Debian Bug report logs -
#883691
game-music-emu: CVE-2017-17446: AddressSanitizer: negative-size-param: (size=-8), size=-8 passed to memcpy in Mem_File_Reader::read_avail
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, apo@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Bertrand Marc <bmarc@debian.org>
:
Bug#883528
; Package src:libextractor
.
(Mon, 04 Dec 2017 19:15:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Markus Koschany <apo@debian.org>
:
New Bug report received and forwarded. Copy sent to apo@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Bertrand Marc <bmarc@debian.org>
.
(Mon, 04 Dec 2017 19:15:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: src:libextractor
Version: 1:1.6-1
Severity: important
Tags: security
Hi,
while I was working on the security update for Wheezy I discovered
that libextractor in Buster/Sid is still vulnerable to CVE-2017-15600
and CVE-2017-15602. I could reproduce two segmentation faults with the
provided POCs. They are attached to the upstream bug report:
http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html
http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html
Just run "extract -i $POC"
I'm attaching my gdb log files to this bug report.
Regards,
Markus
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.13.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
[CVE-2017-15600_gdb.txt (text/plain, attachment)]
[CVE-2017-15602_gdb.txt (text/plain, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Bertrand Marc <bmarc@debian.org>
:
Bug#883528
; Package src:libextractor
.
(Mon, 04 Dec 2017 19:30:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Bertrand Marc <bmarc@debian.org>
.
(Mon, 04 Dec 2017 19:30:04 GMT) (full text, mbox, link).
Message #10 received at 883528@bugs.debian.org (full text, mbox, reply):
Hi Markus,
On Mon, Dec 04, 2017 at 08:13:38PM +0100, Markus Koschany wrote:
> Package: src:libextractor
> Version: 1:1.6-1
> Severity: important
> Tags: security
>
> Hi,
>
> while I was working on the security update for Wheezy I discovered
> that libextractor in Buster/Sid is still vulnerable to CVE-2017-15600
> and CVE-2017-15602. I could reproduce two segmentation faults with the
> provided POCs. They are attached to the upstream bug report:
>
> http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html
> http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html
>
> Just run "extract -i $POC"
>
> I'm attaching my gdb log files to this bug report.
Since the issues happen in different places from the original reports,
can you request two new CVEs for those issues?
So for tracking purposes these are two new raised issues, different
from CVE-2017-15600 and CVE-2017-15602 and would possibly require two
new ones. Can you as well report it to upstream in case Bertrand
cannot cime in?
In case not let me know, and I can take care of it tomorrow.
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Bertrand Marc <bmarc@debian.org>
:
Bug#883528
; Package src:libextractor
.
(Mon, 04 Dec 2017 19:57:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Bertrand Marc <bmarc@debian.org>
.
(Mon, 04 Dec 2017 19:57:05 GMT) (full text, mbox, link).
Message #15 received at 883528@bugs.debian.org (full text, mbox, reply):
Hi
On Mon, Dec 04, 2017 at 08:27:13PM +0100, Salvatore Bonaccorso wrote:
> Hi Markus,
>
> On Mon, Dec 04, 2017 at 08:13:38PM +0100, Markus Koschany wrote:
> > Package: src:libextractor
> > Version: 1:1.6-1
> > Severity: important
> > Tags: security
> >
> > Hi,
> >
> > while I was working on the security update for Wheezy I discovered
> > that libextractor in Buster/Sid is still vulnerable to CVE-2017-15600
> > and CVE-2017-15602. I could reproduce two segmentation faults with the
> > provided POCs. They are attached to the upstream bug report:
> >
> > http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html
> > http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html
> >
> > Just run "extract -i $POC"
> >
> > I'm attaching my gdb log files to this bug report.
>
> Since the issues happen in different places from the original reports,
> can you request two new CVEs for those issues?
>
> So for tracking purposes these are two new raised issues, different
> from CVE-2017-15600 and CVE-2017-15602 and would possibly require two
> new ones. Can you as well report it to upstream in case Bertrand
> cannot cime in?
>
> In case not let me know, and I can take care of it tomorrow.
Interestignly the issues you describe does not seem triggerable with a
fresh build of 1.6 in sid (with --enable-shared=no,
--enable-static=yes with -O0).
sid:~/libextractor-1.6# ./src/main/extract -i ~/1338044
Keywords for file /root/1338044:
sid:~/libextractor-1.6# ./src/main/extract -i ~/bin_6iRW3tXve.bin
Keywords for file /root/bin_6iRW3tXve.bin:
sid:~/libextractor-1.6#
and neither with current HEAD (6c70420641fc1d081bcecf323671ca169b13a129).
It is though with the Debian package (re)build. What is different?
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Bertrand Marc <bmarc@debian.org>
:
Bug#883528
; Package src:libextractor
.
(Mon, 04 Dec 2017 20:09:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Bertrand Marc <bmarc@debian.org>
.
(Mon, 04 Dec 2017 20:09:05 GMT) (full text, mbox, link).
Message #20 received at 883528@bugs.debian.org (full text, mbox, reply):
And additionally the results from an ASAN build:
For the one related to the CVE-2017-15000 reproducer:
root@sid:~# extract -i extract-nsf_extract_method-nsf_extractor-164.crash
Keywords for file extract-nsf_extract_method-nsf_extractor-164.crash:
xm_extractor.c:80:7: runtime error: null pointer passed as argument 1, which is declared to never be null
ASAN:DEADLYSIGNAL
=================================================================
==22442==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x7f916bdf6d06 bp 0x7ffd356d46c0 sp 0x7ffd356d4520 T0)
==22442==The signal is caused by a READ memory access.
