python-pygments: CVE-2015-8557: shell injection in FontManager._get_nix_font_path

Debian Bug report logs - #802828
python-pygments: CVE-2015-8557: shell injection in FontManager._get_nix_font_path

Toggle useless messages

Message #3 received at submit@bugs.debian.org (full text, mbox, reply):

From: Jakub Wilk <jwilk@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: python-pygments: shell injection in FontManager._get_nix_font_path

Date: Fri, 23 Oct 2015 23:12:39 +0200

Package: python-pygments
Version: 2.0.1+dfsg-1.1
Tags: security
Forwarded: https://bitbucket.org/birkenfeld/pygments-main/pull-requests/501

Javantea reported in <http://seclists.org/fulldisclosure/2015/Oct/4>:
>An unsafe use of string concatenation in a shell string occurs in 
>FontManager. If the developer allows the attacker to choose the font 
>and outputs an image, the attacker can execute any shell command on the 
>remote system. The name variable injected comes from the constructor of 
>FontManager, which is invoked by ImageFormatter from options.
>
>pygments/formatters/img.py:82
>                             
>    def _get_nix_font_path(self, name, style):
>        try:
>            from commands import getstatusoutput
>        except ImportError:
>            from subprocess import getstatusoutput
>        exit, out = getstatusoutput('fc-list "%s:style=%s" file' %
>                                    (name, style))
>        if not exit:
>            lines = out.splitlines()
>            if lines:
>                path = lines[0].strip().strip(':')
>                return path

-- 
Jakub Wilk

Message #8 received at 802828@bugs.debian.org (full text, mbox, reply):

From: Raphael Hertzog <hertzog@debian.org>

To: Piotr Ożarowski <piotr@debian.org>, Jakub Wilk <jwilk@debian.org>, 802828@bugs.debian.org

Cc: debian-lts@lists.debian.org

Subject: Re: Bug#802828: python-pygments: shell injection in FontManager._get_nix_font_path

Date: Tue, 15 Dec 2015 10:31:24 +0100

Control: retitle -1 python-pygments: CVE-2015-8557: shell injection in FontManager._get_nix_font_path
Control: severity -1 important
Control: tag -1 + patch

On Fri, 23 Oct 2015, Jakub Wilk wrote:
> Javantea reported in <http://seclists.org/fulldisclosure/2015/Oct/4>:

This has been assigned CVE-2015-8557 and the recommended patch
to use is
https://bitbucket.org/birkenfeld/pygments-main/commits/0036ab1c99e256298094505e5e92f

I'm upgrading the severity to important. All Debian releases are affected.

Piotr, the Debian LTS team wants to fix this issue in squeeze too. Do you
want to take care of this by yourself?

If yes, please follow the workflow we have defined here:
http://wiki.debian.org/LTS/Development

If that workflow is a burden to you, feel free to just prepare an
updated source package and send it to debian-lts@lists.debian.org
(via a debdiff, or with an URL pointing to the source package,
or even with a pointer to your packaging repository), and the members
of the LTS team will take care of the rest. Indicate clearly whether you
have tested the updated package or not.

If you don't want to take care of this update, it's not a problem, we
will do our best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.

Thank you very much.

Raphaël Hertzog,
  on behalf of the Debian LTS team.

PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Message #27 received at 802828-close@bugs.debian.org (full text, mbox, reply):

