Debian Bug report logs -
#703933
libxslt: CVE-2012-6139
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 25 Mar 2013 22:18:02 UTC
Severity: grave
Tags: fixed-upstream, patch, security, upstream
Found in versions 1.1.26-14, 1.1.26-6+squeeze2, 1.1.26-6
Fixed in versions libxslt/1.1.26-14.1, libxslt/1.1.26-6+squeeze3
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#703933; Package libxslt.
(Mon, 25 Mar 2013 22:18:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Mon, 25 Mar 2013 22:18:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libxslt
Severity: grave
Tags: security upstream patch
Hi,
the following vulnerability was published for libxslt.
CVE-2012-6139[0]:
libxslt "xsltDocumentFunction()" and "xsltAddKey()" Denial of Service Vulnerabilities
There are patches and minimalized test cases available at [1,2,3,4].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139
http://security-tracker.debian.org/tracker/CVE-2012-6139
[1] https://bugzilla.gnome.org/show_bug.cgi?id=685328
[2] http://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d
[3] https://bugzilla.gnome.org/show_bug.cgi?id=685330
[4] http://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833
Please adjust the affected versions in the BTS as needed.
Thank you for your work!
Regards,
Salvatore
Added tag(s) fixed-upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 25 Mar 2013 22:27:14 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#703933; Package libxslt.
(Mon, 25 Mar 2013 23:06:12 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Mon, 25 Mar 2013 23:06:13 GMT) (full text, mbox, link).
Message #12 received at 703933@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi
Slightly refreshed patches taken from upstream git commits attached.
But the resulting package is not yet tested (passed the testsuite).
Regards,
Salvatore
[libxslt_1.1.26-14.1.debdiff (text/plain, attachment)]
[0009-Fix-crash-with-empty-xsl-key-match-attribute.patch (text/x-diff, attachment)]
[0010-Crash-when-passing-an-uninitialized-variable-to-docu.patch (text/x-diff, attachment)]
Marked as found in versions 1.1.26-14.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 26 Mar 2013 05:57:07 GMT) (full text, mbox, link).
Marked as found in versions 1.1.26-6+squeeze2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 26 Mar 2013 06:21:04 GMT) (full text, mbox, link).
Marked as found in versions 1.1.26-6.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 26 Mar 2013 06:27:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#703933; Package libxslt.
(Tue, 26 Mar 2013 06:33:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Tue, 26 Mar 2013 06:33:04 GMT) (full text, mbox, link).
Message #23 received at 703933@bugs.debian.org (full text, mbox, reply):
Hi Aron and YunQiang
I have verified that the problem is present in both stable and
unstable/testing and that the patch for unstable works.
Do you have time to prepare an update? Else I can do a NMU. In any
case I would upload it first trough a delayed queue.
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#703933; Package libxslt.
(Tue, 26 Mar 2013 08:09:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Aron Xu <happyaron.xu@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Tue, 26 Mar 2013 08:09:07 GMT) (full text, mbox, link).
Message #28 received at 703933@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
Please go ahead with NMU, and thank you very much!
[Message part 2 (text/html, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#703933; Package libxslt.
(Tue, 26 Mar 2013 08:24:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Tue, 26 Mar 2013 08:24:04 GMT) (full text, mbox, link).
Message #33 received at 703933@bugs.debian.org (full text, mbox, reply):
Hi Aron
On Tue, Mar 26, 2013 at 04:05:16PM +0800, Aron Xu wrote:
> Hi,
>
> Please go ahead with NMU, and thank you very much!
Okay thank you! Will upload later today.
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>:
Bug#703933; Package libxslt.
(Tue, 26 Mar 2013 20:21:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>.
(Tue, 26 Mar 2013 20:21:04 GMT) (full text, mbox, link).
Message #38 received at 703933@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi Aron!
On Tue, Mar 26, 2013 at 04:05:16PM +0800, Aron Xu wrote:
> Hi,
>
> Please go ahead with NMU, and thank you very much!
Uploaded now the package with the patch. Here again for reference in
case you want to commit it to the git repo.
Regards and thanks for the ack. With that I uploaded without the
delaying queue.
Salvatore
[libxslt_1.1.26-14.1.debdiff (text/plain, attachment)]
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Tue, 26 Mar 2013 20:51:08 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Tue, 26 Mar 2013 20:51:08 GMT) (full text, mbox, link).