==22442==Hint: address points to the zero page.
#0 0x7f916bdf6d05 in EXTRACTOR_xm_extract_method (/usr/lib/x86_64-linux-gnu/libextractor/libextractor_xm.so+0x1d05)
#1 0x7f917a6d709c (/usr/lib/x86_64-linux-gnu/libextractor.so.3+0x3209c)
#2 0x7f917a6d85d3 in EXTRACTOR_extract (/usr/lib/x86_64-linux-gnu/libextractor.so.3+0x335d3)
#3 0x403892 (/usr/bin/extract+0x403892)
#4 0x7f91793fa560 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20560)
#5 0x404ce9 (/usr/bin/extract+0x404ce9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/usr/lib/x86_64-linux-gnu/libextractor/libextractor_xm.so+0x1d05) in EXTRACTOR_xm_extract_method
==22442==ABORTING
root@sid:~#
for the one related to the CVE-2017-15602 reproducer:
root@sid:~# extract -i bin_6iRW3tXve.bin
Keywords for file bin_6iRW3tXve.bin:
=================================================================
==22470==ERROR: AddressSanitizer: negative-size-param: (size=-8)
#0 0x7fb94e64279b (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x7679b)
#1 0x7fb93ba7be6c (/usr/lib/x86_64-linux-gnu/libgme.so.0+0x8e6c)
#2 0x7fb93ba7bc89 (/usr/lib/x86_64-linux-gnu/libgme.so.0+0x8c89)
#3 0x7fb93ba9f231 (/usr/lib/x86_64-linux-gnu/libgme.so.0+0x2c231)
#4 0x7fb93ba9f5f2 (/usr/lib/x86_64-linux-gnu/libgme.so.0+0x2c5f2)
#5 0x7fb93ba7f94d (/usr/lib/x86_64-linux-gnu/libgme.so.0+0xc94d)
#6 0x7fb93ba7eb7b in gme_load_data (/usr/lib/x86_64-linux-gnu/libgme.so.0+0xbb7b)
#7 0x7fb93ba7ec33 in gme_open_data (/usr/lib/x86_64-linux-gnu/libgme.so.0+0xbc33)
#8 0x7fb93f2be581 (/usr/lib/x86_64-linux-gnu/libavformat.so.57+0xbc581)
#9 0x7fb93f3ad16f in avformat_open_input (/usr/lib/x86_64-linux-gnu/libavformat.so.57+0x1ab16f)
#10 0x7fb93f8ece71 in EXTRACTOR_previewopus_extract_method (/usr/lib/x86_64-linux-gnu/libextractor/libextractor_previewopus.so+0x4e71)
#11 0x7fb94e39b09c (/usr/lib/x86_64-linux-gnu/libextractor.so.3+0x3209c)
#12 0x7fb94e39c5d3 in EXTRACTOR_extract (/usr/lib/x86_64-linux-gnu/libextractor.so.3+0x335d3)
#13 0x403892 (/usr/bin/extract+0x403892)
#14 0x7fb94d0be560 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20560)
#15 0x404ce9 (/usr/bin/extract+0x404ce9)
0x61600000789e is located 30 bytes inside of 482-byte region [0x616000007880,0x616000007a62)
allocated by thread T0 here:
#0 0x7fb94e6a6758 in __interceptor_posix_memalign (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xda758)
#1 0x7fb93f68c782 in av_malloc (/usr/lib/x86_64-linux-gnu/libavutil.so.55+0x31782)
SUMMARY: AddressSanitizer: negative-size-param (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x7679b)
==22470==ABORTING
root@sid:~#
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Bertrand Marc <bmarc@debian.org>
:
Bug#883528
; Package src:libextractor
.
(Mon, 04 Dec 2017 21:00:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Markus Koschany <apo@debian.org>
:
Extra info received and forwarded to list. Copy sent to Bertrand Marc <bmarc@debian.org>
.
(Mon, 04 Dec 2017 21:00:05 GMT) (full text, mbox, link).
Message #25 received at 883528@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Am 04.12.2017 um 20:53 schrieb Salvatore Bonaccorso:
> Hi
>
> On Mon, Dec 04, 2017 at 08:27:13PM +0100, Salvatore Bonaccorso wrote:
>> Hi Markus,
>>
>> On Mon, Dec 04, 2017 at 08:13:38PM +0100, Markus Koschany wrote:
>>> Package: src:libextractor
>>> Version: 1:1.6-1
>>> Severity: important
>>> Tags: security
>>>
>>> Hi,
>>>
>>> while I was working on the security update for Wheezy I discovered
>>> that libextractor in Buster/Sid is still vulnerable to CVE-2017-15600
>>> and CVE-2017-15602. I could reproduce two segmentation faults with the
>>> provided POCs. They are attached to the upstream bug report:
>>>
>>> http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html
>>> http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html
>>>
>>> Just run "extract -i $POC"
>>>
>>> I'm attaching my gdb log files to this bug report.
>>
>> Since the issues happen in different places from the original reports,
>> can you request two new CVEs for those issues?
