ncurses: multiple vulnerabilities on tic, captoinfo, infotocap (CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13734)

Debian Bug report logs - #873723
ncurses: multiple vulnerabilities on tic, captoinfo, infotocap (CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13734)

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Raphael Hertzog <hertzog@debian.org>

To: submit@bugs.debian.org

Subject: ncurses: multiple vulnerabilities on tic, captoinfo, infotocap (CVE-2017-13728 to CVE-2017-13734)

Date: Wed, 30 Aug 2017 15:49:02 +0200

Source: ncurses
X-Debbugs-CC: team@security.debian.org secure-testing-team@lists.alioth.debian.org
Severity: important
Tags: security

Hi,

the following vulnerabilities were published for ncurses.

CVE-2017-13728[0]:
| There is an infinite loop in the next_char function in comp_scan.c in
| ncurses 6.0, related to libtic. A crafted input will lead to a remote
| denial of service attack.

CVE-2017-13729[1]:
| There is an illegal address access in the _nc_save_str function in
| alloc_entry.c in ncurses 6.0. It will lead to a remote denial of
| service attack.

CVE-2017-13730[2]:
| There is an illegal address access in the function
| _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead
| to a remote denial of service attack.

CVE-2017-13731[3]:
| There is an illegal address access in the function
| postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to
| a remote denial of service attack.

CVE-2017-13732[4]:
| There is an illegal address access in the function dump_uses() in
| progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of
| service attack.

CVE-2017-13733[5]:
| There is an illegal address access in the fmt_entry function in
| progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of
| service attack.

CVE-2017-13734[6]:
| There is an illegal address access in the _nc_safe_strcat function in
| strings.c in ncurses 6.0 that will lead to a remote denial of service
| attack.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-13728
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728
[1] https://security-tracker.debian.org/tracker/CVE-2017-13729
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729
[2] https://security-tracker.debian.org/tracker/CVE-2017-13730
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730
[3] https://security-tracker.debian.org/tracker/CVE-2017-13731
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731
[4] https://security-tracker.debian.org/tracker/CVE-2017-13732
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732
[5] https://security-tracker.debian.org/tracker/CVE-2017-13733
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733
[6] https://security-tracker.debian.org/tracker/CVE-2017-13734
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734

Please adjust the affected versions in the BTS as needed.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Message #12 received at 873723@bugs.debian.org (full text, mbox, reply):

From: Sven Joachim <svenjoac@gmx.de>

To: Raphael Hertzog <hertzog@debian.org>

Cc: 873723@bugs.debian.org

Subject: Re: Bug#873723: ncurses: multiple vulnerabilities on tic, captoinfo, infotocap (CVE-2017-13728 to CVE-2017-13734)

Date: Wed, 30 Aug 2017 18:17:40 +0200

Control: clone -1 -2
Control: retitle -2 ncurses: CVE-2017-13733

On 2017-08-30 15:49 +0200, Raphael Hertzog wrote:

> Source: ncurses
> X-Debbugs-CC: team@security.debian.org secure-testing-team@lists.alioth.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> the following vulnerabilities were published for ncurses.
>
> CVE-2017-13728[0]:
> | There is an infinite loop in the next_char function in comp_scan.c in
> | ncurses 6.0, related to libtic. A crafted input will lead to a remote
> | denial of service attack.
>
> CVE-2017-13729[1]:
> | There is an illegal address access in the _nc_save_str function in
> | alloc_entry.c in ncurses 6.0. It will lead to a remote denial of
> | service attack.
>
> CVE-2017-13730[2]:
> | There is an illegal address access in the function
> | _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead
> | to a remote denial of service attack.
>
> CVE-2017-13731[3]:
> | There is an illegal address access in the function
> | postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to
> | a remote denial of service attack.
>
> CVE-2017-13732[4]:
> | There is an illegal address access in the function dump_uses() in
> | progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of
> | service attack.
>
> CVE-2017-13733[5]:
> | There is an illegal address access in the fmt_entry function in
> | progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of
> | service attack.
>
> CVE-2017-13734[6]:
> | There is an illegal address access in the _nc_safe_strcat function in
> | strings.c in ncurses 6.0 that will lead to a remote denial of service
> | attack.

All but CVE-2017-13733 have been fixed in the latest upstream patchlevel
for which I have already prepared a release, cloning the bug to track
that one separately.

> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

Already done[1].