Message #43 received at 703933-close@bugs.debian.org (full text, mbox, reply):
Source: libxslt
Source-Version: 1.1.26-14.1
We believe that the bug you reported is fixed in the latest version of
libxslt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 703933@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libxslt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 26 Mar 2013 20:31:18 +0100
Source: libxslt
Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1 python-libxslt1-dbg
Architecture: source amd64
Version: 1.1.26-14.1
Distribution: unstable
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
libxslt1-dbg - XSLT 1.0 processing library - debugging symbols
libxslt1-dev - XSLT 1.0 processing library - development kit
libxslt1.1 - XSLT 1.0 processing library - runtime library
python-libxslt1 - Python bindings for libxslt1
python-libxslt1-dbg - Python bindings for libxslt1 (debug extension)
xsltproc - XSLT 1.0 command line processor
Closes: 703933
Changes:
libxslt (1.1.26-14.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Upload as NMU acknowledged by Aron Xu.
* Add patches to fix denial of service vulnerability (CVE-2012-6139)
(Closes: #703933)
Checksums-Sha1:
e73d80d3eca080e94e8582749974b634bfca9345 2326 libxslt_1.1.26-14.1.dsc
d442386db75d59869cc87ad3d584888a4a176c55 39595 libxslt_1.1.26-14.1.debian.tar.gz
ee7e01490a2b19187980136f6ea7f3d2d638d32c 253656 libxslt1.1_1.1.26-14.1_amd64.deb
4a75257b93239fcd0e36dd57945bfb8e73f32a9b 681184 libxslt1-dev_1.1.26-14.1_amd64.deb
08bf1c4e189ffac70a5980fb22d55f19b5e3c976 504090 libxslt1-dbg_1.1.26-14.1_amd64.deb
e7fd936ffac54f0d37714bd5062214da8b55e288 117852 xsltproc_1.1.26-14.1_amd64.deb
f832c92a56dd18ae8b77b947430622d7087c1423 170782 python-libxslt1_1.1.26-14.1_amd64.deb
d98ab7fc646497a81ea9923ce3bba680edb4f833 413776 python-libxslt1-dbg_1.1.26-14.1_amd64.deb
Checksums-Sha256:
744bd7a407594bbdb9f67ad3d8eb027b613d3751fd20cf902c3ef8f77ef3e50a 2326 libxslt_1.1.26-14.1.dsc
846fd6b53af71a5d1de1e972f1775ba2aad063ad1a65f95fbef4229443de8953 39595 libxslt_1.1.26-14.1.debian.tar.gz
b48c1686c5de11049e3e3271b890cf92de70a0c94629b73ae5cf675095c9c96e 253656 libxslt1.1_1.1.26-14.1_amd64.deb
537dd0a5c2694f42696cb217938a5e37c4153628d742d282c68f9fb1822d4685 681184 libxslt1-dev_1.1.26-14.1_amd64.deb
265cd08ecee75ec53060911d360ac2e225df91441d3b6b5d1a00fc7115900b22 504090 libxslt1-dbg_1.1.26-14.1_amd64.deb
af4a0be17c3dc296b1a6f119a6b105413d10275936977cb8a9fd700b853b44dc 117852 xsltproc_1.1.26-14.1_amd64.deb
17facbf3592fc18bf04c0304dca1cf0fe83e74da3b5e120131b2591bee915b6d 170782 python-libxslt1_1.1.26-14.1_amd64.deb
9d4c66015351c37a7f552e5157c559d8ce6aab6e5a425ad2b9ea837d15f8b2ae 413776 python-libxslt1-dbg_1.1.26-14.1_amd64.deb
Files:
09f9670234bc15035bfd3dcab083e61e 2326 text optional libxslt_1.1.26-14.1.dsc
f65fe82e3803250a74383f55c75dde7e 39595 text optional libxslt_1.1.26-14.1.debian.tar.gz
308502ee1d417c36d565d41541629ae0 253656 libs optional libxslt1.1_1.1.26-14.1_amd64.deb
dcda9fdf6911000176bcf1e77b907654 681184 libdevel optional libxslt1-dev_1.1.26-14.1_amd64.deb
fef256725231dd51b6d6a05bfd8f6110 504090 debug extra libxslt1-dbg_1.1.26-14.1_amd64.deb
48d95b3d97e4ea475fca7d024f502576 117852 text optional xsltproc_1.1.26-14.1_amd64.deb
cb1ce3fc9c7dbcf1208838a55ad3fff2 170782 python optional python-libxslt1_1.1.26-14.1_amd64.deb
0e3d044a48647183efa57e292acadef3 413776 debug extra python-libxslt1-dbg_1.1.26-14.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJRUfr7AAoJEHidbwV/2GP+QFYQANZ7ACl0qTH5w1BFjcuXJMJ9
Z7zYwRbrQPd5dYluvzkXnO09MTR7OxU9LfSBMmDvyl3ox4URBvfVaoF69vx8SDwQ
ZcHT9o9Pc7bnxQ72DJYWL6RlL81tSFU37Pol4H/QCuExs9UL5qxygsABivK5Fy7V
8vjg0XV4w6XFSg0hxAlv5r53kDpnlQ27gL4IIeE+uoYCl1m+m289ZChGH3RQev1i
ikXKMhyTXe02iKXJRDUlkjsq5b4qbrb86PLAH3jvmwilbN/DjFKkR2/9DMLjuK3E
P18I7L8I1Lrxks0Y4hoKMZkrBwt2JOVHMGAUauYX4i7G+2DCNad9+XZbhy/cdS9g
7eKL3tXG7R7Di1sSXWvvSpuAW3xjiMBxkPm5UtMqylRvxWCQhJaigqTUCx+jwHtW
qel9u37KLOQiriXEmzlTi3tKUI7McwVApjnY4WJ0TLq80aJArf/v9H0ZicWb54tf
8RJ7b9jnwzT3Y29aJVeFCksyEFiSI81pu6sVXuvUHy83PaC3KIAlRgRAVhLLffjO
xen+Znvz3691VahEogfv458USBzY/LQfmMKhVPHHt5JwIVCnPwA8TpipWAha+sFn
jH4i4XLnD8mr8pPxa9trcqFFDEuY105yOq8eUrgqJM2B9RtAh+2ZgeBuE/5qdjdR
V6/tAPOLujRfHzmZV3Ai
=Y2ew
-----END PGP SIGNATURE-----
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Fri, 12 Apr 2013 18:06:09 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Fri, 12 Apr 2013 18:06:09 GMT) (full text, mbox, link).
Message #48 received at 703933-close@bugs.debian.org (full text, mbox, reply):
Source: libxslt
Source-Version: 1.1.26-6+squeeze3
We believe that the bug you reported is fixed in the latest version of
libxslt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 703933@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated libxslt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 26 Mar 2013 21:48:42 +0100
Source: libxslt
Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1 python-libxslt1-dbg
Architecture: source amd64
Version: 1.1.26-6+squeeze3
Distribution: stable-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
libxslt1-dbg - XSLT 1.0 processing library - debugging symbols
libxslt1-dev - XSLT 1.0 processing library - development kit
libxslt1.1 - XSLT 1.0 processing library - runtime library
python-libxslt1 - Python bindings for libxslt1
python-libxslt1-dbg - Python bindings for libxslt1 (debug extension)
xsltproc - XSLT 1.0 command line processor
Closes: 703933
Changes:
libxslt (1.1.26-6+squeeze3) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Add patches to fix denial of service vulnerability (CVE-2012-6139)
(Closes: #703933)
Checksums-Sha1:
01f36095754524d9a054cb68cec83866b5452478 2118 libxslt_1.1.26-6+squeeze3.dsc
43f40f1afa605e75b8df6bd274a802704a9aea4c 99118 libxslt_1.1.26-6+squeeze3.diff.gz
de9aeb044283bcfe58828cbf7f9b725430a31a53 249614 libxslt1.1_1.1.26-6+squeeze3_amd64.deb
375e9180e2f4b1d14825d190f361bd36f6a8e777 666674 libxslt1-dev_1.1.26-6+squeeze3_amd64.deb