>>
>> So for tracking purposes these are two new raised issues, different
>> from CVE-2017-15600 and CVE-2017-15602 and would possibly require two
>> new ones. Can you as well report it to upstream in case Bertrand
>> cannot cime in?
>>
>> In case not let me know, and I can take care of it tomorrow.
>
> Interestignly the issues you describe does not seem triggerable with a
> fresh build of 1.6 in sid (with --enable-shared=no,
> --enable-static=yes with -O0).
>
> sid:~/libextractor-1.6# ./src/main/extract -i ~/1338044
> Keywords for file /root/1338044:
> sid:~/libextractor-1.6# ./src/main/extract -i ~/bin_6iRW3tXve.bin
> Keywords for file /root/bin_6iRW3tXve.bin:
> sid:~/libextractor-1.6#
>
> and neither with current HEAD (6c70420641fc1d081bcecf323671ca169b13a129).
>
> It is though with the Debian package (re)build. What is different?
I can still reproduce it when I rebuild the package. If you disable
optimization with -O0 some compiler behaviors will change. I don't know
the details but what is undefined behavior with -O2 is somehow OK with
-O0. I just wanted to forward this upstream but if you say that it is
not reproducible with upstream HEAD, it's probably pointless.
Maybe we should wait for the next release which will also fix
CVE-2017-15922 or Bertrand could package the latest Git snapshot? Shall
I remove the fixed versions for both CVE in the security tracker?
Regards,
Markus
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Bertrand Marc <bmarc@debian.org>
:
Bug#883528
; Package src:libextractor
.
(Mon, 04 Dec 2017 21:21:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Bertrand Marc <bmarc@debian.org>
.
(Mon, 04 Dec 2017 21:21:03 GMT) (full text, mbox, link).
Message #30 received at 883528@bugs.debian.org (full text, mbox, reply):
Hi Markus,
On Mon, Dec 04, 2017 at 09:56:27PM +0100, Markus Koschany wrote:
> Am 04.12.2017 um 20:53 schrieb Salvatore Bonaccorso:
> > Hi
> >
> > On Mon, Dec 04, 2017 at 08:27:13PM +0100, Salvatore Bonaccorso wrote:
> >> Hi Markus,
> >>
> >> On Mon, Dec 04, 2017 at 08:13:38PM +0100, Markus Koschany wrote:
> >>> Package: src:libextractor
> >>> Version: 1:1.6-1
> >>> Severity: important
> >>> Tags: security
> >>>
> >>> Hi,
> >>>
> >>> while I was working on the security update for Wheezy I discovered
> >>> that libextractor in Buster/Sid is still vulnerable to CVE-2017-15600
> >>> and CVE-2017-15602. I could reproduce two segmentation faults with the
> >>> provided POCs. They are attached to the upstream bug report:
> >>>
> >>> http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html
> >>> http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html
> >>>
> >>> Just run "extract -i $POC"
> >>>
> >>> I'm attaching my gdb log files to this bug report.
> >>
> >> Since the issues happen in different places from the original reports,
> >> can you request two new CVEs for those issues?
> >>
> >> So for tracking purposes these are two new raised issues, different
> >> from CVE-2017-15600 and CVE-2017-15602 and would possibly require two
> >> new ones. Can you as well report it to upstream in case Bertrand
> >> cannot cime in?
> >>
> >> In case not let me know, and I can take care of it tomorrow.
> >
> > Interestignly the issues you describe does not seem triggerable with a
> > fresh build of 1.6 in sid (with --enable-shared=no,
> > --enable-static=yes with -O0).
> >
> > sid:~/libextractor-1.6# ./src/main/extract -i ~/1338044
> > Keywords for file /root/1338044:
> > sid:~/libextractor-1.6# ./src/main/extract -i ~/bin_6iRW3tXve.bin
> > Keywords for file /root/bin_6iRW3tXve.bin:
> > sid:~/libextractor-1.6#
> >
> > and neither with current HEAD (6c70420641fc1d081bcecf323671ca169b13a129).
> >
> > It is though with the Debian package (re)build. What is different?
>
> I can still reproduce it when I rebuild the package. If you disable
> optimization with -O0 some compiler behaviors will change. I don't know
> the details but what is undefined behavior with -O2 is somehow OK with
> -O0. I just wanted to forward this upstream but if you say that it is
> not reproducible with upstream HEAD, it's probably pointless.
Well, need to further properly investigate that. It was just a quick
ASAN build of the current head. From my reply in
https://bugs.debian.org/883528#20 it might actually be that the second
issue is not an upstream one but. Please note that I misstyped the
CVEs.
> Maybe we should wait for the next release which will also fix
> CVE-2017-15922 or Bertrand could package the latest Git snapshot?
Yes, for CVE-2017-15922 either works, cherry-pick the commit, wait for
the new upstream release or package the latest git snapshot.
> Shall
> I remove the fixed versions for both CVE in the security tracker?
Please not. The first issue is actually a different one (happening
with same reproducer for CVE-2017-15600, but in a different place,
unless I'm completely mistaken. So CVE-2017-15600 should be kept
associated with the 38e8933539ee9d044057b18a971c2eae3c21aba7 commit
and track your finding as separate issue.