From: Chris Lamb <lamby@debian.org>

To: 802828-close@bugs.debian.org

Subject: Bug#802828: fixed in pygments 1.3.1+dfsg-1+deb6u11

Date: Tue, 15 Dec 2015 18:18:58 +0000

Source: pygments
Source-Version: 1.3.1+dfsg-1+deb6u11

We believe that the bug you reported is fixed in the latest version of
pygments, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 802828@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chris Lamb <lamby@debian.org> (supplier of updated pygments package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 15 Dec 2015 17:54:50 +0000
Source: pygments
Binary: python-pygments
Architecture: source all
Version: 1.3.1+dfsg-1+deb6u11
Distribution: squeeze-lts
Urgency: high
Maintainer: Piotr Ożarowski <piotr@debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description: 
 python-pygments - syntax highlighting package written in Python
Closes: 802828
Changes: 
 pygments (1.3.1+dfsg-1+deb6u11) squeeze-lts; urgency=high
 .
   * CVE-2015-8557: Fix shell Injection in Pygments
     FontManager._get_nix_font_path. (Closes: #802828)
Checksums-Sha1: 
 22a659ed0271138297f46ebd864af14584dae26e 2100 pygments_1.3.1+dfsg-1+deb6u11.dsc
 4bd645a712546586c196b52698559b7cbec43985 584821 pygments_1.3.1+dfsg.orig.tar.gz
 29abc0eb526b8067454072d1c26e1b068d59643d 6395 pygments_1.3.1+dfsg-1+deb6u11.diff.gz
 1980dcbbe7a617aaff309e2a65b3d400de5ffc4e 339674 python-pygments_1.3.1+dfsg-1+deb6u11_all.deb
Checksums-Sha256: 
 a7d9789342bd49e0139808fd43adb3c91efff5588a3f47c702ccbcfe34afa3ab 2100 pygments_1.3.1+dfsg-1+deb6u11.dsc
 e6f5a46e102e306f2bff8a5518bcfaf815f2768cd327c6bfc25439c653df354c 584821 pygments_1.3.1+dfsg.orig.tar.gz
 28326e8889d50d824d65e05e888303794a9e65a016ef4a344a822ab8dc81b16c 6395 pygments_1.3.1+dfsg-1+deb6u11.diff.gz
 4f01f5a65f2dc10d2c30eb0a95dbf0f6d0ddf2d8da6a1bcae3305695709a0b32 339674 python-pygments_1.3.1+dfsg-1+deb6u11_all.deb
Files: 
 e31bd25287067c8a235c9f3bcfec0b1d 2100 python optional pygments_1.3.1+dfsg-1+deb6u11.dsc
 790551a67ed654dca7401f0f4a04d965 584821 python optional pygments_1.3.1+dfsg.orig.tar.gz
 2e186f57bf93f09f46093132f77a735d 6395 python optional pygments_1.3.1+dfsg-1+deb6u11.diff.gz
 75d0942295f0d271b5685254464e53e9 339674 python optional python-pygments_1.3.1+dfsg-1+deb6u11_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWcFfhAAoJEB6VPifUMR5YeJoP/0/IHfBjPuunEJU1WaXLPUc9
zl44a/DrCh9flUOarcBTNRDQ7Adj1V+5ltqb07Aka01xWsqsunVBWDrsPTl6NHna
JXWn4cUBleoYgKHmcoPfCJCSe3UbYs6ciBs03EzrJORzJdv022tljM/Zo8cUSOsK
PUdfeVE2d4XOr3Pi2BdDn7BHTCbxIEcRsOcvtyjde8lfqZz7IbKvMqpwDVbMvmIK
WQg/vVIR5aLwtdcUF6o3t0fzqCMfNZdlgExQyoWzlQK0XOj+0ngxIUtMwCfLIaUS
VUo6xavqClWZGCKkmQN295Cc8sRIVnadFFunlvzcLNWAqghLb9CRsxtq8SXjaq5L
Sv2oh96ImXVMrm2WS40xAvtQP8o99irzgf1mvod27SIv1xaDaZZNw1uKrYv5qqmB
aYaWRPRutQ6MSFITeAypg7R4I/12FbnoFTIcPALvH4yEZZiKT0B3xdGMiV4WpzfF
//0ef8lJp/TQcoe+z4OVE1enNkM4qdGp3zxiFxvSkzwIck155xe6HzDqeofjKkcG
l16Dh+/fBI5B9Wye4v9DV1mgJIhQ1pJhwyi8Y1ZPwhVUV8j6umrk6TFe2p3MrGWv
9RakFpjdE/p7Lt3YxeNlrOQjjtvNQ+GeNFPh612KA90cFRSu2QMlzfhLK5woryXy
SADFAtE87YJ61AD5eh4b
=QK8y
-----END PGP SIGNATURE-----

Message #32 received at 802828@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 802828@bugs.debian.org

Subject: pygments: diff for NMU version 2.0.1+dfsg-1.2

Date: Sun, 10 Jan 2016 17:08:59 +0100

[Message part 1 (text/plain, inline)]