Cheers,
       Sven


1. https://anonscm.debian.org/cgit/collab-maint/ncurses.git/commit/?id=45ee200645d5f299be580db4aeb2a4b5c817301a

Message #19 received at 873723-submitter@bugs.debian.org (full text, mbox, reply):

From: Sven Joachim <svenjoac@gmx.de>

To: 873723-submitter@bugs.debian.org

Subject: Bug#873723 marked as pending

Date: Wed, 30 Aug 2017 16:25:12 +0000

tag 873723 pending
thanks

Hello,

Bug #873723 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    https://anonscm.debian.org/cgit/collab-maint/ncurses.git/commit/?id=72e9ecb

---
commit 72e9ecbaa36a65013cc2b4470421fdb4d88ff1fe
Author: Sven Joachim <svenjoac@gmx.de>
Date:   Wed Aug 30 18:19:50 2017 +0200

    Close bug #873723

diff --git a/debian/changelog b/debian/changelog
index 7e3c07a..1c78627 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,8 @@
 ncurses (6.0+20170827-1) UNRELEASED; urgency=medium
 
   * New upstream patchlevel.
-    - Add/improve checks in tic's parser to address invalid input.
+    - Add/improve checks in tic's parser to address invalid input
+      (Closes: #873723).
       + Add a check in comp_scan.c to handle the special case where a
         nontext file ending with a NUL rather than newline is given to
         tic as input (CVE-2017-13728).

Message #30 received at 873723@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Sven Joachim <svenjoac@gmx.de>, 873723@bugs.debian.org

Cc: Raphael Hertzog <hertzog@debian.org>

Subject: Re: Bug#873723: ncurses: multiple vulnerabilities on tic, captoinfo, infotocap (CVE-2017-13728 to CVE-2017-13734)

Date: Wed, 30 Aug 2017 21:34:58 +0200

Hey!

On Wed, Aug 30, 2017 at 06:17:40PM +0200, Sven Joachim wrote:
> All but CVE-2017-13733 have been fixed in the latest upstream patchlevel
> for which I have already prepared a release, cloning the bug to track
> that one separately.

Alright, I took the liberty to slightly retitle the subject to thus
explicitly list the CVEs, hope this is fine with both of you. Updated
the tracker as well to track CVE-2017-13733 with the cloned bug.

Sven, for oldstable and stable we can go either again via a point
release or ignore those issues.

Regards,
Salvatore

Message #35 received at 873723-close@bugs.debian.org (full text, mbox, reply):