For the issue reproduced with the CVE-2017-15602-reproducing file,
after beeing fixed with ffab889c1710c7646af9ed360c796a2a0a619efc
triggers a new issue, which is possibly in libgm or
libavformat.so/ffmpeg. So still not sure if the uncovered issue is in
src:libextractor.
See the ASAN traces from https://bugs.debian.org/883528#20
Thanks for your work on the libextractor update and triaging.
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Bertrand Marc <bmarc@debian.org>
:
Bug#883528
; Package src:libextractor
.
(Wed, 06 Dec 2017 14:57:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Bertrand Marc <bmarc@debian.org>
.
(Wed, 06 Dec 2017 14:57:05 GMT) (full text, mbox, link).
Message #35 received at 883528@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: clone -1 -2
Control: retitle -1 libextractor: various null pointer dereferences in GIF, IT, NSFE, S3M, SID and XM plugins
Control: tags -1 + upstream fixed-upstream
Control: retitle -2 libextractor: extractor segfault (AddressSanitizer: negative-size-param: (size=-8)), issue in game-music-emu?
Hello Markus
So here are the results
The first issue is fixed in HEAD already, different from
CVE-2017-15600 and the fixing commit is
https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e
The issue this time lies in EXTRACTOR_xm_extract_method with the reproducer
file, but the commit fixes several similar issues in other plugins.
# ./src/main/extract -i ~/poc-1.crash
Keywords for file /root/poc-1.crash:
ASAN:DEADLYSIGNAL
=================================================================
==31921==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f91b5d1c761 bp 0x7ffca14b9fb0 sp 0x7ffca14b9708 T0)
==31921==The signal is caused by a READ memory access.
==31921==Hint: address points to the zero page.
#0 0x7f91b5d1c760 (/lib/x86_64-linux-gnu/libc.so.6+0x14b760)
#1 0x7f91b645865b (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xab65b)
#2 0x7f91a8da2d80 in EXTRACTOR_xm_extract_method /root/libextractor/src/plugins/xm_extractor.c:80
#3 0x7f91b61983e7 in do_extract /root/libextractor/src/main/extractor.c:583
#4 0x7f91b6198824 in EXTRACTOR_extract /root/libextractor/src/main/extractor.c:662
#5 0x55edee351d69 in main /root/libextractor/src/main/extract.c:983
#6 0x7f91b5bf1560 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20560)
#7 0x55edee34ebe9 in _start (/root/libextractor/src/main/.libs/extract+0x3be9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x14b760)
==31921==ABORTING
here is the bisect log:
# broken: [bc2a59d25b35b0e88dab8895cf70b4d18d2844fc] release v1.6
git bisect broken bc2a59d25b35b0e88dab8895cf70b4d18d2844fc
# fixed: [6c70420641fc1d081bcecf323671ca169b13a129] fix misc NULL pointer exceptions
git bisect fixed 6c70420641fc1d081bcecf323671ca169b13a129
# broken: [d4d488b0e5ab13dda241d688d87a07816368f117] detect integer overflow in DVI extractor
git bisect broken d4d488b0e5ab13dda241d688d87a07816368f117
# fixed: [7cc63b001ceaf81143795321379c835486d0c92e] fix misc NULL pointer exceptions
git bisect fixed 7cc63b001ceaf81143795321379c835486d0c92e
# first fixed commit: [7cc63b001ceaf81143795321379c835486d0c92e] fix misc NULL pointer exceptions
The commit fixes several NULL pointer issues in plugins, one of those
is the XM plugin causing the issue. MITRE might want to assing here
individual CVEs or only one for the whole commit. I will ask.
But there are basically the reported ones in
https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00004.html
https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00002.html
https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00001.html
https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00000.html
and as well reported as fixed in
https://lists.gnu.org/archive/html/bug-libextractor/2017-11/msg00005.html
The second issue is still present in master
(6c70420641fc1d081bcecf323671ca169b13a129) but I'm again not sure this is
actually an issue in libextractor. This might need to be clarified with
upstream which have more insigts. Issue in game-music-emu? The ASAN trace:
# ./src/main/extract -i ~/poc-2.crash
Keywords for file /root/poc-2.crash:
=================================================================
==10520==ERROR: AddressSanitizer: negative-size-param: (size=-8)
#0 0x7f658a1e879b (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x7679b)
#1 0x7f6578af2e6c (/usr/lib/x86_64-linux-gnu/libgme.so.0+0x8e6c)
#2 0x7f6578af2c89 (/usr/lib/x86_64-linux-gnu/libgme.so.0+0x8c89)
#3 0x7f6578b16231 (/usr/lib/x86_64-linux-gnu/libgme.so.0+0x2c231)
#4 0x7f6578b165f2 (/usr/lib/x86_64-linux-gnu/libgme.so.0+0x2c5f2)
#5 0x7f6578af694d (/usr/lib/x86_64-linux-gnu/libgme.so.0+0xc94d)
#6 0x7f6578af5b7b in gme_load_data (/usr/lib/x86_64-linux-gnu/libgme.so.0+0xbb7b)
#7 0x7f6578af5c33 in gme_open_data (/usr/lib/x86_64-linux-gnu/libgme.so.0+0xbc33)
#8 0x7f657c335581 (/usr/lib/x86_64-linux-gnu/libavformat.so.57+0xbc581)
#9 0x7f657c42416f in avformat_open_input (/usr/lib/x86_64-linux-gnu/libavformat.so.57+0x1ab16f)
#10 0x7f657c963420 in extract_audio /root/libextractor/src/plugins/previewopus_extractor.c:893
#11 0x7f657c964441 in EXTRACTOR_previewopus_extract_method /root/libextractor/src/plugins/previewopus_extractor.c:1159
#12 0x7f6589f5d3e7 in do_extract /root/libextractor/src/main/extractor.c:583
#13 0x7f6589f5d824 in EXTRACTOR_extract /root/libextractor/src/main/extractor.c:662
#14 0x55c628ff7d69 in main /root/libextractor/src/main/extract.c:983
#15 0x7f65899b6560 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20560)
#16 0x55c628ff4be9 in _start (/root/libextractor/src/main/.libs/extract+0x3be9)
0x616000007b9e is located 30 bytes inside of 482-byte region [0x616000007b80,0x616000007d62)
allocated by thread T0 here:
#0 0x7f658a24c758 in __interceptor_posix_memalign (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xda758)
#1 0x7f657c703782 in av_malloc (/usr/lib/x86_64-linux-gnu/libavutil.so.55+0x31782)
SUMMARY: AddressSanitizer: negative-size-param (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x7679b)
==10520==ABORTING
When building you need to specify --with-plugindirname, if not installed,
otherwise the plugins cannot be loaded when running the test.