Control: tags 802828 + pending

Dear maintainer,

I've prepared an NMU for pygments (versioned as 2.0.1+dfsg-1.2) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore

[pygments-2.0.1+dfsg-1.2-nmu.diff (text/x-diff, attachment)]

Message #39 received at 802828-close@bugs.debian.org (full text, mbox, reply):

From: Piotr Ożarowski <piotr@debian.org>

To: 802828-close@bugs.debian.org

Subject: Bug#802828: fixed in pygments 2.0.1+dfsg-2

Date: Sun, 10 Jan 2016 18:20:06 +0000

Source: pygments
Source-Version: 2.0.1+dfsg-2

We believe that the bug you reported is fixed in the latest version of
pygments, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 802828@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Piotr Ożarowski <piotr@debian.org> (supplier of updated pygments package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 10 Jan 2016 18:56:35 +0100
Source: pygments
Binary: python-pygments python3-pygments python-pygments-doc
Architecture: source all
Version: 2.0.1+dfsg-2
Distribution: unstable
Urgency: high
Maintainer: Piotr Ożarowski <piotr@debian.org>
Changed-By: Piotr Ożarowski <piotr@debian.org>
Description:
 python-pygments - syntax highlighting package written in Python
 python-pygments-doc - documentation for the Pygments
 python3-pygments - syntax highlighting package written in Python 3
Closes: 802828
Changes:
 pygments (2.0.1+dfsg-2) unstable; urgency=high
 .
   [ Salvatore Bonaccorso ]
   * Add CVE-2015-8557.patch patch.
     CVE-2015-8557: Shell injection in FontManager._get_nix_font_path.
     (Closes: #802828)
 .
   [ Piotr Ożarowski ]
   * debian/watch: use pypi.debian.net redirector
   * install pygmentize's bash completion to
     /usr/share/bash-completion/completions
Checksums-Sha1:
 311a96841bc14352df7ba7f52c241c721c90de51 2294 pygments_2.0.1+dfsg-2.dsc
 003ce7da545328111fa9ffb2db7a2f0927d0bf5d 7456 pygments_2.0.1+dfsg-2.debian.tar.xz
 b5ffd22aa86383d3c18997dd78890432bebf8de1 224510 python-pygments-doc_2.0.1+dfsg-2_all.deb
 85357a5d841a0aa43848271a52c89f4feb7a1546 479882 python-pygments_2.0.1+dfsg-2_all.deb
 b6bc28bfaf42699e2861ec3454930c1788d6ecc8 477858 python3-pygments_2.0.1+dfsg-2_all.deb
Checksums-Sha256:
 41cb05f7818a8d87f23588b882bedb8d777b5f9c2a251da94c17b36ad35c1578 2294 pygments_2.0.1+dfsg-2.dsc
 f6088d11a0886aee1a2d526b6e13e69910d83d729007104a3070a587e104da71 7456 pygments_2.0.1+dfsg-2.debian.tar.xz
 a1082d11d6a859da2a56ef8f316fa48a07ad08b5357525276e700202d781841d 224510 python-pygments-doc_2.0.1+dfsg-2_all.deb
 d837e674d985ad6bf6cf1d8c8d3de9246500b4050e217f9429df5ed707f2137e 479882 python-pygments_2.0.1+dfsg-2_all.deb
 453c3586cbd2eb364f9ff4cba1b0532cc97a6cdc15f9f5271a54abd8f3a54349 477858 python3-pygments_2.0.1+dfsg-2_all.deb
Files:
 f0965962f0da64a9d95c79b10a0a1461 2294 python optional pygments_2.0.1+dfsg-2.dsc
 bf972e726860a82ff0872716481bf908 7456 python optional pygments_2.0.1+dfsg-2.debian.tar.xz
 f2a6a65f8952277943026de73a265574 224510 doc extra python-pygments-doc_2.0.1+dfsg-2_all.deb
 9c35139f868ddfec2ebce0bd9bcb0daf 479882 python optional python-pygments_2.0.1+dfsg-2_all.deb
 fb5cb37cf93a40b5c1102461f4155705 477858 python optional python3-pygments_2.0.1+dfsg-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJWkp9GAAoJEK728aKnRXZFTh4QAJtjDJz44g9JqrFriUZskMXl
0yzMeQw1tupmS5VsaaN/PEVLvs9c36t8PsE6Wc/ljVS3OwLY88fCOi1H4ZnxsAWO
BmEeZJWM6tJrJ35KibE7ow4aDkKmqZu1ffh8V/XreXk0qKOeVPSOuMLteAJwKEHu
vlVvFhm8usnjlQBD2M0kAAFAZaKH2QxZ2NIFRXqBqSM3M6eC1/8uy+D69lgdNrk2
DgJftqfWVjlz4OvMMGjklBb0atxg788/uVnj6FHL3ldq8PhCTDFhRmejiHEeZe4f
IB/zY8SH4s/9SkhKWQBL9n3hQTVV4qEN3sUpxGkPKza0sD8P9a8Gjx9MSF+0xRaT
TVtI/UrnMoWBtX5q4tbthvwxLHmGO005MKKog1qLfKUWDt3N0gF24p401qI+QcJs
rzVxuGxkeX12sAWSRLpYzjd9QlCT4ucr6qpJQSRZjq8vxzjVErwrmrQidiLPi2WV
SB5grwYb+uRcZYVxb2/ewyzwrilYuSATYWg8KUav96s3bNJBqMh8H3TKKFi25TTP
wDXahH1eAPd3OMvHLzwenALWu7qfzDbFZ4+H8IMqUAzr6Yqm6uUB/vdn4EaJ2ArG
gMVV5hrd2G/yUs/ajl064StcVQ1LOSjtLondf9GkpnewP/h5988TdqoBSQjJcDaW
ZrQEm+SoV17WnSEWEgYu
=H1ap
-----END PGP SIGNATURE-----