From: Sven Joachim <svenjoac@gmx.de>

To: 873723-close@bugs.debian.org

Subject: Bug#873723: fixed in ncurses 6.0+20170827-1

Date: Thu, 31 Aug 2017 19:36:59 +0000

Source: ncurses
Source-Version: 6.0+20170827-1

We believe that the bug you reported is fixed in the latest version of
ncurses, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 873723@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sven Joachim <svenjoac@gmx.de> (supplier of updated ncurses package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 31 Aug 2017 21:01:20 +0200
Source: ncurses
Binary: libtinfo5 libtinfo5-udeb libncurses5 libtinfo-dev libtinfo5-dbg libncurses5-dev libncurses5-dbg libncursesw5 libncursesw5-dev libncursesw5-dbg lib64ncurses5 lib64ncurses5-dev lib32ncurses5 lib32ncurses5-dev lib32ncursesw5 lib32ncursesw5-dev lib64tinfo5 lib32tinfo5 lib32tinfo-dev ncurses-bin ncurses-base ncurses-term ncurses-examples ncurses-doc
Architecture: source
Version: 6.0+20170827-1
Distribution: unstable
Urgency: medium
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Sven Joachim <svenjoac@gmx.de>
Description:
 lib32ncurses5 - shared libraries for terminal handling (32-bit)
 lib32ncurses5-dev - developer's libraries for ncurses (32-bit)
 lib32ncursesw5 - shared libraries for terminal handling (wide character support) (
 lib32ncursesw5-dev - developer's libraries for ncursesw (32-bit)
 lib32tinfo-dev - developer's library for the low-level terminfo library (32-bit)
 lib32tinfo5 - shared low-level terminfo library for terminal handling (32-bit)
 lib64ncurses5 - shared libraries for terminal handling (64-bit)
 lib64ncurses5-dev - developer's libraries for ncurses (64-bit)
 lib64tinfo5 - shared low-level terminfo library for terminal handling (64-bit)
 libncurses5 - shared libraries for terminal handling
 libncurses5-dbg - debugging/profiling libraries for ncurses
 libncurses5-dev - developer's libraries for ncurses
 libncursesw5 - shared libraries for terminal handling (wide character support)
 libncursesw5-dbg - debugging/profiling libraries for ncursesw
 libncursesw5-dev - developer's libraries for ncursesw
 libtinfo-dev - developer's library for the low-level terminfo library
 libtinfo5  - shared low-level terminfo library for terminal handling
 libtinfo5-dbg - debugging/profiling library for the low-level terminfo library
 libtinfo5-udeb - shared low-level terminfo library for terminal handling - udeb (udeb)
 ncurses-base - basic terminal type definitions
 ncurses-bin - terminal-related programs and man pages
 ncurses-doc - developer's guide and documentation for ncurses
 ncurses-examples - test programs and examples for ncurses
 ncurses-term - additional terminal type definitions
Closes: 371855 873723
Changes:
 ncurses (6.0+20170827-1) unstable; urgency=medium
 .
   * New upstream patchlevel.
     - Add/improve checks in tic's parser to address invalid input
       (Closes: #873723).
       + Add a check in comp_scan.c to handle the special case where a