Attaching the two reproducing files.
Regards,
Salvatore
[poc-1.crash (application/octet-stream, attachment)]
[poc-2.crash (application/octet-stream, attachment)]
Bug 883528 cloned as bug 883691
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 883528-submit@bugs.debian.org
.
(Wed, 06 Dec 2017 14:57:05 GMT) (full text, mbox, link).
Changed Bug title to 'libextractor: extractor segfault (AddressSanitizer: negative-size-param: (size=-8)), issue in game-music-emu?' from 'libextractor: CVE-2017-15600 and CVE-2017-15602 are not completely fixed'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 883528-submit@bugs.debian.org
.
(Wed, 06 Dec 2017 14:57:07 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Bertrand Marc <bmarc@debian.org>
:
Bug#883691
; Package src:libextractor
.
(Wed, 06 Dec 2017 16:54:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Bertrand Marc <bmarc@debian.org>
.
(Wed, 06 Dec 2017 16:54:06 GMT) (full text, mbox, link).
Message #44 received at 883691@bugs.debian.org (full text, mbox, reply):
Control: reassign 883691 src:game-music-emu 0.6.1-1
Control: retitle 883691 game-music-emu: AddressSanitizer: negative-size-param: (size=-8), size=-8 passed to memcpy in Mem_File_Reader::read_avail
Hi
More details:
[...]
Keywords for file /root/poc-2.crash:
[New Thread 0x7ffff09aa700 (LWP 14879)]
[Thread 0x7ffff09aa700 (LWP 14879) exited]
=================================================================
==14875==ERROR: AddressSanitizer: negative-size-param: (size=-8)
#0 0x7ffff6e9d79b (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x7679b)
#1 0x7fffe532c60f (/usr/lib/x86_64-linux-gnu/libgme.so.0+0x26960f)
#2 0x7fffe5328ed3 (/usr/lib/x86_64-linux-gnu/libgme.so.0+0x265ed3)
#3 0x7fffe547c6d1 (/usr/lib/x86_64-linux-gnu/libgme.so.0+0x3b96d1)
#4 0x7fffe547fcc9 (/usr/lib/x86_64-linux-gnu/libgme.so.0+0x3bccc9)
#5 0x7fffe534ec3d (/usr/lib/x86_64-linux-gnu/libgme.so.0+0x28bc3d)
#6 0x7fffe5346aa7 in gme_load_data (/usr/lib/x86_64-linux-gnu/libgme.so.0+0x283aa7)
#7 0x7fffe5346fd6 in gme_open_data (/usr/lib/x86_64-linux-gnu/libgme.so.0+0x283fd6)
#8 0x7fffe8fea581 (/usr/lib/x86_64-linux-gnu/libavformat.so.57+0xbc581)
#9 0x7fffe90d916f in avformat_open_input (/usr/lib/x86_64-linux-gnu/libavformat.so.57+0x1ab16f)
#10 0x7fffe9618420 in extract_audio /root/libextractor/src/plugins/previewopus_extractor.c:893
#11 0x7fffe9619441 in EXTRACTOR_previewopus_extract_method /root/libextractor/src/plugins/previewopus_extractor.c:1159
#12 0x7ffff6c123e7 in do_extract /root/libextractor/src/main/extractor.c:583
#13 0x7ffff6c12824 in EXTRACTOR_extract /root/libextractor/src/main/extractor.c:662
#14 0x55555555ad69 in main /root/libextractor/src/main/extract.c:983
#15 0x7ffff666b560 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20560)
#16 0x555555557be9 in _start (/root/libextractor/src/main/.libs/extract+0x3be9)
0x616000007b9e is located 30 bytes inside of 482-byte region [0x616000007b80,0x616000007d62)
allocated by thread T0 here:
#0 0x7ffff6f01758 in __interceptor_posix_memalign (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xda758)
#1 0x7fffe93b8782 in av_malloc (/usr/lib/x86_64-linux-gnu/libavutil.so.55+0x31782)
SUMMARY: AddressSanitizer: negative-size-param (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x7679b)
==14875==ABORTING
Thread 1 "extract" received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 0x00007ffff667ea70 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff668019a in __GI_abort () at abort.c:89
#2 0x00007ffff6f2065b in () at /usr/lib/x86_64-linux-gnu/libasan.so.4
#3 0x00007ffff6f27df8 in () at /usr/lib/x86_64-linux-gnu/libasan.so.4
#4 0x00007ffff6f09f71 in () at /usr/lib/x86_64-linux-gnu/libasan.so.4
#5 0x00007ffff6e9d7da in () at /usr/lib/x86_64-linux-gnu/libasan.so.4
#6 0x00007fffe532c610 in Mem_File_Reader::read_avail(void*, long) (this=0x7fffffffa070, p=0x6290000311b8, s=-8) at ./gme/Data_Reader.cpp:146
#7 0x00007fffe5328ed4 in Data_Reader::read(void*, long) (this=0x7fffffffa070, p=0x6290000311b8, s=-8) at ./gme/Data_Reader.cpp:27
#8 0x00007fffe547c6d2 in Nsfe_Info::load(Data_Reader&, Nsf_Emu*) (this=this@entry=0x629000031148, in=..., nsf_emu=nsf_emu@entry=0x62900002d200) at ./gme/Nsfe_Emu.cpp:167
#9 0x00007fffe547fcca in Nsfe_Emu::load_(Data_Reader&) (this=0x62900002d200, in=...)