e28cf0d5036b00d14f2d4d378f5d4d9d3bff9e02 370238 libxslt1-dbg_1.1.26-6+squeeze3_amd64.deb
597ae5f7151ff6df598167ebe1c769fa1a446708 116892 xsltproc_1.1.26-6+squeeze3_amd64.deb
8101a8865cfb02cbe8933e3bacc4779f9b0ea491 167914 python-libxslt1_1.1.26-6+squeeze3_amd64.deb
85a72d2fcbfcef6405a443a78d9525011065cdc7 373158 python-libxslt1-dbg_1.1.26-6+squeeze3_amd64.deb
Checksums-Sha256:
60c379453ec0651d4b5fc27cca129f16b3f74bb402a086c1d70e60f5d2325c17 2118 libxslt_1.1.26-6+squeeze3.dsc
51a97c9f544d1e88d772ab3e6013757785ecf0f2e10cdf2497562c606cddd0b1 99118 libxslt_1.1.26-6+squeeze3.diff.gz
ccf0c30a1c45a2d17a491d52b123d96b0d6e3ae036f2a941ef6db99fbba91d38 249614 libxslt1.1_1.1.26-6+squeeze3_amd64.deb
ef1f4d3a9b24ce75578e1a20e354b6aabdfd8ef3f18b77b0e423f22c2263ad24 666674 libxslt1-dev_1.1.26-6+squeeze3_amd64.deb
96a7ec7589f0e4663b57cbd0899c3581fd9daf4a1f530d7e8fde6844bb42ce09 370238 libxslt1-dbg_1.1.26-6+squeeze3_amd64.deb
43e99a5c51d98b33330b82a8bfd7f7837fd4ca8283982c043401459609e08bfc 116892 xsltproc_1.1.26-6+squeeze3_amd64.deb
5d8038905eea417a02495fd9f85a8409159f9898eba416d0b24f123e3054469c 167914 python-libxslt1_1.1.26-6+squeeze3_amd64.deb
56c12ebf46620e82b7a15ea69f987b6d406f3d02adba91e5728df665fb89ee24 373158 python-libxslt1-dbg_1.1.26-6+squeeze3_amd64.deb
Files:
921ba66b7280db3bdb7601495d8d9936 2118 text optional libxslt_1.1.26-6+squeeze3.dsc
b90ca8094b3fcca57db0632a384727a5 99118 text optional libxslt_1.1.26-6+squeeze3.diff.gz
a0c5eebccd01217b101cf20a1caf4017 249614 libs optional libxslt1.1_1.1.26-6+squeeze3_amd64.deb
d1de9d52a2f9f638af8e3b2683d6275a 666674 libdevel optional libxslt1-dev_1.1.26-6+squeeze3_amd64.deb
bb5da85b7fb6e033b656bcee6ff83954 370238 debug extra libxslt1-dbg_1.1.26-6+squeeze3_amd64.deb
becc65c6b598b4f25709089004247fc8 116892 text optional xsltproc_1.1.26-6+squeeze3_amd64.deb
a835b712cac5ba8dfca3d4b0992e94d9 167914 python optional python-libxslt1_1.1.26-6+squeeze3_amd64.deb
62f4b7e2edb17d5531ccfc01c258a6ec 373158 debug extra python-libxslt1-dbg_1.1.26-6+squeeze3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJRUgrUAAoJEHidbwV/2GP+hrQQAMIJMeNYRdQTlpPD3Cfis2Pl
Q5KtkP+vXDZKijz8b7qNmnDNUVp7op+YylZjWTJ7tCQ3l2Qe8tXMvQnrKdwuRNdX
dwuiOJDThhTd0OHxmF9wTX3GlYGyWcEj++3kPJp8qiFgHxhEts0mnAeiF9xHpn29
irPOjhMDMdgXUYWzMVNe6CJQWNfauk9KnLH5sXV8nbLEbcXarZOTzx9V6kYVlbq4
DSNSlAAnRtuUOs95HiQ0nvgCWoQrgcg9e4IWU9vXlpfWEELxJrMQGrfyxQA8OJ2G
aHF/O7Zx6YtsEurIpDqBYMlygHKUubTupa7DZxynghoWRCzzdeQgI+3bddmM1zv+
3UWurAufmIOgsnllauz7hJe5aNpeDCNjRaaoU3MZL0xd8xVdU0C//x3OH9CIXxaI
7HPzP42b26QHEpwMuhUkhI2WRXjsjayCN+WE3As06+0F1IrvGfkNJvbIyiZC8ocS
nIAJrq+Pd8IT/c/6I+q5FzwviYhEvFZFHRvoOu625FJwIqQwD+NootUvhamQk7Vw
xDkWWzJVBe0xzSAe9v5UoDjpAzACsl/3JZIcXqtwoy8XWYM0YahjjMxiLQkNk8WE
9GAZQ6vt5gbnVuP/CrcPhq8OIknc6yDDzv+6xfIpbJW+WBZp8Whq+nw3SW1QaxDp
KVeZclq0pBtxAO3aZpRY
=GDCC
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 02 Jun 2013 07:49:02 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:14:59 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon