Debian Bug report logs -
#866890
CVE-2017-10791 CVE-2017-10792
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Sun, 2 Jul 2017 14:57:01 UTC
Severity: important
Tags: security, upstream
Found in version pspp/0.10.2-1
Fixed in version pspp/1.0.0-1
Done: Friedrich Beckmann <friedrich.beckmann@gmx.de>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Friedrich Beckmann <friedrich.beckmann@gmx.de>
:
Bug#866890
; Package pspp
.
(Sun, 02 Jul 2017 14:57:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Friedrich Beckmann <friedrich.beckmann@gmx.de>
.
(Sun, 02 Jul 2017 14:57:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: pspp
Severity: important
Tags: security
This has been assigned CVE-2017-10791:
https://bugzilla.redhat.com/show_bug.cgi?id=1467004
This has been assigned CVE-2017-10792:
https://bugzilla.redhat.com/show_bug.cgi?id=1467005
Cheers,
Moritz
Marked as found in versions pspp/0.10.2-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sun, 02 Jul 2017 18:45:02 GMT) (full text, mbox, link).
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sun, 02 Jul 2017 18:45:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org
:
Bug#866890
; Package pspp
.
(Mon, 03 Jul 2017 05:27:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Friedrich Beckmann <friedrich.beckmann@gmx.de>
:
Extra info received and forwarded to list.
(Mon, 03 Jul 2017 05:27:03 GMT) (full text, mbox, link).
Message #14 received at 866890@bugs.debian.org (full text, mbox, reply):
Dear owl337 team,
thanks for looking at pspp and finding the security problems
https://security-tracker.debian.org/tracker/CVE-2017-10791
and
https://security-tracker.debian.org/tracker/CVE-2017-10792
in pspp! Your reports are quite detailed. Could you describe how you found the problems, i.e. do
you have some information about collAFL?
Regards
Friedrich
Information forwarded
to debian-bugs-dist@lists.debian.org, Friedrich Beckmann <friedrich.beckmann@gmx.de>
:
Bug#866890
; Package pspp
.
(Mon, 03 Jul 2017 19:00:04 GMT) (full text, mbox, link).
Acknowledgement sent
to John Darrington <john@darrington.wattle.id.au>
:
Extra info received and forwarded to list. Copy sent to Friedrich Beckmann <friedrich.beckmann@gmx.de>
.
(Mon, 03 Jul 2017 19:00:05 GMT) (full text, mbox, link).
Message #19 received at 866890@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
I suspect this report is mistaken. But this bit is Ben's code, so I'll let him comment on
that.
J'
On Mon, Jul 03, 2017 at 07:22:57AM +0200, Friedrich Beckmann wrote:
Dear owl337 team,
thanks for looking at pspp and finding the security problems
https://security-tracker.debian.org/tracker/CVE-2017-10791
and
https://security-tracker.debian.org/tracker/CVE-2017-10792
in pspp! Your reports are quite detailed. Could you describe how you found the problems, i.e. do
you have some information about collAFL?
Regards
Friedrich
_______________________________________________
pspp-dev mailing list
pspp-dev@gnu.org
https://lists.gnu.org/mailman/listinfo/pspp-dev
--
Avoid eavesdropping. Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3
fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org
:
Bug#866890
; Package pspp
.
(Mon, 03 Jul 2017 21:42:11 GMT) (full text, mbox, link).
Acknowledgement sent
to Friedrich Beckmann <friedrich.beckmann@gmx.de>
:
Extra info received and forwarded to list.
(Mon, 03 Jul 2017 21:42:11 GMT) (full text, mbox, link).
Message #24 received at 866890@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi John,
today I looked a little bit at the hash function. I think the problem is that compared to
the referenced code the x parameter is type int instead of unsigned int. Googling around the
overflow behavior of signed and the shift right of signed is not defined in the c standard
although „many?" implementations assume 2th complement signed implementation. Both is well
defined for unsigned int operations.
I changed the parameter type from int to unsigned int and I cannot see a problem in the regression.
But looking at the code I wondered if this hash function also works on 64 Bit architectures. The
reference only talks about uint32_t.
Regards
Friedrich
> Am 03.07.2017 um 20:50 schrieb John Darrington <john@darrington.wattle.id.au>:
>
> I suspect this report is mistaken. But this bit is Ben's code, so I'll let him comment on
> that.
>
> J'
>
> On Mon, Jul 03, 2017 at 07:22:57AM +0200, Friedrich Beckmann wrote:
> Dear owl337 team,
>
> thanks for looking at pspp and finding the security problems
>
> https://security-tracker.debian.org/tracker/CVE-2017-10791
>
> and
>
> https://security-tracker.debian.org/tracker/CVE-2017-10792
>
> in pspp! Your reports are quite detailed. Could you describe how you found the problems, i.e. do
> you have some information about collAFL?