at ./gme/Nsfe_Emu.cpp:311
#10 0x00007fffe534ec3e in Gme_File::load(Data_Reader&) (this=0x62900002d200, in=...)
at ./gme/Gme_File.cpp:96
#11 0x00007fffe5346aa8 in gme_load_data(Music_Emu*, void const*, long) (me=me@entry=0x62900002d200, data=data@entry=0x616000007b80, size=size@entry=482) at ./gme/gme.cpp:228
#12 0x00007fffe5346fd7 in gme_open_data(void const*, long, Music_Emu**, int) (data=0x616000007b80, size=size@entry=482, out=out@entry=0x607000002d28, sample_rate=<optimized out>)
at ./gme/gme.cpp:143
#13 0x00007fffe8fea582 in read_header_gme (s=0x61b000000e80) at src/libavformat/libgme.c:109
#14 0x00007fffe90d9170 in avformat_open_input (ps=0x7fffffffa330, filename=0x7fffe9619880 "<no file>", fmt=<optimized out>, options=0x7fffffffa3b0) at src/libavformat/utils.c:595
#15 0x00007fffe9618421 in extract_audio (ec=0x7fffffffa6d0) at previewopus_extractor.c:893
#16 0x00007fffe9619442 in EXTRACTOR_previewopus_extract_method (ec=0x7fffffffa6d0)
at previewopus_extractor.c:1159
#17 0x00007ffff6c123e8 in do_extract (plugins=0x6080000010a0, shm=0x0, ds=0x6030000003a0, proc=0x555555558a19 <print_selected_keywords>, proc_cls=0x0) at extractor.c:583
#18 0x00007ffff6c12825 in EXTRACTOR_extract (plugins=0x6080000010a0, filename=0x60800000016d "/root/poc-2.crash", data=0x0, size=0, proc=0x555555558a19 <print_selected_keywords>, proc_cls=0x0)
at extractor.c:662
#19 0x000055555555ad6a in main (argc=3, argv=0x7fffffffeb38) at extract.c:983
(gdb)
So the issue seem located in game-music-emu, Sebastian can you have a look?
Regards,
Salvatore
No longer marked as found in versions libextractor/1:1.6-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 883691-submit@bugs.debian.org
.
(Wed, 06 Dec 2017 16:54:07 GMT) (full text, mbox, link).
Marked as found in versions game-music-emu/0.6.1-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 883691-submit@bugs.debian.org
.
(Wed, 06 Dec 2017 16:54:07 GMT) (full text, mbox, link).
Changed Bug title to 'game-music-emu: AddressSanitizer: negative-size-param: (size=-8), size=-8 passed to memcpy in Mem_File_Reader::read_avail' from 'libextractor: extractor segfault (AddressSanitizer: negative-size-param: (size=-8)), issue in game-music-emu?'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 883691-submit@bugs.debian.org
.
(Wed, 06 Dec 2017 16:54:08 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org
:
Bug#883691
; Package src:game-music-emu
.
(Wed, 06 Dec 2017 17:15:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Sebastian Dröge <slomo@debian.org>
:
Extra info received and forwarded to list.
(Wed, 06 Dec 2017 17:15:05 GMT) (full text, mbox, link).
Message #57 received at 883691@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
forwarded 883691 https://bitbucket.org/mpyne/game-music-emu/issues/14/addresssanitizer-negative-size-param-size
thanks
Hi Salvatore,
On Wed, 2017-12-06 at 17:50 +0100, Salvatore Bonaccorso wrote:
> [...]
>
> So the issue seem located in game-music-emu, Sebastian can you have a
> look?
I've forwarded this upstream now, thanks for reporting!
See: https://bitbucket.org/mpyne/game-music-emu/issues/14/addresssanitizer-negative-size-param-size
The crash can also be reproduced by running "ffplay" on the file.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Sebastian Dröge <slomo@debian.org>
:
Bug#883691
; Package src:game-music-emu
.
