xdg-open: CVE-2015-1877: command injection vulnerability

Debian Bug report logs - #777722
xdg-open: CVE-2015-1877: command injection vulnerability

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Jiri Horner <laeqten@gmail.com>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: xdg-open: another command injection vulnerability

Date: Wed, 11 Feb 2015 23:10:24 +0100

[Message part 1 (text/plain, inline)]

Package: xdg-utils
Version: 1.1.0~rc1+git20111210-7.3
Severity: grave
Tags: security patch
Justification: user security hole

Hi,

there is a long-standing issue with xdg-open on debian -- it parses all files it is trying to open. This is easily exploitable. Requirements are similar as in last RCE: Window Manager which is _NOT_ one of the following:

* KDE
* GNOME
* MATE
* XFCE
* ENLIGHTENMENT

Problem is caused by name collision in local variables, which are apparently not very local in this case (maybe also dash problem?)

Exploit was made from wikipedia image [0].

It would be nice to have it fixed in jessie.

Cheers,

Jiri

[0] https://commons.wikimedia.org/wiki/Category:Unidentified_animals#mediaviewer/File:Augochlora_buscki,_M,_Back5,_Puerto_Rico,_Yauco_2014-09-15-18.11.39_ZS_PMax_(16292752499).jpg


-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-updates'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

xdg-utils depends on no packages.

Versions of packages xdg-utils recommends:
pn  libfile-mimeinfo-perl  <none>
pn  libnet-dbus-perl       <none>
pn  libx11-protocol-perl   <none>
ii  x11-utils              7.7+2
ii  x11-xserver-utils      7.7+3+b1

Versions of packages xdg-utils suggests:
pn  gvfs-bin  <none>

-- no debconf information

[xdg-open.diff (text/x-diff, attachment)]

[exploit.jpg (image/jpeg, attachment)]

Message #12 received at 777722@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Jiri Horner <laeqten@gmail.com>, 777722@bugs.debian.org

Cc: mgilbert@debian.org

Subject: Re: Bug#777722: xdg-open: another command injection vulnerability

Date: Wed, 18 Feb 2015 15:13:02 +0100

Hi,

On Wed, Feb 11, 2015 at 11:10:24PM +0100, Jiri Horner wrote:
> Problem is caused by name collision in local variables, which are
> apparently not very local in this case (maybe also dash problem?)

Just an additional comment on this: It looks actually as intended that
the initial value is inherited, the manpage state:

     Variables may be declared to be local to a function by using a
     local command. This should appear as the first statement of a
     function, and the syntax is

           local [variable | -] ...

     Local is implemented as a builtin command.

     When a variable is made local, it inherits the initial value and
     exported and readonly flags from the variable with the same name
     in the surrounding scope, if there is one. Otherwise, the
     variable is initially unset. The shell uses dynamic scoping, so
     that if you make the variable x local to function f, which then
     calls func‐ tion g, references to the variable x made inside g
     will refer to the variable x declared inside f, not to the global
     variable named x.

Regards,
Salvatore

Message #21 received at 777722@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <mgilbert@debian.org>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: 777722@bugs.debian.org

Subject: Re: Bug#777722: xdg-open: another command injection vulnerability

Date: Wed, 18 Feb 2015 20:12:43 -0500

On Wed, Feb 18, 2015 at 9:13 AM, Salvatore Bonaccorso wrote:
> Hi,
>
> On Wed, Feb 11, 2015 at 11:10:24PM +0100, Jiri Horner wrote:
>> Problem is caused by name collision in local variables, which are
>> apparently not very local in this case (maybe also dash problem?)
>
> Just an additional comment on this: It looks actually as intended that
> the initial value is inherited, the manpage state:
>
>      Variables may be declared to be local to a function by using a
>      local command. This should appear as the first statement of a
>      function, and the syntax is
>
>            local [variable | -] ...
>
>      Local is implemented as a builtin command.
>
>      When a variable is made local, it inherits the initial value and
>      exported and readonly flags from the variable with the same name
>      in the surrounding scope, if there is one. Otherwise, the
>      variable is initially unset. The shell uses dynamic scoping, so
>      that if you make the variable x local to function f, which then
>      calls func‐ tion g, references to the variable x made inside g
>      will refer to the variable x declared inside f, not to the global
>      variable named x.

I think this may be a design flaw in dash; seems bash doesn't suffer
the same issue:

$ cat testme
testme() {
   x=backfromthedead
   local x
   echo $x
}

testme

$ bash testme

$ dash testme
backfromthedead

Message #26 received at 777722@bugs.debian.org (full text, mbox, reply):

From: Jiri Horner <laeqten@gmail.com>

To: 777722@bugs.debian.org

Subject: Re: Bug#777722: xdg-open: another command injection vulnerability

Date: Thu, 19 Feb 2015 18:40:53 +0100

Yes, I forgot to mention that, but it's the same with xdg-open. `xdg-open` under 
bash doesn't have this issue.

$ xdg-open exploit.jpg
exploit succeeded exploit.jpg
$ bash xdg-open exploit.jpg
(works as expected)

As _local_ is not in POSIX, it would be great if xdg-open was not using 
_local_ at all.

Regards,

Jiri

Message #31 received at 777722@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 777722@bugs.debian.org

Subject: xdg-utils: diff for NMU version 1.1.0~rc1+git20111210-7.4

Date: Fri, 20 Feb 2015 16:49:51 +0100

[Message part 1 (text/plain, inline)]

Control: tags 777722 + pending

Dear maintainer,

I've prepared an NMU for xdg-utils (versioned as 1.1.0~rc1+git20111210-7.4) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore

[xdg-utils-1.1.0~rc1+git20111210-7.4-nmu.diff (text/x-diff, attachment)]

Message #38 received at 777722@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <mgilbert@debian.org>

To: Salvatore Bonaccorso <carnil@debian.org>, 777722@bugs.debian.org

Subject: Re: Bug#777722: xdg-utils: diff for NMU version 1.1.0~rc1+git20111210-7.4

Date: Sat, 21 Feb 2015 17:01:05 -0500

On Fri, Feb 20, 2015 at 10:49 AM, Salvatore Bonaccorso wrote:
> Control: tags 777722 + pending
>
> Dear maintainer,
>
> I've prepared an NMU for xdg-utils (versioned as 1.1.0~rc1+git20111210-7.4) and
> uploaded it to DELAYED/2. Please feel free to tell me if I
> should delay it longer.

Hi Salvatore,

xdg-utils is nmu-maintained for a long time now, so I would consider
the package effectively orphaned [0], and upload with out delay.

Best wishes,
Mike

[0] http://bugs.debian.org/774590

Message #43 received at 777722-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 777722-close@bugs.debian.org

Subject: Bug#777722: fixed in xdg-utils 1.1.0~rc1+git20111210-7.4

Date: Sun, 22 Feb 2015 16:20:27 +0000

Source: xdg-utils
Source-Version: 1.1.0~rc1+git20111210-7.4

We believe that the bug you reported is fixed in the latest version of
xdg-utils, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 777722@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated xdg-utils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 20 Feb 2015 16:24:18 +0100
Source: xdg-utils
Binary: xdg-utils
Architecture: source all
Version: 1.1.0~rc1+git20111210-7.4
Distribution: unstable
Urgency: medium
Maintainer: Per Olofsson <pelle@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
 xdg-utils  - desktop integration utilities from freedesktop.org
Closes: 777722
Changes:
 xdg-utils (1.1.0~rc1+git20111210-7.4) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Add CVE-2015-1877.patch patch.
     CVE-2015-1877: Command injection vulnerability due to local variables
     collision.
     Thanks to Jiri Horner <laeqten@gmail.com> (Closes: #777722)
Checksums-Sha1:
 8bb1afb72fee7533f91672f7e1e40d255f7829ec 2013 xdg-utils_1.1.0~rc1+git20111210-7.4.dsc
 a70b691c28a3dcdc4de3e1bdded6cc61c854281a 10896 xdg-utils_1.1.0~rc1+git20111210-7.4.debian.tar.xz
 bca98ef1a7a9f24c35d6221437f87f8a0af6ab16 64960 xdg-utils_1.1.0~rc1+git20111210-7.4_all.deb
Checksums-Sha256:
 5a5044006d3d9c8311bd528cb50cb1683bc80f75520783781b0ce466b688e6fb 2013 xdg-utils_1.1.0~rc1+git20111210-7.4.dsc
 7c85d5c1bd668d09241faf37f566f0fed0aa1bceb5c346c678574c94fa2a2e59 10896 xdg-utils_1.1.0~rc1+git20111210-7.4.debian.tar.xz
 1fb851944ff152eedeba82a61daef379017e55aa0258d48ae50b991806abb0b6 64960 xdg-utils_1.1.0~rc1+git20111210-7.4_all.deb
Files:
 1904b25be85d8d4f71b19205e898cfdd 2013 utils optional xdg-utils_1.1.0~rc1+git20111210-7.4.dsc
 c363a60bd2d223b9f278246e5592437d 10896 utils optional xdg-utils_1.1.0~rc1+git20111210-7.4.debian.tar.xz
 81325ed28c882a462e8d6eb472776c82 64960 utils optional xdg-utils_1.1.0~rc1+git20111210-7.4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJU51NCAAoJEAVMuPMTQ89ECcIP/RS6hosOgdfc24IL/3Wj66nN
DyhgGJ1NXckhwZ4n4xpz5HBpsuy+gCIX8eSU50jlvgfWh/rUx+JU3MF0X4GJ2ESh
bq+UM/oTi/FYX5QBAciH7ClQbjaMTjqdvgolDe8k1WZ3sGwpvQaVZY5WFr11JsN7
ICJaNTJZuhE7hFd2HMrBnFFoy/5uDjHzLs1ORfZjxPu9axLs5ihFCTtbyCihrtxC
ZmCBl6gQCeBXUgJc+keC7suMJfEYQMqhKAB+Lkc3D+xpy9p3Nbz+0MgHFEsq4Do9
0MchvVkg5FPIBrbN8Tb0kK9hR121achVNO8xU4CKDbw50MoIz4LXZsq9w/+Nfrui
wmVRKl3hvh6jo7HfmyxMSMIE7PB75XJebE++KWhFRuTdcglNa9HG85tz/j9HEwGD
Xio9tdeXaZDiao1STMPyQxmLL6UjyCoJK+Nf/2JNaVN6oYLzhPAyP3xXVTuJzmAj
Lz+E0PHsd+869QVztfMvNxjaOY6AkLghMn81Ew1825YA99yma3TNWmc9oeCP/Bf2
0pA1AONCXE3r8co4VntYCyhhVLvdsTRQztucuutxp6luH6vlbANAN1MCR0hwXf1+
Pu1R+mZHPL0dc/B6+/btOdkATZRrU2fy9n/H/5vyWeYTBWanqYpnLuab54VTwpsF
3puTX5xqPYt6tw6CMsDI
=/8C/
-----END PGP SIGNATURE-----

Message #48 received at 777722-close@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <mgilbert@debian.org>

To: 777722-close@bugs.debian.org

Subject: Bug#777722: fixed in xdg-utils 1.1.0~rc1+git20111210-6+deb7u3

Date: Sun, 22 Feb 2015 21:32:42 +0000

Source: xdg-utils
Source-Version: 1.1.0~rc1+git20111210-6+deb7u3

We believe that the bug you reported is fixed in the latest version of
xdg-utils, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 777722@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated xdg-utils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 22 Feb 2015 03:29:59 +0000
Source: xdg-utils
Binary: xdg-utils
Architecture: source all
Version: 1.1.0~rc1+git20111210-6+deb7u3
Distribution: stable-security
Urgency: high
Maintainer: Per Olofsson <pelle@debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description: 
 xdg-utils  - desktop integration utilities from freedesktop.org
Closes: 777722
Changes: 
 xdg-utils (1.1.0~rc1+git20111210-6+deb7u3) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix CVE-2015-1877: command injection vulnerability in xdg-open due to
     not really local variables in dash (closes: #777722).
Checksums-Sha1: 
 f46a4c3bd29c75188d95aa7d4feb60311f5e66ae 2722 xdg-utils_1.1.0~rc1+git20111210-6+deb7u3.dsc
 033d643da189a74a59d58a29cac8231931dacc6a 11940 xdg-utils_1.1.0~rc1+git20111210-6+deb7u3.debian.tar.gz
 0244e022cc31de66cf9bfdbe79064b27742de49a 82506 xdg-utils_1.1.0~rc1+git20111210-6+deb7u3_all.deb
Checksums-Sha256: 
 9181c1ea8205fcd97951cc2f75e143c45e8fe03a0f5797ebc087d006b907142e 2722 xdg-utils_1.1.0~rc1+git20111210-6+deb7u3.dsc
 08e6dbca542b95f47a3deba02dbd07547e7ad7e71331d11c71f656b82d7bc32a 11940 xdg-utils_1.1.0~rc1+git20111210-6+deb7u3.debian.tar.gz
 08f4cd4d8f27d5201fd22c955a63f6f1bdfbc82441d485cd9b2efac9e6dbda56 82506 xdg-utils_1.1.0~rc1+git20111210-6+deb7u3_all.deb
Files: 
 a51d0dba840094732dcc6a9b767a7267 2722 utils optional xdg-utils_1.1.0~rc1+git20111210-6+deb7u3.dsc
 bdbb6d9b6d08c43c241b7e72ee0615fa 11940 utils optional xdg-utils_1.1.0~rc1+git20111210-6+deb7u3.debian.tar.gz
 06e3f434b7f0827755f913fc432d9ef2 82506 utils optional xdg-utils_1.1.0~rc1+git20111210-6+deb7u3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJU6U69AAoJELjWss0C1vRzjaYf/RvIxLsWAxmmOPAIbIaPzV4F
KjkF/PSdSTflOOPrrCt86ZUUuthxiU/zcA7IotlJXP0fqfDb1PN3qi5zFzrOsqJq
paKFWnNjSJz9pdv+QgsKk0ER3Sobdyh/E1rUo1OkhHGfeIgyRjFNU9EIMdGRVHkc
C5tvVQ0/V7H+GGE57+R3gDtmR75JQ5Aq47twsOtsWPbFKN2jYsIU6bdIZhMQWE1i
PlJldujSCNtIuCTszTbH7BcUn1rsbQS+UivKMwf5+nX16Sy2vsANQDYjPvsfNLDI
qCnjAq+rlevZMPEcYKGkF/th4c/0c7QLxi70lAs2gw65KbWBT13Hs0lrf9ft3uTt
TBnHoSNNlZ47OgP3gLQ6LYY9pJUOp0xCD/mg7I7X6eXTVL9lX0oWlC3sUCgNpwXB
fGeDpI34WJcuMA3v4957Dy6urfc/y8s27IrMEhK0WJxsv58Yt+NP42hpx0yIwF9L
Ar6D368zfrL49w/1jYHQgBHWtqp29ucEYF9woVJRydnnS9/WivsqHU/AQ2UhTb4p
Y7rthRcjv9an0BndvnGqF9qtPd164K4/+1ByWYe1aEDwmFcdWq/Ye+tInES1EEjS
ZOyHEWjjqlWQOEDL0Pn5fvw3Bafo4GlhrlWc2AwkfGLocSxJSVfSuFu51VxhAg0I
aOWMdx3O4jCa9u9HiCAc06cMGSTyPGkFg281Z6v6zKNtDv4qD0IbmthVHMxCDzRR
ZSNukZYgUp4E2U3EbXYp0gckdmVg/Q7g/ETxpgoBKdP1b4YHr71aCKUJFQ9fjK3K
SEDykuavRKndNPZS0JhuevUO0VDaZD2NGlPV75dkF1cSTgCXgvpwP/PXkqKMerSs
6SObdiCW2NyhFO9uU29xUN/y6Ok3Md6HFOAk7p0fUkyOuHK9ayUr6srefXH+GG8b
o4l6xZUB72D4O7UCY6xRmtITBdBgti/rgzZ2APge7InRFfcI6f6cbz2OBWkz3jDs
poAN9mi0/vDJo2TJmqgUYZGCAItocxpevijZIwvGBqYJydA3n7XqEUi2l2YeTPyu
CLzZLNigdcAZQSgJqTWl4mf9MNdFJX8dLPeDghIAm8WIrabzKvIpGo9y1qHgD8M/
R1w0D/pJVmqLRfvVfr3yr13NiUE2NXstiNQNshecXAfpF0wrxX9EZ+lK8S+OjSdI
n4AHChB6DDtZqBEoaR+4Qd7vSW25GmpDQcq/v1Ux7Ze9Vzq2TjrGQmir4REvhvLe
pbx4vngu/51XbgVzMN+sDWN3/eonSw2TNwQpEpIiYpMOV7hlkgcz6vn81pl+uidj
uSGhnIovaFQsvZBmstE3JnpCK1fOqHEa+Q6tA0SY+N6ZP9fYaIVBjTt1/STPlso=
=y/lD
-----END PGP SIGNATURE-----

Message #53 received at 777722-close@bugs.debian.org (full text, mbox, reply):

From: Mike Gabriel <sunweaver@debian.org>

To: 777722-close@bugs.debian.org

Subject: Bug#777722: fixed in xdg-utils 1.0.2+cvs20100307-2+deb6u1

Date: Thu, 30 Apr 2015 22:00:13 +0000

Source: xdg-utils
Source-Version: 1.0.2+cvs20100307-2+deb6u1

We believe that the bug you reported is fixed in the latest version of
xdg-utils, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 777722@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel <sunweaver@debian.org> (supplier of updated xdg-utils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 22 Apr 2015 14:50:36 +0200
Source: xdg-utils
Binary: xdg-utils
Architecture: source all
Version: 1.0.2+cvs20100307-2+deb6u1
Distribution: squeeze-lts
Urgency: medium
Maintainer: Per Olofsson <pelle@debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Description: 
 xdg-utils  - desktop integration utilities from freedesktop.org
Closes: 652067 654863 773085 777722
Changes: 
 xdg-utils (1.0.2+cvs20100307-2+deb6u1) squeeze-lts; urgency=medium
 .
   * Non-maintainer upload by Debian LTS Team.
   * debian/patches:
     + Add backport-jessie-open-generic-xdg-mime-function.diff.
       Backport open_generic(), open_generic_xdg_x_scheme_handler(),
       open_generic_xdg_file_mime() and open_generic_xdg_mime() functions
       from xdg-utils 1.1.0~rc1+git20111210-7.4 (as found in Debian 8.0).
       Closes: #777722, #773085, #654863, #652067.
       Fixes: CVE-2014-9622, CVE-2015-1877.
     + Drop run-mailcap-decode.diff. Included in patch file
       backport-jessie-open-generic-xdg-mime-function.diff.
Checksums-Sha1: 
 5e3e1576805653c7269e4d543acbac8273c73924 1978 xdg-utils_1.0.2+cvs20100307-2+deb6u1.dsc
 0471ebf04057e29febffcf7360b8577f42076c5b 7549 xdg-utils_1.0.2+cvs20100307-2+deb6u1.debian.tar.gz
 d2ccfb7d99798d85f74488479010a688e3c0a360 66262 xdg-utils_1.0.2+cvs20100307-2+deb6u1_all.deb
Checksums-Sha256: 
 79e8286e6a108e34da9902350cc8f77e031efae49ec91864baa954c356436e1d 1978 xdg-utils_1.0.2+cvs20100307-2+deb6u1.dsc
 75cd1351d814b9f2dbbd17c04c4626ebda0381e049f64606d85d301b6a3f0254 7549 xdg-utils_1.0.2+cvs20100307-2+deb6u1.debian.tar.gz
 3eeb1abbca1abf47b86764b2a4735a143517b5f4ca9804749b1a80cd85e96f07 66262 xdg-utils_1.0.2+cvs20100307-2+deb6u1_all.deb
Files: 
 9bead637cbc582a41097679f26ada163 1978 utils optional xdg-utils_1.0.2+cvs20100307-2+deb6u1.dsc
 a2d7682ffcda3d33c4a43f6fe99a5a12 7549 utils optional xdg-utils_1.0.2+cvs20100307-2+deb6u1.debian.tar.gz
 6ada59d429101b7c81c09c887667a96c 66262 utils optional xdg-utils_1.0.2+cvs20100307-2+deb6u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVQp9mAAoJEJr0azAldxsxDlkQALegltV0uAgmsE/a+t7DNSNG
WoPUV6O75shGWS8VOIZhLKFbarixaG1q+skC5p30gH4KEPBFDSrtUHO6IDQ88k7f
eVg+NbwlssuIN39dNh5NgbllM5P9YE6VC5hfORQ+6azb1B2siNbQd5jl53nR8dyk
Cw5bDeD36MBEjC8jEMxyCaFYf9sRGswucyLBfaqh4rhp0Ptb3/jDU/ZwvK3S0xQq
mOjBiG/4w1P33CqN/XV+nOVLzv0TGA96Q+oFcaQrNucxG/VJ2DJ3MXMb6vLphIot
5ZQAnnkPwgLsXkvURN34nNZjnAD/nJKgML3fA5HMALVFwR2D/La0ZW8Dc4Ky/OXm
wd8ZFc66I80ByM9GJX84w9XIhFZMck+n9fG7CXlGmTThyz6tCPcppOho+s0WzazW
/UEC8mbeM4fo/91GfmjYgYEsTdhG+6CM62ohS4IL082l/ckVebyRfIZ+a/aAUAcP
aDINkKt8IxZVpUZmWD8MNnSZxC+tl/SL/rTN0M7+OUfECmqY0cTOqmvyIkYWQoCz
9hFuuFODXKVcbtxw25aWzxvPFJnLU1e3lkkvyoMyqJuXWb/ka+eMYKnaqu6hmiG0
LS9OKefqN4lClU5HTjEd30gcYzEB8++hyK+IfPic622wrD6kc4EpNYzDxGqh/nJi
KZM/chte9P3IGVRcG/RE
=N3GX
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.