>
> Regards
>
> Friedrich
>
>
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Friedrich Beckmann <friedrich.beckmann@gmx.de>
:
Bug#866890
; Package pspp
.
(Mon, 03 Jul 2017 23:15:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Chao Zhang <chaoz@tsinghua.edu.cn>
:
Extra info received and forwarded to list. Copy sent to Friedrich Beckmann <friedrich.beckmann@gmx.de>
.
(Mon, 03 Jul 2017 23:15:05 GMT) (full text, mbox, link).
Message #29 received at 866890@bugs.debian.org (full text, mbox, reply):
Dear Friedrich,
We are using smart fuzzing to test open source applications, including
pspp. Our tool collAFL is an enhanced version of AFL.
The core of AFL is an genetic algorithm to automatically discover
interesting test cases that trigger new internal states in the targeted
application, which leads to a high code coverage. Our tool collAFL's
improvement over AFL is that, it reduces some collisions in AFL's
algorithm, and increases the code coverage of AFL.
The evaluation result is good so far. We found dozens of vulnerabilities
in open source applications using collAFL. We are writing a paper about
it. More details will be discussed in the paper. Once the paper is
ready, we can share a copy with you, if you are interested.
Thanks,
Chao
On 7/3/17 1:22 PM, Friedrich Beckmann wrote:
> Dear owl337 team,
>
> thanks for looking at pspp and finding the security problems
>
> https://security-tracker.debian.org/tracker/CVE-2017-10791
>
> and
>
> https://security-tracker.debian.org/tracker/CVE-2017-10792
>
> in pspp! Your reports are quite detailed. Could you describe how you found the problems, i.e. do
> you have some information about collAFL?
>
> Regards
>
> Friedrich
>
>
Information forwarded
to debian-bugs-dist@lists.debian.org, Friedrich Beckmann <friedrich.beckmann@gmx.de>
:
Bug#866890
; Package pspp
.
(Tue, 04 Jul 2017 05:15:03 GMT) (full text, mbox, link).
Acknowledgement sent
to John Darrington <john@darrington.wattle.id.au>
:
Extra info received and forwarded to list. Copy sent to Friedrich Beckmann <friedrich.beckmann@gmx.de>
.
(Tue, 04 Jul 2017 05:15:03 GMT) (full text, mbox, link).
Message #34 received at 866890@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Mon, Jul 03, 2017 at 11:37:30PM +0200, Friedrich Beckmann wrote:
Hi John,
today I looked a little bit at the hash function. I think the problem is that compared to
the referenced code the x parameter is type int instead of unsigned int. Googling around the
overflow behavior of signed and the shift right of signed is not defined in the c standard
although ???many?" implementations assume 2th complement signed implementation. Both is well
defined for unsigned int operations.
Ahh. Perhaps you're right. But I cannot see that this would cause a crash, so I suspect that's
another problem.
I changed the parameter type from int to unsigned int and I cannot see a problem in the regression.
What problems did you encounter before your change (if any)?
But looking at the code I wondered if this hash function also works on 64 Bit architectures. The
reference only talks about uint32_t.
I cannot see that it wouldn't "work". But it might not create such an efficient hash.
Anyway maybe Ben will be able to have a look soon.
J'
--
Avoid eavesdropping. Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3
fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org
:
Bug#866890
; Package pspp
.
(Tue, 04 Jul 2017 05:42:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Friedrich Beckmann <friedrich.beckmann@gmx.de>
:
Extra info received and forwarded to list.
(Tue, 04 Jul 2017 05:42:03 GMT) (full text, mbox, link).
Message #39 received at 866890@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi John,
> Am 04.07.2017 um 07:10 schrieb John Darrington <john@darrington.wattle.id.au>:
>
> On Mon, Jul 03, 2017 at 11:37:30PM +0200, Friedrich Beckmann wrote:
> Hi John,
>
> today I looked a little bit at the hash function. I think the problem is that compared to
> the referenced code the x parameter is type int instead of unsigned int. Googling around the
> overflow behavior of signed and the shift right of signed is not defined in the c standard
> although ???many?" implementations assume 2th complement signed implementation. Both is well
> defined for unsigned int operations.
>
> Ahh. Perhaps you're right. But I cannot see that this would cause a crash, so I suspect that's
> another problem.
They compiled with a compiler switch -fsanitized=undefined. I assume that this produces the crash.
> I changed the parameter type from int to unsigned int and I cannot see a problem in the regression.
>
> What problems did you encounter before your change (if any)?
I encountered no problems. At first I assumed that they use some form of static code analysis. Then I tried
to run our regression with the above mentioned switch but on MacOS I encountered some compile problems.
In my view the behavior in our code might produce a bad hash as it deviates from the original code as the right
shift is different for int and unsigned int. But I cannot see how this produces a security vulnerability.
Friedrich
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Friedrich Beckmann <friedrich.beckmann@gmx.de>
:
Bug#866890
; Package pspp
.
(Tue, 04 Jul 2017 13:30:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Ben Pfaff <blp@cs.stanford.edu>
:
Extra info received and forwarded to list. Copy sent to Friedrich Beckmann <friedrich.beckmann@gmx.de>
.
(Tue, 04 Jul 2017 13:30:03 GMT) (full text, mbox, link).
Message #44 received at 866890@bugs.debian.org (full text, mbox, reply):
The attribution of the problem to the hash function is probably wrong,
since that function is purely combinatorial logic, but the report as a
whole is right because the attachment in the bug report at
https://bugzilla.redhat.com/show_bug.cgi?id=1467004 does cause
pspp-convert to assert-fail.
I'm looking into it.
On Mon, Jul 03, 2017 at 08:50:56PM +0200, John Darrington wrote:
> I suspect this report is mistaken. But this bit is Ben's code, so I'll let him comment on
> that.
>
> J'
>
> On Mon, Jul 03, 2017 at 07:22:57AM +0200, Friedrich Beckmann wrote:
> Dear owl337 team,
>
> thanks for looking at pspp and finding the security problems
>
> https://security-tracker.debian.org/tracker/CVE-2017-10791
>
> and
>
> https://security-tracker.debian.org/tracker/CVE-2017-10792
>
> in pspp! Your reports are quite detailed. Could you describe how you found the problems, i.e. do
> you have some information about collAFL?
>
> Regards
>
> Friedrich
>
>
>
> _______________________________________________
> pspp-dev mailing list
> pspp-dev@gnu.org
> https://lists.gnu.org/mailman/listinfo/pspp-dev
>
> --
> Avoid eavesdropping. Send strong encrypted email.
> PGP Public key ID: 1024D/2DE827B3
> fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3
> See http://sks-keyservers.net or any PGP keyserver for public key.
>
Information forwarded
to debian-bugs-dist@lists.debian.org
:
Bug#866890
; Package pspp
.
(Tue, 04 Jul 2017 15:57:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Friedrich Beckmann <friedrich.beckmann@gmx.de>
:
Extra info received and forwarded to list.
(Tue, 04 Jul 2017 15:57:05 GMT) (full text, mbox, link).
Message #49 received at 866890@bugs.debian.org (full text, mbox, reply):
Hi Ben,
my understanding is that they bring up two different problems.
For
https://bugzilla.redhat.com/show_bug.cgi?id=1467004 (Hash Function)
the argument is that shift operations and overflows are undefined or
implementation dependent for signed integers as used in the hash function.
https://www.securecoding.cert.org/confluence/display/c/INT13-C.+Use+bitwise+operators+only+on+unsigned+operands
Shifting a negative number is „bad“ by that definition and that is what they checked.
But when looking at the code, isn’t there a problem when a pointer is cast to integer
on 64 Bit platforms because the pointer is 64 Bit and the integer is 32 Bit in hash_pointer? Wouldn’t we
want to have a hash based on the 64 Bit as for hash_double?
For https://bugzilla.redhat.com/show_bug.cgi?id=1467005 (crash on csv conversion)
they managed to generate a file which results in a crash when analyzed. Although pspp
stills gives an error message that something is wrong in the file…
Friedrich
> Am 04.07.2017 um 15:27 schrieb Ben Pfaff <blp@cs.stanford.edu>:
>
> The attribution of the problem to the hash function is probably wrong,
> since that function is purely combinatorial logic, but the report as a
> whole is right because the attachment in the bug report at
> https://bugzilla.redhat.com/show_bug.cgi?id=1467004 does cause
> pspp-convert to assert-fail.
>
> I'm looking into it.
>
> On Mon, Jul 03, 2017 at 08:50:56PM +0200, John Darrington wrote:
>> I suspect this report is mistaken. But this bit is Ben's code, so I'll let him comment on
>> that.
>>
>> J'
>>
>> On Mon, Jul 03, 2017 at 07:22:57AM +0200, Friedrich Beckmann wrote:
>> Dear owl337 team,
>>
>> thanks for looking at pspp and finding the security problems
>>
>> https://security-tracker.debian.org/tracker/CVE-2017-10791
>>
>> and
>>
>> https://security-tracker.debian.org/tracker/CVE-2017-10792
>>
>> in pspp! Your reports are quite detailed. Could you describe how you found the problems, i.e. do
>> you have some information about collAFL?