         nontext file ending with a NUL rather than newline is given to
         tic as input (CVE-2017-13728).
       + Allow for cancelled capabilities in _nc_save_str (CVE-2017-13729).
       + Add validity checks for "use=" target in _nc_parse_entry
         (CVE-2017-13730).
       + Check for invalid strings in postprocess_termcap (CVE-2017-13731).
       + Reset secondary pointers on EOF in next_char() (CVE-2017-13732).
       + Guard _nc_safe_strcpy() and _nc_safe_strcat() against calls using
         cancelled strings (CVE-2017-13734).
     - Add usage message to clear command (Closes: #371855).
   * Configure the test programs with --datadir=/usr/share/ncurses-examples.
   * Look for tarballs on ftp.invisible-island.net in the watch files.
Checksums-Sha1:
 c074c90c5a410b0d36622fd0db58dc13286ae068 4021 ncurses_6.0+20170827-1.dsc
 7778568c63ff150f584577fe749d1a9408fe4e09 3322384 ncurses_6.0+20170827.orig.tar.gz
 fcf51edf4e07c8efe2d1e24669ead566384b5922 267 ncurses_6.0+20170827.orig.tar.gz.asc
 df29dc7296998cf70428167ea405c7724721659b 53448 ncurses_6.0+20170827-1.debian.tar.xz
 c8d57db8fcf7c1627f5ca35dc4f6b4a131ac6b60 7384 ncurses_6.0+20170827-1_source.buildinfo
Checksums-Sha256:
 f7476efad8861e2ee8ea105461d415f9362cb4f3aec8657f47defef0bb229f5c 4021 ncurses_6.0+20170827-1.dsc
 148193cef8ad2cf3cb1fc207c1b16ea1ace3b6b19b9d975e7d1841acf53c37ea 3322384 ncurses_6.0+20170827.orig.tar.gz
 f6cc0117fb10834c557bc2d1ed336bee1898961ddb1e965325d5a7d3687de7e7 267 ncurses_6.0+20170827.orig.tar.gz.asc
 66d89732a20568a74ef193d2d2a9dc5aa81c3b39150a4ce80bf659f4bef1e3ee 53448 ncurses_6.0+20170827-1.debian.tar.xz
 a04129087f88ff5eb7d5d7163211e86efb3578bdd1dfb3511092ee640d2001e4 7384 ncurses_6.0+20170827-1_source.buildinfo
Files:
 091ef9ce7262b2a04968523d7ba4f389 4021 libs required ncurses_6.0+20170827-1.dsc
 08fdc01a498f19ee75d8638c5504cdb1 3322384 libs required ncurses_6.0+20170827.orig.tar.gz
 da1f906d1c9786becefa9aedbe1ac697 267 libs required ncurses_6.0+20170827.orig.tar.gz.asc
 5b411e999b5c1cccf44386a2b6d33947 53448 libs required ncurses_6.0+20170827-1.debian.tar.xz
 5e23bc0f62948d858610e1ce1cacdfe5 7384 libs required ncurses_6.0+20170827-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKF8heKgv5Jai5p4QOxBucY1rMawFAlmoXh4ACgkQOxBucY1r
Maw48Q/9GBEXoBWMJstgeb6frE7UyctrzztN5URVWDtn3IbvfA89ruxgxiNx5uZA
DAkhlGeIyZTOkhnPoLEFvnADeLeyaSOVCne5ZIQ+RtKEbZyycY0mqUoBYszBEk8B
7gMbu47EXwoVGP1v01pzDPruyXi9pSOKuHUrEbNuiWqOx+mK+5XSeD1FC0SXY8d0
H8kiqnmPftSPyM+ggjc7/xXAUFfktyzOOWAlXi32hpOzPhmndRcFRZs0lNYRYbg6
lOkfaUzebT681UZ/ou8zU0HJfiA4mwTj+tldZPO+TfM20OF+y05Va72VwE/noZGr
hP1GFY73Dx664+a1A1jJTojV9IgR9GqQi18K3fi6GnLEwx/+n48W+g/Q5wbaINoe
MFf2Dpgu9/hu4Q8mg2jN0MUrPLxMSNpLJsrCzx8S2xZfWv6eniZmWoZ027/Vos3Y
PgAq7O1CZIvA3dnD/I7Op+kMmvUSjBb/xqM+F1mzgQfXb/ZkNZKRV+ZDmjEmaP6+
8Li1+ErSpspSGr0ClZoDOEt4vuOfVQZ78ZDnikveU6pFX8VbKEZM1c8a3oOatek+
6kxcg+xEKvLtpwwhpsJ+zUz1vNon7tKmkrlC3G4M04y7wdIn9l2qdsF25C/Z8wJG
v5JF8OoaHchUcSc13OZNbaQdaUy7PzpwVI7XYI9xImn5v2zqwr0=
=RipQ
-----END PGP SIGNATURE-----