(Wed, 06 Dec 2017 19:36:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Sebastian Dröge <slomo@debian.org>
.
(Wed, 06 Dec 2017 19:36:06 GMT) (full text, mbox, link).
Message #64 received at 883691@bugs.debian.org (full text, mbox, reply):
Control: retitle 883691 game-music-emu: CVE-2017-17446: AddressSanitizer: negative-size-param: (size=-8), size=-8 passed to memcpy in Mem_File_Reader::read_avail
Hello Sebastian,
> I've forwarded this upstream now, thanks for reporting!
>
> See: https://bitbucket.org/mpyne/game-music-emu/issues/14/addresssanitizer-negative-size-param-size
>
> The crash can also be reproduced by running "ffplay" on the file.
Thank you.
MITRE has assigned CVE-2017-17446 for this issue.
I do not think we need a DSA for this issue, but could be fixed via a
point release.
Regards,
Salvatore
Changed Bug title to 'game-music-emu: CVE-2017-17446: AddressSanitizer: negative-size-param: (size=-8), size=-8 passed to memcpy in Mem_File_Reader::read_avail' from 'game-music-emu: AddressSanitizer: negative-size-param: (size=-8), size=-8 passed to memcpy in Mem_File_Reader::read_avail'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 883691-submit@bugs.debian.org
.
(Wed, 06 Dec 2017 19:36:06 GMT) (full text, mbox, link).
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Wed, 06 Dec 2017 19:42:05 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org
:
Bug#883691
; Package src:game-music-emu
.
(Thu, 07 Dec 2017 08:21:12 GMT) (full text, mbox, link).
Acknowledgement sent
to Sebastian Dröge <slomo@debian.org>
:
Extra info received and forwarded to list.
(Thu, 07 Dec 2017 08:21:12 GMT) (full text, mbox, link).
Message #73 received at 883691@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi Salvatore,
On Wed, 2017-12-06 at 20:32 +0100, Salvatore Bonaccorso wrote:
>
> Thank you.
>
> MITRE has assigned CVE-2017-17446 for this issue.
>
> I do not think we need a DSA for this issue, but could be fixed via a
> point release.
Upstream did a new release with a fix for this very crash, and also
added some more checks for preventing similar bugs to the code. I'm
uploading that to unstable now.
This release only really contains the fix, nothing else, and if that's
all fine with you it could also go into the next stable point release.
[signature.asc (application/pgp-signature, inline)]
Reply sent
to Sebastian Dröge <slomo@debian.org>
:
You have taken responsibility.
(Thu, 07 Dec 2017 08:54:09 GMT) (full text, mbox, link).
Notification sent
to Markus Koschany <apo@debian.org>
:
Bug acknowledged by developer.
(Thu, 07 Dec 2017 08:54:09 GMT) (full text, mbox, link).
Message #78 received at 883691-close@bugs.debian.org (full text, mbox, reply):
Source: game-music-emu
Source-Version: 0.6.2-1
We believe that the bug you reported is fixed in the latest version of
game-music-emu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 883691@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastian Dröge <slomo@debian.org> (supplier of updated game-music-emu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 07 Dec 2017 10:03:19 +0200
Source: game-music-emu
Binary: libgme0 libgme-dev
Architecture: source amd64
Version: 0.6.2-1
Distribution: unstable
Urgency: high
Maintainer: Sebastian Dröge <slomo@debian.org>
Changed-By: Sebastian Dröge <slomo@debian.org>
Description:
libgme-dev - Playback library for video game music files - development files
libgme0 - Playback library for video game music files - shared library
Closes: 883691
Changes:
game-music-emu (0.6.2-1) unstable; urgency=high
.
* New upstream bugfix release
+ Fixes usage of negative size parameter passed to memcpy() on
specially crafted files (Closes: #883691, CVE-2017-17446).