>>
>> Regards
>>
>> Friedrich
>>
>>
>>
>> _______________________________________________
>> pspp-dev mailing list
>> pspp-dev@gnu.org
>> https://lists.gnu.org/mailman/listinfo/pspp-dev
>>
>> --
>> Avoid eavesdropping. Send strong encrypted email.
>> PGP Public key ID: 1024D/2DE827B3
>> fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3
>> See http://sks-keyservers.net or any PGP keyserver for public key.
>>
>
>
Information forwarded
to debian-bugs-dist@lists.debian.org, Friedrich Beckmann <friedrich.beckmann@gmx.de>
:
Bug#866890
; Package pspp
.
(Tue, 04 Jul 2017 17:15:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Ben Pfaff <blp@cs.stanford.edu>
:
Extra info received and forwarded to list. Copy sent to Friedrich Beckmann <friedrich.beckmann@gmx.de>
.
(Tue, 04 Jul 2017 17:15:04 GMT) (full text, mbox, link).
Message #54 received at 866890@bugs.debian.org (full text, mbox, reply):
I applied fixes for both of these bugs to the PSPP repository, as the
following commits. The fixes will be in the next PSPP release.
commit 41c6f5447941e5d36d0554ba874671649353752f
Author: Ben Pfaff <blp@cs.stanford.edu>
Date: Tue Jul 4 12:58:55 2017 -0400
sys-file-reader: Fix integer overflows in parse_long_string_missing_values().
Crafted system files caused integer overflow errors that in turn caused
aborts. This fixes the problem.
CVE-2017-10791.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1467004.
See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866890.
See also https://security-tracker.debian.org/tracker/CVE-2017-10791.
Found by team OWL337, using the collAFL fuzzer.
commit bf03b53a3c0f0d1066062f37919015a8fa6ad436
Author: Ben Pfaff <blp@cs.stanford.edu>
Date: Tue Jul 4 12:54:47 2017 -0400
sys-file-reader: Avoid null dereference skipping bad extension record 18.
read_record() assumed that read_extension_record() never set its output
argument to NULL when it returned true, but this is possible in an error
case.
CVE-2017-10792.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1467005.
See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866890.
See also https://security-tracker.debian.org/tracker/CVE-2017-10792.
Reported by team OWL337, with fuzzer collAFL.
Reply sent
to Friedrich Beckmann <friedrich.beckmann@gmx.de>
:
You have taken responsibility.
(Mon, 21 Aug 2017 06:39:05 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug acknowledged by developer.
(Mon, 21 Aug 2017 06:39:05 GMT) (full text, mbox, link).
Message #59 received at 866890-close@bugs.debian.org (full text, mbox, reply):
Source: pspp
Source-Version: 1.0.0-1
We believe that the bug you reported is fixed in the latest version of
pspp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 866890@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Friedrich Beckmann <friedrich.beckmann@gmx.de> (supplier of updated pspp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 13 Aug 2017 08:50:21 +0200
Source: pspp
Binary: pspp
Architecture: source i386
Version: 1.0.0-1
Distribution: unstable
Urgency: low
Maintainer: Friedrich Beckmann <friedrich.beckmann@gmx.de>
Changed-By: Friedrich Beckmann <friedrich.beckmann@gmx.de>
Description:
pspp - Statistical analysis tool
Closes: 853623 866890
Changes:
pspp (1.0.0-1) unstable; urgency=low
.
* New upstream release 1.0.0
* The REGRESSION command now has a /ORIGIN subcommand to perform
regression through the origin.
* The FACTOR command can now analyse matrix files prepared with MATRIX DATA.
* The FACTOR command can now print the anti-image matrices.
* The MATRIX DATA command has been added.
* Some inappropriate properties in selection dialogs have been corrected.
* A bug which could cause the HTML driver to go into a tight loop
has been fixed.
* An error in the FREQUENCIES procedure, where the word "Mean" was
printed when "Variance" was appropriate has been fixed.
* The ncurses library is no longer required or used.
* A bug where the Mann-Whitney test would give misleading results
if run on multiple variables and MISSING=ANALAYSIS was specified
has been fixed.
* Gtk+3.14.5 or later must now be used when building.
* Graphical user interface changes:
** There is a new menu: Edit|Options
** The Non Parametric Statistics Menu
has a new item: "K Independent Samples".
** Dialog boxes can now be canceled using the <Escape> key.
* The AUTORECODE command now accepts an optional / before INTO.