Message #44 received at 873723-close@bugs.debian.org (full text, mbox, reply):

From: Sven Joachim <svenjoac@gmx.de>

To: 873723-close@bugs.debian.org

Subject: Bug#873723: fixed in ncurses 6.0+20161126-1+deb9u1

Date: Thu, 28 Sep 2017 05:47:12 +0000

Source: ncurses
Source-Version: 6.0+20161126-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
ncurses, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 873723@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sven Joachim <svenjoac@gmx.de> (supplier of updated ncurses package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 07 Sep 2017 19:05:43 +0200
Source: ncurses
Binary: libtinfo5 libtinfo5-udeb libncurses5 libtinfo-dev libtinfo5-dbg libncurses5-dev libncurses5-dbg libncursesw5 libncursesw5-dev libncursesw5-dbg lib64ncurses5 lib64ncurses5-dev lib32ncurses5 lib32ncurses5-dev lib32ncursesw5 lib32ncursesw5-dev lib64tinfo5 lib32tinfo5 lib32tinfo-dev ncurses-bin ncurses-base ncurses-term ncurses-examples ncurses-doc
Architecture: source
Version: 6.0+20161126-1+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Sven Joachim <svenjoac@gmx.de>
Description:
 lib32ncurses5 - shared libraries for terminal handling (32-bit)
 lib32ncurses5-dev - developer's libraries for ncurses (32-bit)
 lib32ncursesw5 - shared libraries for terminal handling (wide character support) (
 lib32ncursesw5-dev - developer's libraries for ncursesw (32-bit)
 lib32tinfo-dev - developer's library for the low-level terminfo library (32-bit)
 lib32tinfo5 - shared low-level terminfo library for terminal handling (32-bit)
 lib64ncurses5 - shared libraries for terminal handling (64-bit)
 lib64ncurses5-dev - developer's libraries for ncurses (64-bit)
 lib64tinfo5 - shared low-level terminfo library for terminal handling (64-bit)
 libncurses5 - shared libraries for terminal handling
 libncurses5-dbg - debugging/profiling libraries for ncurses
 libncurses5-dev - developer's libraries for ncurses
 libncursesw5 - shared libraries for terminal handling (wide character support)
 libncursesw5-dbg - debugging/profiling libraries for ncursesw
 libncursesw5-dev - developer's libraries for ncursesw
 libtinfo-dev - developer's library for the low-level terminfo library
 libtinfo5  - shared low-level terminfo library for terminal handling
 libtinfo5-dbg - debugging/profiling library for the low-level terminfo library
 libtinfo5-udeb - shared low-level terminfo library for terminal handling - udeb (udeb)
 ncurses-base - basic terminal type definitions
 ncurses-bin - terminal-related programs and man pages
 ncurses-doc - developer's guide and documentation for ncurses
 ncurses-examples - test programs and examples for ncurses
 ncurses-term - additional terminal type definitions
Closes: 873723 873746
Changes:
 ncurses (6.0+20161126-1+deb9u1) stretch; urgency=medium
 .
   * Cherry-pick upstream fixes from the 20170701 and 20170708 patchlevels
     for various crash bugs in the tic library and the tic binary
     (CVE-2017-10684, CVE-2017-10685, CVE-2017-11112, CVE-2017-11113).
   * Backport termcap-format fix from the 20170715 patchlevel, repairing a
     regression from the above security fixes (see #868266).
   * Cherry-pick upstream fixes from the 20170826 patchlevel for more
     crash bugs in the tic library (CVE-2017-13728, CVE-2017-13729,
     CVE-2017-13730, CVE-2017-13731, CVE-2017-13732, CVE-2017-13734,
     Closes: #873723).
   * Cherry-pick upstream fixes from the 20170902 patchlevel to fix
     another crash bug in the tic program (CVE-2017-13733, Closes: #873746).
Checksums-Sha1:
 02f602e8b2256abdf933cca4c0d52e5541be94a1 3784 ncurses_6.0+20161126-1+deb9u1.dsc
 67ed130efd13ad4006b3485024d53e089f213f6b 58888 ncurses_6.0+20161126-1+deb9u1.debian.tar.xz
 f0a9cb4e590c14940eeeaeeb4017249514f36e39 6468 ncurses_6.0+20161126-1+deb9u1_source.buildinfo
Checksums-Sha256:
 aa957f0ad03a52869ff2e5b80658a9ed3377621594d367eba24816216c709c7b 3784 ncurses_6.0+20161126-1+deb9u1.dsc
 f6bc08abcdc3b31f50dcdb622c0bfa060d01508653cf7c16a47014ad70375faf 58888 ncurses_6.0+20161126-1+deb9u1.debian.tar.xz
 ecfa982990a5c0831ceededd4a5943fa201f88e03c5b3b32155c18d93d8972a1 6468 ncurses_6.0+20161126-1+deb9u1_source.buildinfo
Files:
 215ffa6fc1215b532628411e6c632bf1 3784 libs required ncurses_6.0+20161126-1+deb9u1.dsc
 c97a6baa83653bb7f08482601f5ae688 58888 libs required ncurses_6.0+20161126-1+deb9u1.debian.tar.xz
 3fabb6892d6447a55ba83ce8f1efedfa 6468 libs required ncurses_6.0+20161126-1+deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKF8heKgv5Jai5p4QOxBucY1rMawFAlnHUlkACgkQOxBucY1r
May6sw//cpr5peelChCDUlQaF0h0j+hHhy6uGsDDmwHvrTvbib0HGWiOAl7Ceqo8
I3VQGzjrSlRTdZDR06O7ynUNnGvF0YIgTatNQodBtMWF1rMO9dh/649rkYATFCs9
KpO/xS56oseyZupzVhdtjcSE/d1LAPkmnG+6c1lYqISpRtTZqKDEYNVD/hDvEN9z
Vjc3rgEuAGy2R8OaW41Jo7u7kRibqnBYeWmNMJ+rHpDwb1L/KXvEwlJhb/4kvTUC
ddGXojlByBN5UPlB7Fr6/tZYCxivE82irf6PyzEm5A5X37xMWP/fFd2BPYBsdt3t
+EcdTAdK/zbccQol97LPde8kyPFLpyTD14ZhuUa3W1mXyPpbAVhSA4xym4huqrq4
Vq7u0qfL0iR0DFJc6w3kGbjjOhjE00dj28qCttujS7HUWU98PjYTxyXjGV6Oor3R
yNcdKSwa0+yeRQkrWc9wF9kXULVZzysnl06FDMEDLzGB+eVvR59H1i42hGIFaNOC
nEIG7TOrveANJrI4YspLJnY6DximeCVsv58JUzBeBuyoW3dkpHrE+G5eJvAGflE1
YY20Py9If9Hwne+AGCeKxjC7BjXsW0R3vFem2L8f+qAWN6IKQsEYgaKfTnbOCqTs
24tru4ME2FBk6WpNWUhME4cbaeuknjQnlB5iEgydNsx6nMKzxXQ=
=8zGN
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.