glusterfs: Several security vulnerabilities

Debian Bug report logs - #912997
glusterfs: Several security vulnerabilities

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: submit@bugs.debian.org

Subject: glusterfs: Several security vulnerabilities

Date: Mon, 5 Nov 2018 19:09:11 +0100

[Message part 1 (text/plain, inline)]

Package: glusterfs
X-Debbugs-CC: team@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for glusterfs.

CVE-2018-14651[0]:
| It was found that the fix for CVE-2018-10927, CVE-2018-10928,
| CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A
| remote, authenticated attacker could use one of these flaws to execute
| arbitrary code, create arbitrary files, or cause denial of service on
| glusterfs server nodes via symlinks to relative paths.

CVE-2018-14652[1]:
| The Gluster file system through versions 3.12 and 4.1.4 is vulnerable
| to a buffer overflow in the 'features/index' translator via the code
| handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function.
| A remote authenticated attacker could exploit this on a mounted volume
| to cause a denial of service.

CVE-2018-14653[2]:
| The Gluster file system through versions 4.1.4 and 3.12 is vulnerable
| to a heap-based buffer overflow in the '__server_getspec' function via
| the 'gf_getspec_req' RPC message. A remote authenticated attacker
| could exploit this to cause a denial of service or other potential
| unspecified impact.

CVE-2018-14654[3]:
| The Gluster file system through version 4.1.4 is vulnerable to abuse
| of the 'features/index' translator. A remote attacker with access to
| mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY'
| xattrop to create arbitrary, empty files on the target server.

CVE-2018-14659[4]:
| The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable
| to a denial of service attack via use of the
| 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker
| could exploit this by mounting a Gluster volume and repeatedly calling
| 'setxattr(2)' to trigger a state dump and create an arbitrary number
| of files in the server's runtime directory.

CVE-2018-14660[5]:
| A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2
| which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote,
| authenticated attacker could use this flaw to create multiple locks
| for single inode by using setxattr repetitively resulting in memory
| exhaustion of glusterfs server node.

CVE-2018-14661[6]:
| It was found that usage of snprintf function in feature/locks
| translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster
| Storage, was vulnerable to a format string attack. A remote,
| authenticated attacker could use this flaw to cause remote denial of
| service.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-14651
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14651
[1] https://security-tracker.debian.org/tracker/CVE-2018-14652
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14652
[2] https://security-tracker.debian.org/tracker/CVE-2018-14653
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14653
[3] https://security-tracker.debian.org/tracker/CVE-2018-14654
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14654
[4] https://security-tracker.debian.org/tracker/CVE-2018-14659
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14659
[5] https://security-tracker.debian.org/tracker/CVE-2018-14660
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14660
[6] https://security-tracker.debian.org/tracker/CVE-2018-14661
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14661

Please adjust the affected versions in the BTS as needed.

Regards,

Markus

[signature.asc (application/pgp-signature, attachment)]

Message #12 received at 912997@bugs.debian.org (full text, mbox, reply):

From: Patrick Matthäi <pmatthaei@debian.org>

To: Markus Koschany <apo@debian.org>, 912997@bugs.debian.org, control@bugs.debian.org

Subject: Re: glusterfs: Several security vulnerabilities

Date: Tue, 6 Nov 2018 10:52:53 +0100

[Message part 1 (text/plain, inline)]

