+RB6A9mq5
kNTYgvTH9ubtMxDASNXY0hZWnXwwBXGy8Y2WcqLMwJXPadUVaiZbUZNPTwpCGl7s
XD8a2hgYf0260g0JLAxaV3aS6lH1aYsK8VHJbwQrarz4+E5jqt3aI91vjm+3WBl3
TUPTDlXA9mMqVm8xWRcdenSKRhlyVdtU+coB13LBF9WJSl7a68BYe1eWEbXKfQl8
J32ynL8pRYnjrhRmbJ+r3Jb8y2mAHjnF6iABqrPZwXyIub2Oj4mN15xjSjmNFDjW
xOOTEEiToJiVais=
=yWul
-----END PGP SIGNATURE-----
Marked as found in versions polarssl/1.2.8-1.
Request was from James Cowgill <jcowgill@debian.org>
to control@bugs.debian.org.
(Tue, 20 Mar 2018 18:09:05 GMT) (full text, mbox, link).
Reply sent
to James Cowgill <jcowgill@debian.org>:
You have taken responsibility.
(Fri, 30 Mar 2018 19:54:10 GMT) (full text, mbox, link).
Notification sent
to James Cowgill <jcowgill@debian.org>:
Bug acknowledged by developer.
(Fri, 30 Mar 2018 19:54:10 GMT) (full text, mbox, link).
Message #24 received at 890288-close@bugs.debian.org (full text, mbox, reply):
Source: polarssl
Source-Version: 1.3.9-2.1+deb8u3
We believe that the bug you reported is fixed in the latest version of
polarssl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 890288@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
James Cowgill <jcowgill@debian.org> (supplier of updated polarssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 20 Mar 2018 17:59:03 +0000
Source: polarssl
Binary: libpolarssl-dev libpolarssl-runtime libpolarssl7
Architecture: source
Version: 1.3.9-2.1+deb8u3
Distribution: jessie-security
Urgency: medium
Maintainer: Roland Stigge <stigge@antcom.de>
Changed-By: James Cowgill <jcowgill@debian.org>
Description:
libpolarssl-dev - lightweight crypto and SSL/TLS library
libpolarssl-runtime - lightweight crypto and SSL/TLS library
libpolarssl7 - lightweight crypto and SSL/TLS library
Closes: 890287 890288
Changes:
polarssl (1.3.9-2.1+deb8u3) jessie-security; urgency=medium
.
* Fix CVE-2017-18187:
Unsafe bounds check in ssl_parse_client_psk_identity().
* Fix CVE-2018-0487:
Buffer overflow when verifying RSASSA-PSS signatures. (Closes: #890288)
* Fix CVE-2018-0488:
Buffer overflow when truncated HMAC is enabled. (Closes: #890287)
Checksums-Sha1:
4b843426c0417fcb0d00ff10a7839f1b99fdf0df 1930 polarssl_1.3.9-2.1+deb8u3.dsc
0fa2ecded8576f3768f5cc606a21984df083cfce 15496 polarssl_1.3.9-2.1+deb8u3.debian.tar.xz
fa6d549d0f7701186957152291e08538c4c2f229 5747 polarssl_1.3.9-2.1+deb8u3_source.buildinfo
Checksums-Sha256:
66174a84b18cccf01ee26ff3da3aaa8483beac0aade710dfcdf240992f5ba434 1930 polarssl_1.3.9-2.1+deb8u3.dsc
79c66f0394796dcbf023261d52917e2d7a0b7835a90f2f422b106f21ea2e98ff 15496 polarssl_1.3.9-2.1+deb8u3.debian.tar.xz
a59c2dfee5466818c194883f03e5645d5f63630fff824fe369594cc584274362 5747 polarssl_1.3.9-2.1+deb8u3_source.buildinfo
Files:
f09da7fe1eb97c815ab4a32afb97451a 1930 libs optional polarssl_1.3.9-2.1+deb8u3.dsc
d574a3dd1ec0a191bf9b7616c2357e8e 15496 libs optional polarssl_1.3.9-2.1+deb8u3.debian.tar.xz
d38d0079688b6f0b62c26914e4c129ce 5747 libs optional polarssl_1.3.9-2.1+deb8u3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAlqyKHcUHGpjb3dnaWxs
QGRlYmlhbi5vcmcACgkQx/FnbeotAe8RRQ/8DKBLtY2v7jzmoTyxKS1XzyoqbOtl
eu5ZiA54eEWWQY5DfkqJJipWOOMtek3taMnZ+qGM7KWlbfyj9QjusxkhDlVOrNxk
uI33x6q26PAlahR29vTS3EFNpN5RRS1y6jsqb98R2Jf3x3KBYpqVZFu/BC2gRWW/
vhp1qZn8qSSy4XA1dlEp1XDiLFEhLFuUyqmg0gZyTRa5jPXCRHH/swKBR5jbibWg
S0cMSyNk3mK97w3dOzgkDFozWTmFbL/zGv76qzA5d38Z+SHo2fp8darNsV0Q1F3o
yBtY6q+MT85bugvh427sZAE4LpCNbiItLXzJ7aohPa88COIETa66WZdJ/R5vb+Yj
Pa5KrfmoE+0k0g5WdGMwwOoi0DoFHHtdb2twNKll5jcFSkiXdoLoYATcW7z83g4K
f9P+aq5Q27eQDB8LUI/vZYXbj9pS/WU0o9f881OiTV5MqE3pNU4xTS/rGLSJnh5Y
87Fx+eG41W+TIFmCw8T4sZUIUymaFq326CQVkcWgLJGit39pz+2zyvao31DU0Ylk
/fOrnswPfOoAuI5CJNAojk3LaOZH3ATJSl2LMgeFN5kesuvS49huwJW5vGYD0bwk
G4pMOVsYlOyZ4JM+p1NRhmybdrRM5+i2Kc1xTvnn8eJyyPL4fGO46zHuYRe4Y6y/
GhwoY8NEDFTvNIQ=
=JiJF
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 15 Jul 2018 07:33:08 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 12:57:09 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon