libpng: CVE-2015-7981: out-of-bound read

Debian Bug report logs - #803078
libpng: CVE-2015-7981: out-of-bound read

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: libpng: CVE-2015-7981: out-of-bound read

Date: Mon, 26 Oct 2015 19:03:05 +0100

Source: libpng
Version: 1.2.44-1
Severity: important
Tags: security upstream patch fixed-upstream
Forwarded: http://sourceforge.net/p/libpng/bugs/241/

Hi,

the following vulnerability was published for libpng.

CVE-2015-7981[0]:
out-of-bound read vulnerability

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-7981
[1] http://sourceforge.net/p/libpng/code/ci/fbf0f024346ca0a4ffc64b082a95c6b6bb6d29c4/
[2] http://sourceforge.net/p/libpng/bugs/241/

Regards,
Salvatore

Message #10 received at 803078@bugs.debian.org (full text, mbox, reply):

From: Sven Joachim <svenjoac@gmx.de>

To: 805113@bugs.debian.org, 803078@bugs.debian.org

Cc: Josh Triplett <josh@joshtriplett.org>, Salvatore Bonaccorso <carnil@debian.org>

Subject: Re: Bug#805113: CVE-2015-8126: buffer overflow

Date: Mon, 16 Nov 2015 18:29:00 +0100

[Message part 1 (text/plain, inline)]

On 2015-11-14 12:54 -0800, Josh Triplett wrote:

> Package: libpng12-0
> Version: 1.2.50-2+b2
> Severity: critical
> Tags: security upstream
>
> Quoting https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8126
>> Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE
>> functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and
>> 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote
>> attackers to cause a denial of service (application crash) or possibly have
>> unspecified other impact via a small bit-depth value in an IHDR (aka image
>> header) chunk in a PNG image.
>
> In particular, "1.1.x and 1.2.x before 1.2.54".

On 2015-10-26 19:03 +0100, Salvatore Bonaccorso wrote:

> Source: libpng
> Version: 1.2.44-1
> Severity: important
> Tags: security upstream patch fixed-upstream
> Forwarded: http://sourceforge.net/p/libpng/bugs/241/
>
> Hi,
>
> the following vulnerability was published for libpng.
>
> CVE-2015-7981[0]:
> out-of-bound read vulnerability
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

I have made a local package with libpng 1.2.54 for myself, if anybody is
interested a filtered debdiff containing only the changes in the debian
directory is attached.  The debian/watch file does not work, I have
downloaded libpng-1.2.54.tar.xz from
ftp://ftp.simplesystems.org/pub/libpng/png/src/libpng12/ where there is
also a detached signature.

Cheers,
       Sven

[debdiff (text/x-diff, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #15 received at 803078@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 803078@bugs.debian.org, 805113@bugs.debian.org

Cc: Anibal Monsalve Salazar <anibal@debian.org>

Subject: debdiff for libpng

Date: Tue, 17 Nov 2015 22:20:11 +0100

[Message part 1 (text/plain, inline)]

Control: tags 805113 + patch

Hi Anibal,

Attached is debdiff I would propose for sid (jessie- and
wheezy-security are already prepared analogously but as well not yet
released).

Not yet uploaded thoug (neither to a delayed queue).

Regards,
Salvatore

[libpng_1.2.50-2.1.debdiff.base64 (text/plain, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #20 received at 803078@bugs.debian.org (full text, mbox, reply):

From: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>

To: Salvatore Bonaccorso <carnil@debian.org>, 803078@bugs.debian.org, 805113@bugs.debian.org

Cc: Anibal Monsalve Salazar <anibal@debian.org>

Subject: Re: CVE-2015-8126: buffer overflow

Date: Wed, 18 Nov 2015 11:14:21 +0900

Hi, Salvatore.

Thanks for your patch.
I will upload a new version that includes the changes to fix these bugs soon.
And I will work for jessie and wheezy-security too.

Best regards,
  Nobuhiro

> Control: tags 805113 + patch
>
> Hi Anibal,
>
> Attached is debdiff I would propose for sid (jessie- and
> wheezy-security are already prepared analogously but as well not yet
> released).
>
> Not yet uploaded thoug (neither to a delayed queue).
>
> Regards,
> Salvatore

-- 
Nobuhiro Iwamatsu
   iwamatsu at {nigauri.org / debian.org}
   GPG ID: 40AD1FA6

Message #25 received at 803078@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Nobuhiro Iwamatsu <iwamatsu@nigauri.org>

Cc: 803078@bugs.debian.org, 805113@bugs.debian.org, Anibal Monsalve Salazar <anibal@debian.org>

Subject: Re: CVE-2015-8126: buffer overflow

Date: Wed, 18 Nov 2015 06:01:44 +0100

Hey Nobohiro!