fixed #912997 4.1.5-1
thanks

Hi


Am 05.11.2018 um 19:09 schrieb Markus Koschany:
> Package: glusterfs
> X-Debbugs-CC: team@security.debian.org
> Severity: grave
> Tags: security
>
> Hi,
>
> The following vulnerabilities were published for glusterfs.
>
> CVE-2018-14651[0]:
> | It was found that the fix for CVE-2018-10927, CVE-2018-10928,
> | CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A
> | remote, authenticated attacker could use one of these flaws to execute
> | arbitrary code, create arbitrary files, or cause denial of service on
> | glusterfs server nodes via symlinks to relative paths.
>
> CVE-2018-14652[1]:
> | The Gluster file system through versions 3.12 and 4.1.4 is vulnerable
> | to a buffer overflow in the 'features/index' translator via the code
> | handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function.
> | A remote authenticated attacker could exploit this on a mounted volume
> | to cause a denial of service.
>
> CVE-2018-14653[2]:
> | The Gluster file system through versions 4.1.4 and 3.12 is vulnerable
> | to a heap-based buffer overflow in the '__server_getspec' function via
> | the 'gf_getspec_req' RPC message. A remote authenticated attacker
> | could exploit this to cause a denial of service or other potential
> | unspecified impact.
>
> CVE-2018-14654[3]:
> | The Gluster file system through version 4.1.4 is vulnerable to abuse
> | of the 'features/index' translator. A remote attacker with access to
> | mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY'
> | xattrop to create arbitrary, empty files on the target server.
>
> CVE-2018-14659[4]:
> | The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable
> | to a denial of service attack via use of the
> | 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker
> | could exploit this by mounting a Gluster volume and repeatedly calling
> | 'setxattr(2)' to trigger a state dump and create an arbitrary number
> | of files in the server's runtime directory.
>
> CVE-2018-14660[5]:
> | A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2
> | which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote,
> | authenticated attacker could use this flaw to create multiple locks
> | for single inode by using setxattr repetitively resulting in memory
> | exhaustion of glusterfs server node.
>
> CVE-2018-14661[6]:
> | It was found that usage of snprintf function in feature/locks
> | translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster
> | Storage, was vulnerable to a format string attack. A remote,
> | authenticated attacker could use this flaw to cause remote denial of
> | service.
>
> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2018-14651
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14651
> [1] https://security-tracker.debian.org/tracker/CVE-2018-14652
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14652
> [2] https://security-tracker.debian.org/tracker/CVE-2018-14653
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14653
> [3] https://security-tracker.debian.org/tracker/CVE-2018-14654
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14654
> [4] https://security-tracker.debian.org/tracker/CVE-2018-14659
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14659
> [5] https://security-tracker.debian.org/tracker/CVE-2018-14660
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14660
> [6] https://security-tracker.debian.org/tracker/CVE-2018-14661
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14661
>
> Please adjust the affected versions in the BTS as needed.
>
> Regards,
>
> Markus
>

If I see it correct, there is no issue open here?

-- 
/*
Mit freundlichem Gruß / With kind regards,
 Patrick Matthäi
 GNU/Linux Debian Developer

  Blog: http://www.linux-dev.org/
E-Mail: pmatthaei@debian.org
        patrick@linux-dev.org
*/

[signature.asc (application/pgp-signature, attachment)]

Message #19 received at 912997@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: pmatthaei@debian.org, 912997@bugs.debian.org

Cc: Markus Koschany <apo@debian.org>

Subject: Re: Bug#912997: glusterfs: Several security vulnerabilities

Date: Tue, 6 Nov 2018 11:19:03 +0100

Control: notfixed -1 4.1.5-1

Hi Patrick,

On Tue, Nov 06, 2018 at 10:52:53AM +0100, Patrick Matthäi wrote:
> fixed #912997 4.1.5-1
[...]
> 
> If I see it correct, there is no issue open here?

Don't think this is correct. For instance just take CVE-2018-14661,
this is still unresolved in 4.1.5-1 and 5.0-1. Same for
CVE-2018-14660, CVE-2018-14659, CVE-2018-14654, CVE-2018-14653.

CVE-2018-14652 seems fixed in 5.0-1, but needs double check.

CVE-2018-14651 is as well missing as far I can see from 4.1.5-1 and
5.0-1.

Regards,
Salvatore

Message #26 received at 912997@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 912997@bugs.debian.org

Cc: pmatthaei@debian.org, Markus Koschany <apo@debian.org>

Subject: Re: Bug#912997: glusterfs: Several security vulnerabilities

Date: Tue, 6 Nov 2018 12:28:06 +0100

Hi Patrick,

On Tue, Nov 06, 2018 at 11:19:03AM +0100, Salvatore Bonaccorso wrote:
> Control: notfixed -1 4.1.5-1
> 
> Hi Patrick,
> 
> On Tue, Nov 06, 2018 at 10:52:53AM +0100, Patrick Matthäi wrote:
> > fixed #912997 4.1.5-1
> [...]
> > 
> > If I see it correct, there is no issue open here?
> 
> Don't think this is correct. For instance just take CVE-2018-14661,
> this is still unresolved in 4.1.5-1 and 5.0-1. Same for
> CVE-2018-14660, CVE-2018-14659, CVE-2018-14654, CVE-2018-14653.
> 
> CVE-2018-14652 seems fixed in 5.0-1, but needs double check.
> 
> CVE-2018-14651 is as well missing as far I can see from 4.1.5-1 and
> 5.0-1.

Just to be clear, I'm not 100% certain but just skimmed over the
4.1.5-1 and 5.0-1 and that was I think the fixes are not included in
neither 4.1.5 upstream nor 5.0.

Regards,
Salvatore

Message #31 received at 912997@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 912997@bugs.debian.org

Cc: pmatthaei@debian.org, Markus Koschany <apo@debian.org>, Debian Security Team <team@security.debian.org>

Subject: Re: Bug#912997: glusterfs: Several security vulnerabilities

Date: Tue, 6 Nov 2018 21:15:36 +0100

Hi Patrick,

On Tue, Nov 06, 2018 at 12:28:06PM +0100, Salvatore Bonaccorso wrote:
> Hi Patrick,
> 
> On Tue, Nov 06, 2018 at 11:19:03AM +0100, Salvatore Bonaccorso wrote:
> > Control: notfixed -1 4.1.5-1
> > 
> > Hi Patrick,
> > 
> > On Tue, Nov 06, 2018 at 10:52:53AM +0100, Patrick Matthäi wrote:
> > > fixed #912997 4.1.5-1
> > [...]
> > > 
> > > If I see it correct, there is no issue open here?
> > 
> > Don't think this is correct. For instance just take CVE-2018-14661,
> > this is still unresolved in 4.1.5-1 and 5.0-1. Same for
> > CVE-2018-14660, CVE-2018-14659, CVE-2018-14654, CVE-2018-14653.
> > 
> > CVE-2018-14652 seems fixed in 5.0-1, but needs double check.
> > 
> > CVE-2018-14651 is as well missing as far I can see from 4.1.5-1 and
> > 5.0-1.
> 
> Just to be clear, I'm not 100% certain but just skimmed over the
> 4.1.5-1 and 5.0-1 and that was I think the fixes are not included in
> neither 4.1.5 upstream nor 5.0.

So I had a closer look tonight, I'm trying to give some status update
all relevant links are in the security-tracker itself already tracked.

CVE-2018-14651: looks unrelsoved in both release-4.1 and release-5.
Gerrit-Review is as tracked in the security-tracker in
https://review.gluster.org/#/c/glusterfs/+/21527/ .

CVE-2018-14652: not fixed in 4.1.5, but in later commit
e2c195712a9ecbda4fa02f5308138a1257a2558a . The fix is just part of
another code change upstream as per
052849983e51a061d7fb2c3ffd74fa78bb257084 which was already in
v5.0alpha. As such my previous statement beeing fixed in 5.0-1 is
right.

CVE-2018-14653: not yet a fix in neither release-5 nor release-4.1,
just in review status in gerrit. See extracted commits in
security-tracker. I guess this is upstream still in proper review
status even if Red Hat has already scheduled updates.

CVE-2018-14654: for release-4.1 commited, but not in a released
version (5f4ae8a80543332a2e92dfa5c7f833ae7b93a664). For release-5 it
is dc775c4ae052d1e9d0f61ace3be999f73f0ffa23 .

CVE-2018-14659 unrelesolved in release-5 and release-4.1.

CVE-2018-14660 fix under review, not yet commited to release-5 or
release-4.1 branch.

CVE-2018-14661 see review status in Gerrit. Still not yet commited to
release-5 nor release-4.1 branches.

So I think apart one CVE which is fixed in 5.0-1 all other are yet
unadressed upstream.

Regards,
Salvatore

Message #36 received at 912997-close@bugs.debian.org (full text, mbox, reply):