Message #44 received at 802828-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 802828-close@bugs.debian.org

Subject: Bug#802828: fixed in pygments 2.0.1+dfsg-1.1+deb8u1

Date: Fri, 15 Jan 2016 10:17:33 +0000

Source: pygments
Source-Version: 2.0.1+dfsg-1.1+deb8u1

We believe that the bug you reported is fixed in the latest version of
pygments, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 802828@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated pygments package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 10 Jan 2016 16:50:12 +0100
Source: pygments
Binary: python-pygments python3-pygments python-pygments-doc
Architecture: all source
Version: 2.0.1+dfsg-1.1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Piotr Ożarowski <piotr@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 802828
Description: 
 python-pygments - syntax highlighting package written in Python
 python-pygments-doc - documentation for the Pygments
 python3-pygments - syntax highlighting package written in Python 3
Changes:
 pygments (2.0.1+dfsg-1.1+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add CVE-2015-8557.patch patch.
     CVE-2015-8557: Shell injection in FontManager._get_nix_font_path.
     (Closes: #802828)
Checksums-Sha1: 
 307ca9f803febd3e329f275a782219950b5bc89d 2330 pygments_2.0.1+dfsg-1.1+deb8u1.dsc
 4d697edf6fa3f9c5bd58be4554fa01679f35b471 936249 pygments_2.0.1+dfsg.orig.tar.gz
 74ceb3ce685b58851a3048f24326a726faae2bca 7360 pygments_2.0.1+dfsg-1.1+deb8u1.debian.tar.xz
 287e32b9b981a0bdf66aee8bfc806ff17465b0ef 481588 python-pygments_2.0.1+dfsg-1.1+deb8u1_all.deb
 7a07ecddcc7886b7326acc72cde28081633e0683 479518 python3-pygments_2.0.1+dfsg-1.1+deb8u1_all.deb
 09314394692a82253b46273561ba5aac0f61013b 227684 python-pygments-doc_2.0.1+dfsg-1.1+deb8u1_all.deb
Checksums-Sha256: 
 251e9cfd42ccea8dcd64d43b25c3fbab4ba19d6b2df5bb4d71b325c401912afd 2330 pygments_2.0.1+dfsg-1.1+deb8u1.dsc
 44eee854675525dbf251373a495a33de46321aecd907466372b75e8233511bb4 936249 pygments_2.0.1+dfsg.orig.tar.gz