Checksums-Sha1:
3906fa8bb3f4ab5a1ff2e5db02bce0afe8dbaedc 2006 game-music-emu_0.6.2-1.dsc
9047b774bd5623adae6f5412d02d70cf72070d8f 163052 game-music-emu_0.6.2.orig.tar.xz
64895464ccd872ceb9404f2c041942f04a403afd 4412 game-music-emu_0.6.2-1.debian.tar.xz
4196a540b5081d6a60756174c70164e2be6dac6c 7034 game-music-emu_0.6.2-1_amd64.buildinfo
64b182e774e6a7fe744b73ba0ce91dc13f523aee 7200 libgme-dev_0.6.2-1_amd64.deb
16f0749861d91fa43756de8ec2fae61b5d928d03 523196 libgme0-dbgsym_0.6.2-1_amd64.deb
e971f8c600f760b51f71419b4df186ec52162181 121372 libgme0_0.6.2-1_amd64.deb
Checksums-Sha256:
8359c17b8c7d7887b3d44a5ac4958e5456afbf816ba29e6713c1e4212dbe63eb 2006 game-music-emu_0.6.2-1.dsc
5046cb471d422dbe948b5f5dd4e5552aaef52a0899c4b2688e5a68a556af7342 163052 game-music-emu_0.6.2.orig.tar.xz
8ea69035bd72261ec85e5f0486707d448f7491733ae055040a9995cebb0ea820 4412 game-music-emu_0.6.2-1.debian.tar.xz
7e4c06927bbfd0eb821f99a4a3e81ec8515c5c43cd660354d4eb93e1997c1976 7034 game-music-emu_0.6.2-1_amd64.buildinfo
553722380afd04ce31062ad1716425cff64ca4ad243a6eb826e8cf3cecb8014c 7200 libgme-dev_0.6.2-1_amd64.deb
c75eb4f6db08e7cdee0fecfd058e5539f72dd2b229fb0bc0d51b582ef0c3577f 523196 libgme0-dbgsym_0.6.2-1_amd64.deb
5ca59f1b731b73c06aa9e232ca297e384f2712f691534dd7a539e91788dc3ac0 121372 libgme0_0.6.2-1_amd64.deb
Files:
f2d3efdea7a915c6a686ca8fbe89f78c 2006 sound optional game-music-emu_0.6.2-1.dsc
057ddaff2af5f8b4a7c8d11c45e1ea00 163052 sound optional game-music-emu_0.6.2.orig.tar.xz
b47341322047701f4927cc29a477f1ac 4412 sound optional game-music-emu_0.6.2-1.debian.tar.xz
fe67ac0197a9f2be5a67b9ea4b3f7f21 7034 sound optional game-music-emu_0.6.2-1_amd64.buildinfo
2ea435a14c2f68ec355fcc678a598559 7200 libdevel optional libgme-dev_0.6.2-1_amd64.deb
d8efdefac8a49dd526a690625bb49151 523196 debug optional libgme0-dbgsym_0.6.2-1_amd64.deb
abc8c91ef0d22d01c64a9bf4eaf23e83 121372 libs optional libgme0_0.6.2-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEEf0vHzDygb5cza7/rBmjMFIbC17UFAloo+N9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDdG
NEJDN0NDM0NBMDZGOTczMzZCQkZFQjA2NjhDQzE0ODZDMkQ3QjUSHHNsb21vQGNv
YXhpb24ubmV0AAoJEAZozBSGwte1MB4P/AgmkPdKiCR8F2SOYBQduLoubaXtXGRn
xVuv8EJFTduKSgqtH43PubYRJE3y22UDTDOUrtp9NgeB+P5ctnD6Fh5/odLAagoZ
TIcEsw3qdlNqwvqgo6oyFLwsBVbECJTeLGhnv/kAuZW3FPbyDjOhpwvSm27hWAjE
tnPTJp/iBFuaJ3fGsX51El5FksOEsQtMDFuDORETCu1XU9BE+R7DoDD/sj5YO28Q
3pMQUT2ujUSfpnsTAClPQ5ykJwinUxS3iugWO+OY39CZ7aIYc0WS+Xuu4JKRCO09
SLjl4D9Z9D89xanp/wEfXMZ3MweGBYqapaBvWrmIMwcdmK1cXbYrgLVZiN+yS9+5
bwZ+OB+WUBGxV7xTlwD3lTEB6tUroM7bQy/se6cS3WEPqzKBDs2MDXZYERSwJ2g0
Ve/v4UezDjKnMTeKNr6jHvwCyhaoDUPNKQ0F4x/oeMaVDxaspXUY+RjxdpLxovdF
6PBK7+m4GDpTTyi9M2BwNfNAa651aWxN3blNW0Hz1olqd7rpi0VxohQwjFW6TO5W
xBtUDy5x23t9AUzcHaRCktPWfhJzxK2yPEhsRqwXiYj7D0uQrcfYY6HUEAPh6S5/
GotbDEbZLwjNtUbtDDIytoCKC7dfipbjz+ORyAWA9STtq4Sv6zsMcPzoKIbbsl+K
xWENEThY9Ue6
=5zJf
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Sebastian Dröge <slomo@debian.org>
:
Bug#883691
; Package src:game-music-emu
.
(Thu, 07 Dec 2017 10:03:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Sebastian Dröge <slomo@debian.org>
.
(Thu, 07 Dec 2017 10:03:03 GMT) (full text, mbox, link).
Message #83 received at 883691@bugs.debian.org (full text, mbox, reply):
Hi Sebastian,
On Thu, Dec 07, 2017 at 10:16:44AM +0200, Sebastian Dröge wrote:
> Hi Salvatore,
>
> On Wed, 2017-12-06 at 20:32 +0100, Salvatore Bonaccorso wrote:
> >
> > Thank you.
> >
> > MITRE has assigned CVE-2017-17446 for this issue.
> >
> > I do not think we need a DSA for this issue, but could be fixed via a
> > point release.
>
> Upstream did a new release with a fix for this very crash, and also
> added some more checks for preventing similar bugs to the code. I'm
> uploading that to unstable now.
>
> This release only really contains the fix, nothing else, and if that's
> all fine with you it could also go into the next stable point release.
Thanks for the fix in unstable. For the point releases, yes it would
look ok to me to include as well the additional hardening commit, but
the final decision is obviously to be done by SRM when revieweing your
proposal. I defintively would suggest to SRM to have both commits i.e.
https://bitbucket.org/mpyne/game-music-emu/commits/205290614cdc057541b26adeea05a9d45993f860
and
https://bitbucket.org/mpyne/game-music-emu/commits/4a441e94cba14268bc4e983d4dfd6ed112084d00
regards,
Salvatore
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sat, 06 Jan 2018 07:30:15 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:16:35 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.