"malicious escape sequences can cause denial of service for vte-based terminals"

Debian Bug report logs - #677717
"malicious escape sequences can cause denial of service for vte-based terminals"

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Timo Juhani Lindfors <timo.lindfors@iki.fi>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: malicious escape sequences can cause denial of service for mosh-server

Date: Mon, 21 May 2012 22:43:51 +0300

Package: mosh
Version: 1.2-1
Severity: important
Tags: security

I submitted details upstream at

https://github.com/keithw/mosh/issues/271

but here's also a copy:


> The commands
> 
> echo -en "\e[2147483647L"
> echo -en "\e[2147483647M"
> echo -en "\e[2147483647@"
> echo -en "\e[2147483647P"
> 
> all cause mosh-server to enter very long for-loops in terminalfunctions.cc.

Upstream has released a fix, please consider including it in the debian
package.

Security team, this also affects gnome-terminal and probably all other
terminal emulators that use libvte. Its upstream is also working a fix
but they made their bug report restricted for now:
https://bugzilla.gnome.org/show_bug.cgi?id=676090

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/6 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages mosh depends on:
ii  libc6           2.13-32
ii  libgcc1         1:4.7.0-8
ii  libio-pty-perl  1:1.08-1+b2
ii  libprotobuf7    2.4.1-1
ii  libstdc++6      4.7.0-8
ii  libtinfo5       5.9-7
ii  libutempter0    1.1.5-4
ii  openssh-client  1:5.9p1-5
ii  zlib1g          1:1.2.7.dfsg-1

mosh recommends no packages.

mosh suggests no packages.

-- no debconf information

Message #10 received at submit@bugs.debian.org (full text, mbox, reply):

From: Keith Winstein <keithw@mit.edu>

To: Timo Juhani Lindfors <timo.lindfors@iki.fi>, 673871@bugs.debian.org

Cc: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Re: Bug#673871: malicious escape sequences can cause denial of service for mosh-server

Date: Mon, 21 May 2012 19:26:27 -0400

Thanks, Timo, and thanks for submitting the original bug as well.

This bug allows applications and unscreened terminal input (run or
"catted" by the user) to DOS the mosh-server (also run by the user).
It also allowed the mosh-server process (invoked by the user but
resident on a remote host and not trusted by the client) to DOS the
mosh-client (run by the user).

Based on the severity, I don't think it warrants a backported patch or
emergency release.

We do intend to do a 1.2.1 release in the coming weeks that will roll
up the bugfixes we have done in the wake of 1.2, including this one.

Thanks again,
Keith

On Mon, May 21, 2012 at 3:43 PM, Timo Juhani Lindfors
<timo.lindfors@iki.fi> wrote:
> Package: mosh
> Version: 1.2-1
> Severity: important
> Tags: security
>
> I submitted details upstream at
>
> https://github.com/keithw/mosh/issues/271
>
> but here's also a copy:
>
>
>> The commands
>>
>> echo -en "\e[2147483647L"
>> echo -en "\e[2147483647M"
>> echo -en "\e[2147483647@"
>> echo -en "\e[2147483647P"
>>
>> all cause mosh-server to enter very long for-loops in terminalfunctions.cc.
>
> Upstream has released a fix, please consider including it in the debian
> package.
>
> Security team, this also affects gnome-terminal and probably all other
> terminal emulators that use libvte. Its upstream is also working a fix
> but they made their bug report restricted for now:
> https://bugzilla.gnome.org/show_bug.cgi?id=676090
>
> -- System Information:
> Debian Release: wheezy/sid
>  APT prefers unstable
>  APT policy: (500, 'unstable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 2.6.32-5-amd64 (SMP w/6 CPU cores)
> Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/bash
>
> Versions of packages mosh depends on:
> ii  libc6           2.13-32
> ii  libgcc1         1:4.7.0-8
> ii  libio-pty-perl  1:1.08-1+b2
> ii  libprotobuf7    2.4.1-1
> ii  libstdc++6      4.7.0-8
> ii  libtinfo5       5.9-7
> ii  libutempter0    1.1.5-4
> ii  openssh-client  1:5.9p1-5
> ii  zlib1g          1:1.2.7.dfsg-1
>
> mosh recommends no packages.
>
> mosh suggests no packages.
>
> -- no debconf information
>
>

Message #24 received at 673871-done@bugs.debian.org (full text, mbox, reply):

From: Keith Winstein <keithw@MIT.EDU>

To: 673871-done@bugs.debian.org

Date: Mon, 28 May 2012 22:09:17 -0400 (EDT)