 68955ca8af67ef7b77d60782628a366502d45ba2064302fb30bd830dd54eb73c 7360 pygments_2.0.1+dfsg-1.1+deb8u1.debian.tar.xz
 0a40170f19081f2a93f36698ba283901c487aaefa31934c7a81919eb9e864d99 481588 python-pygments_2.0.1+dfsg-1.1+deb8u1_all.deb
 da2a6ee0fe41e1589915f5fa729c16ecf93099249b3983de8773d9c4460b0bbc 479518 python3-pygments_2.0.1+dfsg-1.1+deb8u1_all.deb
 d9bd30468185a46b6c6a817e2d27d511f3b5ff97f17daebbc9286183a393fcac 227684 python-pygments-doc_2.0.1+dfsg-1.1+deb8u1_all.deb
Files: 
 53cc7be5ba182b8140040a8d796d9f36 2330 python optional pygments_2.0.1+dfsg-1.1+deb8u1.dsc
 81a7b53bc120eee6b22a27325582f000 936249 python optional pygments_2.0.1+dfsg.orig.tar.gz
 eb01a9be5536f54cac6f319c51eeedae 7360 python optional pygments_2.0.1+dfsg-1.1+deb8u1.debian.tar.xz
 9d7351c793da6d9df04a7258e23f8fb1 481588 python optional python-pygments_2.0.1+dfsg-1.1+deb8u1_all.deb
 ddb867d3c9b80f695e536fdc22791b4e 479518 python optional python3-pygments_2.0.1+dfsg-1.1+deb8u1_all.deb
 4ad6f834ca0b06d81e02d169f373d868 227684 doc extra python-pygments-doc_2.0.1+dfsg-1.1+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWkn8DAAoJEAVMuPMTQ89EUmQQAJyzsqnxuYRVWkuk+/8AEwG1
Iy1kSV2sQWsAG9oFoPb1r4AukSLLxoFI0624zbHekeKOyaMvlswS380+28fnwWAD
A1lybrjI+MxP5U1FUz3jpsHiKdXj3MLGu9r+L/1r6mLqErY0jmMgT18DmjiB7ZXw
M/eOQ/MfXjTk/3IqlrVfe96XcQl8CZ/ymnJE73/7TM9oh4W9SqzFAespcC6vX0to
zCk1W3nQzz0YhiUQs4940ZFz2S2VOWtCAQhIy5rXpkUEEaGC1xPRu5lwWk4u4337
T/Y61EwqRDghODelVQ45oqn5McrmY7lCfvmHzFnztWSCnRUVnmEBCqmToxNBLmaU
w/9rYn01OAmEq6b6X+VK2MCqv9fIyw1HUXEJG8Eqc8GPJLS/b8NKF+yHkT8zk1Tq
5wRxVSi4f48HOQ7gxRwgG7txn8d/ORCQ8DhXismC4rcPH7cefSBe+JY7S0+jNaaP
oFB16VR+LDzT06pq3ldVpaS46zybTdJOeSslzqRV+a5LnB2ApHhfLI37IR1du0Ah
8ktK+cJZCnY2hl1UHXvGm1EEFDhSykiSWyQ/8kABfUanXBRr8Bxs9t01UYMkKQ+G
AyfwOr9hXmXivSs9uSal09LJPy/nzby2PFMfQVD82o7JCa8/N93uUZCO/Oe3mjAQ
W9FCZl0wrBMu9mRiVMb9
=sMp4
-----END PGP SIGNATURE-----

Message #49 received at 802828-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 802828-close@bugs.debian.org