* The short form of the VECTOR command can now create string variables.
* Bug fixes, including fixes for CVE-2017-10791 and CVE-2017-10792.
Closes: #866890
* Updated gnulib version which can be compiled with GCC7
Closes: #853623
Checksums-Sha1:
8844ff4782e845f585d2e6d2a3688641e2ad0a4e 2099 pspp_1.0.0-1.dsc
268a241e1a272585dc41a575816e21d423a46631 7553661 pspp_1.0.0.orig.tar.gz
0a4d81d4d5b83b611a05408eefb358a8d87e68a6 26724 pspp_1.0.0-1.debian.tar.xz
b199252ff760ddf75187c9ecd59e78380860ff45 2992064 pspp-dbgsym_1.0.0-1_i386.deb
7f0460d741f68de1ab4d7aea2bb3b67c2c5bd4f3 14085 pspp_1.0.0-1_i386.buildinfo
7d64a3f72317ade9569bc870cd87d46b1e835d79 4249544 pspp_1.0.0-1_i386.deb
Checksums-Sha256:
0e4942fe15e9723331e9f12028bbf070d6bb835e391a4dfbe41b8e1e776cbf33 2099 pspp_1.0.0-1.dsc
1b991ad4f5b2adc8c972de48fdb01d3675cb5ae1fc8d28850f6c0c68a745cb83 7553661 pspp_1.0.0.orig.tar.gz
183223e41d0a9612c23d6c7d823eeba0a1ab671307814fe7f5d1ec698556a875 26724 pspp_1.0.0-1.debian.tar.xz
0c2875c7227b0fe0f7c228edec6c65fc6e5143307b5a9114eb101b18fa0f83e4 2992064 pspp-dbgsym_1.0.0-1_i386.deb
606d3ee450c45e9bff253fbbbc0921bb84457273e7d7371a4444859a9707eba2 14085 pspp_1.0.0-1_i386.buildinfo
1aa7a1b5e3bfec39d812a716a11cae4a7d2e6941338d19ff5739dafd5ce13565 4249544 pspp_1.0.0-1_i386.deb
Files:
c00f4f562218372e44bc8b27eb17faac 2099 math optional pspp_1.0.0-1.dsc
8c34cb0a3c8a08c92595c647d42a0a85 7553661 math optional pspp_1.0.0.orig.tar.gz
e4b28f05401868b22230682aebe68cc1 26724 math optional pspp_1.0.0-1.debian.tar.xz
7034cd8de4f3f7a602e159beafd30ee3 2992064 debug extra pspp-dbgsym_1.0.0-1_i386.deb
e485e8072e821079e77403d165478506 14085 math optional pspp_1.0.0-1_i386.buildinfo
cb41db0ee4b4127329afda10962dfc27 4249544 math optional pspp_1.0.0-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJZmnmAAAoJEIUZnejGZI6QVxIP/0YozC1j+A66yAUKq5p9Nwdn
6SBzM3zeTGlkyLNrUBBktU6dkI1JHb0Y6dE5QzT9Zt2FBi4PM5IsAho3SpwOrT2P
WJl/5rx3dKjminQxnqUOScAvaQPPDSj686ZJmeReAunuhSIIcQRTWnDHIesTVgPw
3ppcOwlioU8BvYAaqE2MYZrMqNrrTLj0q5lbpyisCdOVTAMZMqx74JvACAG8Ew5b
buCEcn1kiHJQsdhE9iGOQkljRTgQpDt/LL29KOIL3hgBDSIWc1DKwLzbNR1Oz47G
eIVZ726ytStQCau1ofjIjuUtgBwd7x7uyaXrIh+63LV3r/mP0Qa81KD2BqoonDZu
yI/qkGpSQsUKOZU8FlmG2IXepNXLNhGfiIo6uy5R5nqdFIlJ4DpNAM+qFU2rvh4V
xaVHV4LVXkf7adB4gXT13XgcRFphMSeXV5SRiPO51M5UHhGXFQ10dT5QAMQYUKPY
+y7mz7atABJykxCowqoyHP/WV4Xkv6dACAjMDmRCwNXWK3t6Igr4SxrCk60hy6v8
MoDpnBKgJj+nIosx/PWXt/4tH/1PU1bXNq9tFogPt09k/av2LR6RRkmjtgpTDlLl
X9oGo/zfD8mATm2yzPlmiRSIxLg7ZOyBlZseD1raZa0QMgD/2wmmaGk1E7WZ9+jR
IFDsmcPmlaPw39J7wcPw
=sUhJ
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Wed, 20 Sep 2017 07:30:19 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:55:02 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.