Package: mosh
Version: 1.2.1-1

Message #43 received at 677717@bugs.debian.org (full text, mbox, reply):

From: Yves-Alexis Perez <corsac@debian.org>

To: 677717@bugs.debian.org

Subject: Send the clone mail to the new bug too so it gets archived

Date: Sat, 16 Jun 2012 16:04:49 +0200

[Message part 1 (text/plain, inline)]

Hi vte maintainers,

#673871, which is against the mosh server package, applies to vte too,
and is apparently fixed by 0.32.2, according to
http://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.news

CVE-2012-2738 has been allocated. I guess 0.32.2 is not a target for
Wheezy, but it'd be nice to backport the relevant fix to unstable so it
migrates properly.

I'm not sure it warrants a DSA but it might be worth backporting the fix
to stable (in case it's affected) in a stable upload.

Regards,
-- 
Yves-Alexis

[signature.asc (application/pgp-signature, inline)]

Message #48 received at 677717-close@bugs.debian.org (full text, mbox, reply):

From: Josselin Mouette <joss@debian.org>

To: 677717-close@bugs.debian.org

Subject: Bug#677717: fixed in vte 1:0.28.2-5

Date: Sat, 23 Jun 2012 15:18:01 +0000

Source: vte
Source-Version: 1:0.28.2-5

We believe that the bug you reported is fixed in the latest version of
vte, which is due to be installed in the Debian FTP archive:

libvte-common_0.28.2-5_all.deb
  to main/v/vte/libvte-common_0.28.2-5_all.deb
libvte-dev_0.28.2-5_amd64.deb
  to main/v/vte/libvte-dev_0.28.2-5_amd64.deb
libvte-doc_0.28.2-5_all.deb
  to main/v/vte/libvte-doc_0.28.2-5_all.deb
libvte9-udeb_0.28.2-5_amd64.udeb
  to main/v/vte/libvte9-udeb_0.28.2-5_amd64.udeb
libvte9_0.28.2-5_amd64.deb
  to main/v/vte/libvte9_0.28.2-5_amd64.deb
python-vte_0.28.2-5_amd64.deb
  to main/v/vte/python-vte_0.28.2-5_amd64.deb
vte_0.28.2-5.debian.tar.gz
  to main/v/vte/vte_0.28.2-5.debian.tar.gz
vte_0.28.2-5.dsc
  to main/v/vte/vte_0.28.2-5.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 677717@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Josselin Mouette <joss@debian.org> (supplier of updated vte package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 23 Jun 2012 16:02:46 +0200
Source: vte
Binary: libvte9 libvte9-udeb libvte-dev libvte-common python-vte libvte-doc
Architecture: source all amd64
Version: 1:0.28.2-5
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Josselin Mouette <joss@debian.org>
Description: 
 libvte-common - Terminal emulator widget for GTK+ 2.x - common files
 libvte-dev - Terminal emulator widget for GTK+ 2.0 - development files
 libvte-doc - Terminal emulator widget for GTK+ 2.x - documentation
 libvte9    - Terminal emulator widget for GTK+ 2.0 - runtime files
 libvte9-udeb - Terminal emulator widget for GTK+ 2.0 - minimal runtime (udeb)
 python-vte - Python bindings for the VTE widget set
Closes: 677717
Changes: 
 vte (1:0.28.2-5) unstable; urgency=medium
 .
   * Update repository URL.
   * 03_CVE-2012-2738.patch, 04_CVE-2012-2738.patch: backport upstream
     patches to fix a memory exhaustion vulnerability. Closes: #677717.
Checksums-Sha1: 
 c971eaf2e74fcfcb6aa4d16cbee75ae0a26a6265 1885 vte_0.28.2-5.dsc
 6eb2530cc3e66b9025152131518dea718e2b9f4f 21852 vte_0.28.2-5.debian.tar.gz
 5a13679f2a2758201df9d0c58d913a05cd0b087e 434640 libvte-common_0.28.2-5_all.deb
 ca8389f75d4ad1ea43e958cad0d3f0e7355e54f0 433306 libvte-doc_0.28.2-5_all.deb
 a6cc3a966a43f43bd7c95c89ae45ca216244678e 726454 libvte9_0.28.2-5_amd64.deb
 a424cf779e7614d79740c422b6342de04fed3646 216968 libvte9-udeb_0.28.2-5_amd64.udeb
 350d5ad94b4b6d0d12b32ed6e0ab154b613d9268 759132 libvte-dev_0.28.2-5_amd64.deb
 fd9d040a134838111ca28f4707dbdae2490daa00 413256 python-vte_0.28.2-5_amd64.deb
Checksums-Sha256: 
 3b4d5fe4776335000ca523b0821cf21a3fb445fc4379628567d96ab0f24c851d 1885 vte_0.28.2-5.dsc
 dfb1c5d29f64ed8df7ae77cd70ddbede339a70cbdeb5c4c8fd9226639d8e834b 21852 vte_0.28.2-5.debian.tar.gz
 c848d13b08d88cb50cfba6c4377297bfdccf9962a54ff3964ea9cc5fdf23a89d 434640 libvte-common_0.28.2-5_all.deb
 adbd4e44b9359b58d4e5aa708c412164c94327fb108e1cd1c34656a8048de73f 433306 libvte-doc_0.28.2-5_all.deb
 1afb434bd9fe1d26947338d67078f6101de6ca4bad2bbd387b15c07feedd8dea 726454 libvte9_0.28.2-5_amd64.deb
 4963033cbda5a8ba7eb8ebf1debae34463b8e63b821259860cfb51c1ab99562d 216968 libvte9-udeb_0.28.2-5_amd64.udeb
 6143041bdd6ad9ea5d1aff33ec87bdfdf71de4d711957f25a107bc9c06fc7c9f 759132 libvte-dev_0.28.2-5_amd64.deb
 5d7b81fdb6a32a0407a856cdac4d453fafbd09dd44dbf840ffa9d87eab7bb497 413256 python-vte_0.28.2-5_amd64.deb
Files: 
 6c40cde38623ee990c2eb52619064088 1885 libs optional vte_0.28.2-5.dsc
 2699eaa8be90361be42116f712db9f99 21852 libs optional vte_0.28.2-5.debian.tar.gz
 03923752a261c6d57944369484ded4df 434640 libs optional libvte-common_0.28.2-5_all.deb
 d8da6a3f9f5b78520f8e8c36b21a0b46 433306 doc optional libvte-doc_0.28.2-5_all.deb
 8d81236d7373645c53ab33f24e9f96e7 726454 libs optional libvte9_0.28.2-5_amd64.deb
 7da7201effaf5ced19abd9d0b45aa2c6 216968 debian-installer extra libvte9-udeb_0.28.2-5_amd64.udeb
 16ea0fb11037be1e2c6ccb35221afd4a 759132 libdevel optional libvte-dev_0.28.2-5_amd64.deb
 baeb69eed3765fbf83a12cf0a62af7f8 413256 python optional python-vte_0.28.2-5_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFP5dsGrSla4ddfhTMRAi0wAKDUabZUdK3wnRH5WjHSc6MggSl0cACg9Mx5
jeVArmJe4kYIjd4UR6TpDuQ=
=Wt0/
-----END PGP SIGNATURE-----

Message #53 received at 677717-close@bugs.debian.org (full text, mbox, reply):

From: Josselin Mouette <joss@debian.org>

To: 677717-close@bugs.debian.org

Subject: Bug#677717: fixed in vte 1:0.24.3-4

Date: Sat, 30 Jun 2012 10:18:09 +0000

Source: vte
Source-Version: 1:0.24.3-4

We believe that the bug you reported is fixed in the latest version of
vte, which is due to be installed in the Debian FTP archive:

libvte-common_0.24.3-4_all.deb
  to main/v/vte/libvte-common_0.24.3-4_all.deb
libvte-dev_0.24.3-4_amd64.deb
  to main/v/vte/libvte-dev_0.24.3-4_amd64.deb
libvte-doc_0.24.3-4_all.deb
  to main/v/vte/libvte-doc_0.24.3-4_all.deb
libvte9-udeb_0.24.3-4_amd64.udeb
  to main/v/vte/libvte9-udeb_0.24.3-4_amd64.udeb
libvte9_0.24.3-4_amd64.deb
  to main/v/vte/libvte9_0.24.3-4_amd64.deb
python-vte_0.24.3-4_amd64.deb
  to main/v/vte/python-vte_0.24.3-4_amd64.deb
vte_0.24.3-4.debian.tar.gz
  to main/v/vte/vte_0.24.3-4.debian.tar.gz
vte_0.24.3-4.dsc
  to main/v/vte/vte_0.24.3-4.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 677717@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Josselin Mouette <joss@debian.org> (supplier of updated vte package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 23 Jun 2012 17:07:21 +0200
Source: vte
Binary: libvte9 libvte9-udeb libvte-dev libvte-common python-vte libvte-doc
Architecture: source all amd64
Version: 1:0.24.3-4
Distribution: stable
Urgency: low
Maintainer: Guilherme de S. Pastore <gpastore@debian.org>
Changed-By: Josselin Mouette <joss@debian.org>
Description: 
 libvte-common - Terminal emulator widget for GTK+ 2.0 - common files
 libvte-dev - Terminal emulator widget for GTK+ 2.0 - development files
 libvte-doc - Terminal emulator widget for GTK+ 2.0 - documentation
 libvte9    - Terminal emulator widget for GTK+ 2.0 - runtime files
 libvte9-udeb - Terminal emulator widget for GTK+ 2.0 - minimal runtime (udeb)
 python-vte - Python bindings for the VTE widget set
Closes: 677717
Changes: 
 vte (1:0.24.3-4) stable; urgency=low
 .
   * 03_CVE-2012-2738.patch, 04_CVE-2012-2738.patch: backport upstream
     patches to fix a memory exhaustion vulnerability. Closes: #677717.
Checksums-Sha1: 
 fdcb9f324f283301ee0c235e0b48e03aefd55272 1652 vte_0.24.3-4.dsc
 a3e642fff28be79a7223d21f7ba26edf0173ff11 87431 vte_0.24.3-4.debian.tar.gz
 4df00753844d899d61778438c054de0164add68e 416220 libvte-common_0.24.3-4_all.deb
 387e7adbd2540baa993f78499e1046619045ab12 395374 libvte-doc_0.24.3-4_all.deb
 812b4d7a44bb0bfab7ef9963af209526552d17c2 915020 libvte9_0.24.3-4_amd64.deb
 c3a0479a82b9ae5cf9c967fa056eb1f9ab26a825 323562 libvte9-udeb_0.24.3-4_amd64.udeb
 afbcd9b7f3cde2ab980d06132fffe9a407b66491 721942 libvte-dev_0.24.3-4_amd64.deb
 15cbbd6ac20af2f500f955fe77df2d385c852495 387100 python-vte_0.24.3-4_amd64.deb
Checksums-Sha256: 
 fdac4e7f5019e04f286019ffb955c830668f07fe249c760e3c10bb02ba67ed7e 1652 vte_0.24.3-4.dsc
 2a5885a0f16febbfa1a9e15897ede3f52ddb877f363fe430a9e64169f95c7d18 87431 vte_0.24.3-4.debian.tar.gz
 6bbc4e0519fb437248967c449d0e3eaacbdf962d7c05cdd78cbfed4140229275 416220 libvte-common_0.24.3-4_all.deb
 d2d7732560007bb7dedd13bde87172baccde185d7808ccd4bd36312c5384f4be 395374 libvte-doc_0.24.3-4_all.deb
 5dd9db953c5b401f334c084d36e70e6a903e444d5275078a6fd7b76f19f6db33 915020 libvte9_0.24.3-4_amd64.deb
 f8bc802b766ec4efe6e9e357f5fa1e1b495c7f81d6ca33432cfa35901f17d476 323562 libvte9-udeb_0.24.3-4_amd64.udeb
 9820541f5ce95a696268d7cf6ae276b67ba69cdfd550e960f3eb0248a5ab98df 721942 libvte-dev_0.24.3-4_amd64.deb
 c253da7ed7f59667534a20f40ae7336759b8b202aee70841397f3073d9b76c25 387100 python-vte_0.24.3-4_amd64.deb
Files: 
 d6820b72037bdf7fb2f5462b8e0472b2 1652 libs optional vte_0.24.3-4.dsc
 91dbb9e92166e7202b6db8fa1e63cab3 87431 libs optional vte_0.24.3-4.debian.tar.gz
 17551dfec3808701cf3e4fa86caf94ed 416220 libs optional libvte-common_0.24.3-4_all.deb
 5cdb84cfc1c4415a753259ec0864a1ef 395374 doc optional libvte-doc_0.24.3-4_all.deb
 3e8347870b264f7b9547d279e228cd27 915020 libs optional libvte9_0.24.3-4_amd64.deb
 4eae30c0ed0685495cee54634133c0d2 323562 debian-installer extra libvte9-udeb_0.24.3-4_amd64.udeb
 6d73d728473d3a076177b7d28c6d6a82 721942 libdevel optional libvte-dev_0.24.3-4_amd64.deb
 299c0a5eec3a3be8004dcc6874170e6e 387100 python optional python-vte_0.24.3-4_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFP5e5+rSla4ddfhTMRAgjRAKCeHfy1RVbZBL7lbT0s+Ra6x0iRZACgqd/A
4tfyoYQg0EjBp/y8uZSoyqA=
=NhBQ
-----END PGP SIGNATURE-----

Message #58 received at 677717@bugs.debian.org (full text, mbox, reply):

From: Jonathan Wiltshire <jmw@debian.org>

To: 677717@bugs.debian.org

Subject: Re: "malicious escape sequences can cause denial of service for vte-based terminals"

Date: Sun, 08 Jul 2012 17:38:43 -0000

Dear maintainer,

Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:

squeeze (6.0.6) - use target "stable"

Please prepare a minimal-changes upload targetting each of these suites,
and submit a debdiff to the Release Team [0] for consideration. They will
offer additional guidance or instruct you to upload your package.

I will happily assist you at any stage if the patch is straightforward and
you need help. Please keep me in CC at all times so I can
track [1] the progress of this request.

For details of this process and the rationale, please see the original
announcement [2] and my blog post [3].

0: debian-release@lists.debian.org
1: http://prsc.debian.net/tracker/677717/
2: <201101232332.11736.thijs@debian.org>
3: http://deb.li/prsc

Thanks,

with his security hat on:
--
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Message #63 received at 677717@bugs.debian.org (full text, mbox, reply):

From: Jonathan Wiltshire <jmw@debian.org>

To: 677717@bugs.debian.org

Subject: Re: "malicious escape sequences can cause denial of service for vte-based terminals"

Date: Sun, 08 Jul 2012 15:25:01 -0000

Dear maintainer,

Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:

squeeze (6.0.6) - use target "stable"

Please prepare a minimal-changes upload targetting each of these suites,
and submit a debdiff to the Release Team [0] for consideration. They will
offer additional guidance or instruct you to upload your package.

I will happily assist you at any stage if the patch is straightforward and
you need help. Please keep me in CC at all times so I can
track [1] the progress of this request.

For details of this process and the rationale, please see the original
announcement [2] and my blog post [3].

0: debian-release@lists.debian.org
1: http://prsc.debian.net/tracker/677717/
2: <201101232332.11736.thijs@debian.org>
3: http://deb.li/prsc

Thanks,

with his security hat on:
--
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Message #68 received at 677717@bugs.debian.org (full text, mbox, reply):

From: Josselin Mouette <joss@debian.org>

To: Jonathan Wiltshire <jmw@debian.org>, 677717@bugs.debian.org

Subject: Re: Bug#677717: "malicious escape sequences can cause denial of service for vte-based terminals"

Date: Mon, 09 Jul 2012 19:06:10 +0200

Le dimanche 08 juillet 2012 à 17:38 +0000, Jonathan Wiltshire a écrit : 
> Recently you fixed one or more security problems and as a result you closed
> this bug. These problems were not serious enough for a Debian Security
> Advisory, so they are now on my radar for fixing in the following suites
> through point releases:
> 
> squeeze (6.0.6) - use target "stable"

This update has already been accepted in squeeze.

Cheers,
-- 
 .''`.      Josselin Mouette
: :' :
`. `'
  `-

Message #73 received at 677717@bugs.debian.org (full text, mbox, reply):

From: Jonathan Wiltshire <jmw@debian.org>

To: 677717@bugs.debian.org

Subject: Re: Bug#677717: "malicious escape sequences can cause denial of service for vte-based terminals"

Date: Mon, 9 Jul 2012 22:22:46 +0100

[Message part 1 (text/plain, inline)]

On Mon, Jul 09, 2012 at 07:06:10PM +0200, Josselin Mouette wrote:
> Le dimanche 08 juillet 2012 à 17:38 +0000, Jonathan Wiltshire a écrit : 
> > Recently you fixed one or more security problems and as a result you closed
> > this bug. These problems were not serious enough for a Debian Security
> > Advisory, so they are now on my radar for fixing in the following suites
> > through point releases:
> > 
> > squeeze (6.0.6) - use target "stable"
> 
> This update has already been accepted in squeeze.

Thanks; for some reason it doesn't show up in the queue output, hence this
false positive. Tracker updated, sorry for the noise.


-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

<directhex> i have six years of solaris sysadmin experience, from
            8->10. i am well qualified to say it is made from bonghits
			layered on top of bonghits

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.