Subject: Bug#802828: fixed in pygments 1.5+dfsg-1+deb7u1

Date: Fri, 15 Jan 2016 10:18:28 +0000

Source: pygments
Source-Version: 1.5+dfsg-1+deb7u1

We believe that the bug you reported is fixed in the latest version of
pygments, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 802828@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated pygments package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 10 Jan 2016 16:42:08 +0100
Source: pygments
Binary: python-pygments python3-pygments
Architecture: source all
Version: 1.5+dfsg-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Piotr Ożarowski <piotr@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 python-pygments - syntax highlighting package written in Python
 python3-pygments - syntax highlighting package written in Python 3
Closes: 802828
Changes: 
 pygments (1.5+dfsg-1+deb7u1) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add CVE-2015-8557.patch patch.
     CVE-2015-8557: Shell injection in FontManager._get_nix_font_path.
     (Closes: #802828)
Checksums-Sha1: 
 a4c0ab3c61aea863eaf1d8a14578ae131436ce2a 2190 pygments_1.5+dfsg-1+deb7u1.dsc
 af3f1b8792727878500a5fd19e13be7445fbe3c3 690281 pygments_1.5+dfsg.orig.tar.gz
 80a91d62c0cf3e6c621b9310a7f91df222a1a40d 7091 pygments_1.5+dfsg-1+deb7u1.debian.tar.gz
 f069727b9bef5d52947846085c1d8040365b45d5 456340 python-pygments_1.5+dfsg-1+deb7u1_all.deb
 fe8e6224ba08c6c45bc3e371e85252ff4ba7b363 361820 python3-pygments_1.5+dfsg-1+deb7u1_all.deb
Checksums-Sha256: 
 c8595d8750f96a047245de53014fe9a46566b58ea2f335ff7af14e66734bd02e 2190 pygments_1.5+dfsg-1+deb7u1.dsc
 311fba59f537c3ea67405431f0b68fb7e5fd15e461497d14a970cb7bf7c79542 690281 pygments_1.5+dfsg.orig.tar.gz
 1efa84f8b74fefa10a0e10eaafe150835fdfb1779483f8d224614b9fa1b09360 7091 pygments_1.5+dfsg-1+deb7u1.debian.tar.gz
 74b0c4a38fc5931f355cfba53eb93286f866a1d5d9b8e87c02696e6aef1366c8 456340 python-pygments_1.5+dfsg-1+deb7u1_all.deb
 da95b690e2976e740158474d5d31376b76bcc9b60f30ec3a275b9ebd9233a36c 361820 python3-pygments_1.5+dfsg-1+deb7u1_all.deb
Files: 
 319cb6cb708019fd01506e7af52e3265 2190 python optional pygments_1.5+dfsg-1+deb7u1.dsc
 d5399b752cbac2435d0cd0929bf68bed 690281 python optional pygments_1.5+dfsg.orig.tar.gz
 49255985f80b804f1915ff5a8ec7f33d 7091 python optional pygments_1.5+dfsg-1+deb7u1.debian.tar.gz
 0ebc12cc7f2e00210eae10bee2e5943f 456340 python optional python-pygments_1.5+dfsg-1+deb7u1_all.deb
 6fa52f01a6b859537d02d54d15f6e0aa 361820 python optional python3-pygments_1.5+dfsg-1+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWknxdAAoJEAVMuPMTQ89EO+8P/1t8ZGHKYGOYN1SUTp6YaHiY
mPB6f2yfJSA+9/NwnNkYxbrAc8sVj3K6CxoJSu/GLKIqiZrlQuhsiNnuMb1PBJm8
PgO9ltxPN/DHh492BXJ1bie9a/CD6Na51ZiUDc9zILztQh4RhHOGBiFBG2E9jO3U
hTS+oy8p3mY3LTK8YVzLa5mfB6f/Av4eHtG3PzZHQgR5DVdnwVfO9aDVDMz9cDSe
/6yU0XIGzmONcUEb7KzkDOexeCjHhh4zmHQs/pNQIxN+Q/pNV9OWaQs0d67CWiDn
Rq7iJjaWzKb7TNMqZ6AAJppZEtXgkUYZ2uvKKyQY4n9zE70b+CzpvU2scztSPWjc
xtxniBTYcpT5qL5g2GCOHmMvIEQVhtf9U7W7j82E3fCnTwosmp1bl6jrrMUmeryc
BLXGkRsUAqYQahALD/vpEsMPLREgmhf0+WGgUrb23LjV3OVCP09+9/gHBYua/gqh
EjsASWCHbvN54bXfs7AzIT1SEMnqYuMIihv/PixOWZUC+BjQ/AxLXlleGjj6VO/c
ZMtC0u45xIQrcRBbBJVv7pzlQbiFZIQM3ubC3FwWvqfjoHK9h+SuN42mq+drYkxk
hzEuMQ4a4RuERAO0qy4QlKzS/sb3hc53nMFqeBlDHG3IbjhcGzwLW+xoi7Yqs7n8
miEq3dLJVp5HNCuyR/VF
=k1H/
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.