On Wed, Nov 18, 2015 at 11:14:21AM +0900, Nobuhiro Iwamatsu wrote:
> Hi, Salvatore.
> 
> Thanks for your patch.
> I will upload a new version that includes the changes to fix these bugs soon.

Okay thanks, so no NMU needed.

> And I will work for jessie and wheezy-security too.

This is actually already done, but we haven't released the DSA yet
(and exposed the packages to some more testing first).

Regards,
Salvatore

Message #30 received at 803078-close@bugs.debian.org (full text, mbox, reply):

From: Nobuhiro Iwamatsu <iwamatsu@debian.org>

To: 803078-close@bugs.debian.org

Subject: Bug#803078: fixed in libpng 1.2.54-1

Date: Wed, 18 Nov 2015 18:05:17 +0000

Source: libpng
Source-Version: 1.2.54-1

We believe that the bug you reported is fixed in the latest version of
libpng, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 803078@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nobuhiro Iwamatsu <iwamatsu@debian.org> (supplier of updated libpng package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 18 Nov 2015 11:00:42 +0900
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source amd64
Version: 1.2.54-1
Distribution: unstable
Urgency: medium
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Nobuhiro Iwamatsu <iwamatsu@debian.org>
Description:
 libpng12-0 - PNG library - runtime
 libpng12-0-udeb - PNG library - minimal runtime library (udeb)
 libpng12-dev - PNG library - development
 libpng3    - PNG library - runtime
Closes: 803078 805113
Changes:
 libpng (1.2.54-1) unstable; urgency=medium
 .
   * New upstream release. (Closes: #803078, #805113)
   * Remove patches/02-required-space.patch.
     Already applied in upstream.
   * Bumped standards version to 3.9.6.
Checksums-Sha1:
 31af22545a4301a9eb381fec6b2e55b1d2365de0 2008 libpng_1.2.54-1.dsc
 87bc40e28d51bb9c7e386d9aaefa04178cb5db86 571448 libpng_1.2.54.orig.tar.xz
 d381cb587fee0c0cd9952f2aea84035387d04573 17220 libpng_1.2.54-1.debian.tar.xz
 4fc462479710da6a63701438ee25116c70fcd2a4 62262 libpng12-0-udeb_1.2.54-1_amd64.udeb
 249e0353c69f635b644663c00fb19a508b6c708b 171642 libpng12-0_1.2.54-1_amd64.deb
 17a6fc7f9faadde7d8f3b4e41aa57a13703264e5 244290 libpng12-dev_1.2.54-1_amd64.deb
 0066885ec6008f1f467d35985953c1865d478ceb 974 libpng3_1.2.54-1_amd64.deb
Checksums-Sha256:
 9328ae94c32bb2c6240163e0fd9db922bf0058e13a96d12fe73e86c567ddc5ec 2008 libpng_1.2.54-1.dsc
 cf85516482780f2bc2c5b5073902f12b1519019d47bf473326c2018bdff1d272 571448 libpng_1.2.54.orig.tar.xz
 c9fc1eff18386f984c3abdbdabe4dd0f5b33a766c4f5e2c00d9a0bb3c640091a 17220 libpng_1.2.54-1.debian.tar.xz
 e1806fb533d0b50d4fd902fd262c6d97b5fd9af3b3430ad0008d7e23ea95628d 62262 libpng12-0-udeb_1.2.54-1_amd64.udeb
 929f72a4fb49bb53ccc3caee26edb8e97671e8e9a20df0e0828587f6eeaf072b 171642 libpng12-0_1.2.54-1_amd64.deb
 13b5b1b1094b610162d8df7eac67bfe8a27f1aca014d96bdbad52126e693b0e7 244290 libpng12-dev_1.2.54-1_amd64.deb
 90e45933111beb654c84c2c7000297bcc9c09a7f279f7db8a0988a932342c15c 974 libpng3_1.2.54-1_amd64.deb
Files:
 bb526baf461251fdf4fb32c5861c6ef5 2008 libs optional libpng_1.2.54-1.dsc
 bbb7a7264f1c7d9c444fd16bf6f89832 571448 libs optional libpng_1.2.54.orig.tar.xz
 aad30ef16ed222c463c28e4f66927f11 17220 libs optional libpng_1.2.54-1.debian.tar.xz
 a8f84f4629bf910b33fc8e69f88fafd5 62262 debian-installer extra libpng12-0-udeb_1.2.54-1_amd64.udeb
 f36f8eaa97c9f8f8a0d6552babde6431 171642 libs optional libpng12-0_1.2.54-1_amd64.deb
 828a973959be61c60ed3ba0de4a7ab70 244290 libdevel optional libpng12-dev_1.2.54-1_amd64.deb
 5362826f1e7e76765c135788e8e88eb7 974 oldlibs optional libpng3_1.2.54-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWTLjaAAoJEDIkf7tArR+mA64QAII3ZYDvceh4N7PJgt/AA/sA
Ntj14rfj1q8V/BQo+KR4EWosNjlWdxVyOeGeofOg0W0QyVnDef6z1PVBR6STMT7u
tu9ejiGXQvWOPz5jlYTQDZ70sdY+lNwM7CVLVZpX631L4cBkkIlQ9I9peXIzfkQ4
X9GKd2RLTGIGqDBbqf5Riva3tgGqOr3eKt1v/cHpx91bcR62ZKXC750JHKMXAr5N
zAKuiugyFd5Iavp7uHUcXxrnZ0/iuOTxR8oqLc8DpCDVI8Wx76TrvZ+4AJG86Qkw
6noJUsbuSSPrzXbkl+IEdH3sr2hfXGOxPdpy1HjEF5VveOpEcyafIid6y/UTf5l1
uoBKcmK4bYBMCct3c+gaS94S+UWQu5dJ9d8oDq2o4R3uQVGCXBCnteYUVeaviZQ+
+6rzBcUAq3STI7VqQ2pxNrNwxBPoQV/hXWi0umFUpk81A8ffDhjmJU0FRDB62qf7
BKdbHxpOPn7z/1U9vOc51wz7erm331lOLKV3FoJh480A64Hky/niF6E6lyT0Ld4R
gN5kgFSORfZYqnbaIiIySlovcE0VyHNhgkGKLI2ubkzWHkru9Bdtp+g00JJZXeVq
R98BkAQZAi/zVUjACAGdq516D3fA8NYIbKdbHxPM+AF6cwFSzGioW2tJyr9zjRN9
sASAwklpMa5HadLn88sz
=OIAX
-----END PGP SIGNATURE-----

Message #35 received at 803078-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 803078-close@bugs.debian.org

Subject: Bug#803078: fixed in libpng 1.2.50-2+deb8u1

Date: Thu, 19 Nov 2015 19:47:07 +0000

Source: libpng
Source-Version: 1.2.50-2+deb8u1

We believe that the bug you reported is fixed in the latest version of
libpng, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 803078@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libpng package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 17 Nov 2015 19:21:32 +0100
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source
Version: 1.2.50-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 803078 805113
Description: 
 libpng12-0 - PNG library - runtime
 libpng12-0-udeb - PNG library - minimal runtime library (udeb)
 libpng12-dev - PNG library - development
 libpng3    - PNG library - runtime
Changes:
 libpng (1.2.50-2+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add CVE-2015-7981.patch patch.
     CVE-2015-7981: Out-of-bounds read in png_convert_to_rfc1123.
     (Closes: #803078)
   * Add Prevent-writing-over-length-PLTE-chunk-Cosm.patch patch.
     CVE-2015-8126: Multiple buffer overflows in the png_set_PLTE and
     png_get_PLTE functions. (Closes: #805113)
   * Add Fixed-new-bug-with-CRC-error-after-reading-.patch patch.
     Fixed new bug with CRC error after reading an over-length palette.
Checksums-Sha1: 
 024ae4301ae8a8112f9b4eaeae50a70d61c86da4 2036 libpng_1.2.50-2+deb8u1.dsc
 3ac9c32fc08804d4a1858cb5d02c6d0fb55ede37 539152 libpng_1.2.50.orig.tar.xz
 a5e7117c34d7980c98a74c5251409a9380026765 20232 libpng_1.2.50-2+deb8u1.debian.tar.xz
Checksums-Sha256: 
 8c7302111fb96198a7b3046fdf65697d00f87867b4baf1a1fd1b77ac4111b34d 2036 libpng_1.2.50-2+deb8u1.dsc
 4724f81f8c92ac7f360ad1fbf173396ea7c535923424db9fbaff07bfd9d8e8e7 539152 libpng_1.2.50.orig.tar.xz
 99cada9cd6af65321604f84821091b764fcd1661d4bd136e4893ebc5a9178206 20232 libpng_1.2.50-2+deb8u1.debian.tar.xz
Files: 
 9df487847a931ba2862eafb3d812483d 2036 libs optional libpng_1.2.50-2+deb8u1.dsc
 a3e00fccbfe356174ab515b5c00641c7 539152 libs optional libpng_1.2.50.orig.tar.xz
 e91ab33a8ed0e80204f9fda77da4fc45 20232 libs optional libpng_1.2.50-2+deb8u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWTA8CAAoJEAVMuPMTQ89Evq8QAJ3E2TtZmniJdB998Ku2Ckzn
rtmwyt++0ZZVPZWFTcZcm6PLEeSEITo/7DCHX9FI0vuPtNyoI0pMHgHbD1Aa9GMh
+DwhDGXhuTYVvPCxZR4nMZN5n5gVqo6F02gzFcKy6KdS4qRZl/LLnHfXg504MoNf
46TIxhyTBqkMspshs8Zo1V/Yhp1YAaRf+9oWeev9uOTV+BEQnYlvyK7gtQZNkMco
GEeUz7OJqy8TM6E8wmxbRjBwV3zeC3Cxt7BZKkAwQ25HZ6QYxb7e+wqSQLmYDhYU
EnLGJzqesUUwupaEgor4yzEDTiHuNhQf2TswlPxZUq6Q/BODgM2P7X4TGcPY4OOT
kKG9FTcGdRGw4AT6gNqxhFYztjTDEx+NagfhH9BS5mJKt3rEMRYPkGtOnir6pKeZ
MmMAma9mqdut0LPK/MfLf9pD5m3KhhppoUVEfzu9xj9oJy1qtEtzpa6JOTXPIeqY
/x1gRtQgHcOyCiKxtKRFc5OICf/L+ajnQnZeC42Q+sHakb22aKjojVuO0wzeQrbi
/O0TdRTs/sl1L8T6NevsEVJg5wYLHqXqejjdBJpi0WRBCRR2U+eW+ya5U0YRYHQ6
/wlC7rOUEvxv5PJ98jT2Li+MfaUdqi0cGCRMBieyZf4nYKtzbpVZ6LxjR20opZ5K
B+NFZ+cqJ5OpoPcz0FYk
=SAWe
-----END PGP SIGNATURE-----

Message #40 received at 803078-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 803078-close@bugs.debian.org

Subject: Bug#803078: fixed in libpng 1.2.49-1+deb7u1

Date: Thu, 19 Nov 2015 19:57:30 +0000

Source: libpng
Source-Version: 1.2.49-1+deb7u1

We believe that the bug you reported is fixed in the latest version of
libpng, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 803078@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libpng package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 17 Nov 2015 19:31:24 +0100
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source amd64
Version: 1.2.49-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 libpng12-0 - PNG library - runtime
 libpng12-0-udeb - PNG library - minimal runtime library (udeb)
 libpng12-dev - PNG library - development
 libpng3    - PNG library - runtime
Closes: 803078 805113
Changes: 
 libpng (1.2.49-1+deb7u1) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add CVE-2015-7981.patch patch.
     CVE-2015-7981: Out-of-bounds read in png_convert_to_rfc1123.
     (Closes: #803078)
   * Add Prevent-writing-over-length-PLTE-chunk-Cosm.patch patch.
     CVE-2015-8126: Multiple buffer overflows in the png_set_PLTE and
     png_get_PLTE functions. (Closes: #805113)
   * Add Fixed-new-bug-with-CRC-error-after-reading-.patch patch.
     Fixed new bug with CRC error after reading an over-length palette.
Checksums-Sha1: 
 2934aa4cc73fe37280f8c5623d13898c6c27ec92 1987 libpng_1.2.49-1+deb7u1.dsc
 93cdd7e4fe01b490cf045e3f354ab38f0200c540 669011 libpng_1.2.49.orig.tar.bz2
 e9061afc87f2a68ce12eefa61b5ff4cd5a0c4fac 18111 libpng_1.2.49-1+deb7u1.debian.tar.bz2
 04c71ca3c81152aa6b434ad94c5ad10d83159a21 190692 libpng12-0_1.2.49-1+deb7u1_amd64.deb
 b775b9354a73ed8e8a419b8d7964a3213a75d0d6 267326 libpng12-dev_1.2.49-1+deb7u1_amd64.deb
 4db3f15a6f9f71b9fe1d2c7e4d7a61eacf082610 958 libpng3_1.2.49-1+deb7u1_amd64.deb
 3d3426bb51b7ff20420e7aefc3c350a15e0fb49d 63896 libpng12-0-udeb_1.2.49-1+deb7u1_amd64.udeb
Checksums-Sha256: 
 3f39b5b17b75d1a390b05d0c7169560bd15e621a204a8ff0d5814f3dff441288 1987 libpng_1.2.49-1+deb7u1.dsc
 fbf8faa70ebca2ed2ee6df6f2249f4722517b581af5b6c3c71bbdaf925d5954e 669011 libpng_1.2.49.orig.tar.bz2
 82a191df9f4430cc9dc4372201e2dd16f294031dcc492116e6d4f765279bf0dd 18111 libpng_1.2.49-1+deb7u1.debian.tar.bz2
 dd0b8620227148f32903a50b60b78612c99e68a4166ae7f5f149a281566995c5 190692 libpng12-0_1.2.49-1+deb7u1_amd64.deb
 3b85742458c119c7c4ba0aeab6b1b9425acf0d5cb3b3732736c99554c9bab2dd 267326 libpng12-dev_1.2.49-1+deb7u1_amd64.deb
 84781eaf148632a54c81bc34c00b1946aa2b7acda835018a689e08c9ddeebd5d 958 libpng3_1.2.49-1+deb7u1_amd64.deb
 3ebdcc2e886f871dc18f34cdaa5917546ad1fc393e60c33405d5070f5b6bad76 63896 libpng12-0-udeb_1.2.49-1+deb7u1_amd64.udeb
Files: 
 5fd562ec548a798eb94825a15aee94b8 1987 libs optional libpng_1.2.49-1+deb7u1.dsc
 d5106b70b4f8b464a7da66bffe4565fb 669011 libs optional libpng_1.2.49.orig.tar.bz2
 a1a69c7a7c312064f60e9c6e7840e755 18111 libs optional libpng_1.2.49-1+deb7u1.debian.tar.bz2
 b8cb22e8f7d8dbe4c57630c096e78bd4 190692 libs optional libpng12-0_1.2.49-1+deb7u1_amd64.deb
 b67174ad000d1fe9c93d28ed52c4bc4d 267326 libdevel optional libpng12-dev_1.2.49-1+deb7u1_amd64.deb
 66b63e967b20aa836632fd9f289fcc66 958 oldlibs optional libpng3_1.2.49-1+deb7u1_amd64.deb
 5f36e83d58e6d0084585b95db650fad4 63896 debian-installer extra libpng12-0-udeb_1.2.49-1+deb7u1_amd64.udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWTA2YAAoJEAVMuPMTQ89EbOMQAJ7WoqvyXo8mQ4kYP0TMwN3z
LNASZWAXe9ULAuHWc/Ep5BYboNGLeslQx0e6IRuOk6ODzb/RkctOIPoNRzc0kFyG
u2II+o74oqA2OtVMo/SXpykpKZofKYDsn6lD5+ZvBM6rl6Y9r2ai+YgmrXaXMwiU
phB4etLFLXZcZyOJxwYRjKLlybWu0rkD5zd2UJ54Aapue0tqHxo2FnHlzZHN34qs
u8Yggh476tcWkSaCVqxoGkcuiDUMKkY8NCiZInXKkE8fO1QUpRkpMhWJr5AT1gHm
Zj/Ucgk1p+a1iAdTTPfohHdvNrZ/cuOZEn2j7Tt2F8dj0LwNy9hZ2chJDUZ3liiT
3ih4zIZ/lEcfL3sBgjL/qW1MM/Klu3SjinCpZXBljHTjSBZQ3wg/CsYXbTWbasHS
ZhuLF1wsJdEEIaW4QsZ/svI2k2Dqcfkv0KSJnIsKmTzT0f7idfhF+/KjD2f9PwSC
QfwP64VgNvP7A8/sdGyKK3RypF+zZMXNp6NJMhjI6JPylPpYMnc5xgiZ7wq7VJOW
n3jhNuPI0g7iHlUDhU25UvR4QHwjQ2om9WDnRBPchU8b3unXCmPn8cqoZkd67SD2
xPIXfJ8aDDVwMiCkWcU06ZmJO01Zg/YBHu15vElWnLBYrUfv7jxl2ks61nrujQPD
3vgRetuM0b78K62jFnut
=QARm
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.