From: Patrick Matthäi <pmatthaei@debian.org>

To: 912997-close@bugs.debian.org

Subject: Bug#912997: fixed in glusterfs 5.1-1

Date: Thu, 15 Nov 2018 10:50:57 +0000

Source: glusterfs
Source-Version: 5.1-1

We believe that the bug you reported is fixed in the latest version of
glusterfs, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 912997@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Patrick Matthäi <pmatthaei@debian.org> (supplier of updated glusterfs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 15 Nov 2018 11:10:47 +0100
Source: glusterfs
Binary: glusterfs-client glusterfs-server glusterfs-common
Architecture: source amd64
Version: 5.1-1
Distribution: unstable
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Patrick Matthäi <pmatthaei@debian.org>
Description:
 glusterfs-client - clustered file-system (client package)
 glusterfs-common - GlusterFS common libraries and translator modules
 glusterfs-server - clustered file-system (server package)
Closes: 912997
Changes:
 glusterfs (5.1-1) unstable; urgency=high
 .
   * New upstream release.
     - Several security vulnerabilities are fixed.
       Closes: #912997
     - This release fixes CVE-2018-14651: It was found that the fix for
       CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and
       CVE-2018-10926 was incomplete. A remote, authenticated attacker could use
       one of these flaws to execute arbitrary code, create arbitrary files, or
       cause denial of service on glusterfs server nodes via symlinks to
       relative paths.
     - This release fixes CVE-2018-14654: The Gluster file system through version
       4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote
       attacker with access to mount volumes could exploit this via the
       'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the
       target server.
     - This release fixes CVE-2018-14659: The Gluster file system through
       versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via
       use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated
       attacker could exploit this by mounting a Gluster volume and repeatedly
       calling 'setxattr(2)' to trigger a state dump and create an arbitrary
       number of files in the server's runtime directory.
     - This release fixes CVE-2018-14660: A flaw was found in glusterfs server
       through versions 4.1.4 and 3.1.2 which allowed repeated usage of
       GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this
       flaw to create multiple locks for single inode by using setxattr
       repetitively resulting in memory exhaustion of glusterfs server node.
     - This release fixes CVE-2018-14661: It was found that usage of snprintf
       function in feature/locks translator of glusterfs server 3.8.4, as
       shipped with Red Hat Gluster Storage, was vulnerable to a format string
       attack. A remote, authenticated attacker could use this flaw to cause
       remote denial of service.
     - This release fixes CVE-2018-14653: The Gluster file system through
       versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in
       the '__server_getspec' function via the 'gf_getspec_req' RPC message. A
       remote authenticated attacker could exploit this to cause a denial of
       service or other potential unspecified impact.
   * Modify patch 04-systemd-fixes to use /run directory instead of /var/run.
   * Adjust lintian overrides.
   * CVE-2012-5635 was fixed a long time ago.
Checksums-Sha1:
 9e1e25d77c11cda06bbb12a27aaa10f1ea38f0db 2162 glusterfs_5.1-1.dsc
 ba745c0016a839e7fdaefc4d08710862c5ba7858 7604907 glusterfs_5.1.orig.tar.gz
 a73d8ddc1cc8757614b41e69db5d5681c515c1af 17804 glusterfs_5.1-1.debian.tar.xz
 691bd09c53a50dcd5f27ab58a5ec263d2b2eb8e0 37636 glusterfs-client-dbgsym_5.1-1_amd64.deb
 d2e10d3c45acf4571afed808184a820dd751f285 2475512 glusterfs-client_5.1-1_amd64.deb
 558704b86aa776fe05c6eedea6765b2669171ee0 18467652 glusterfs-common-dbgsym_5.1-1_amd64.deb
 85062a72f69b5cdf31c6255ff701d62d76f48be8 5820232 glusterfs-common_5.1-1_amd64.deb
 75069a2299740ff944f0ceb25734a7c056f47ff5 722080 glusterfs-server-dbgsym_5.1-1_amd64.deb
 1495ecbf83175fdbdfb5e46fde724a4abd7675c9 2648416 glusterfs-server_5.1-1_amd64.deb
 801c1d9dc9ae0ca74ee3a678665f34fbf70abdff 11611 glusterfs_5.1-1_amd64.buildinfo
Checksums-Sha256:
 46c6fd1b3eb74aeb973cbfb9233a89b97eb872cd69825dac407e62311be3668b 2162 glusterfs_5.1-1.dsc
 779d03cf50710043682b9c6f14ac4c7964a82d6423383b8e09ac86c9c6704f0e 7604907 glusterfs_5.1.orig.tar.gz
 71ce4da55216869991e1cf0705cc9cc997de2f91efab9627e84a374e6a1883b2 17804 glusterfs_5.1-1.debian.tar.xz
 575f58a9fe185c817a7ce2a9f4f0eb1ebbd58c518c953552c89f5c58412f541e 37636 glusterfs-client-dbgsym_5.1-1_amd64.deb
 a212174c83ddc74373ea563e925610cc593b9ea983b2bb5779354706ba2ed611 2475512 glusterfs-client_5.1-1_amd64.deb
 85ae963caa0eaa51cbb7d6ac1af04b21e01818545a6850e89c9f953170686123 18467652 glusterfs-common-dbgsym_5.1-1_amd64.deb
 ffb8b1d5bd9ef4c092f9e65bac7ed0acebe63cb147970191000ace5bd58c868c 5820232 glusterfs-common_5.1-1_amd64.deb
 43fe2e099e31a5b82cb57b2d20e702229ea1d4b6ad7e26371fdd28de1d6633c4 722080 glusterfs-server-dbgsym_5.1-1_amd64.deb
 cad1d3d8947d08e7b96a0d0ef36063c1f1b828df513a95f37e9b60b28eda4c20 2648416 glusterfs-server_5.1-1_amd64.deb
 59d8952bd45e73934971dcad3b105f7045c6363ecea8aa2c1650e206584cafe3 11611 glusterfs_5.1-1_amd64.buildinfo
Files:
 fc585368d58ad7e64511d69e925a78e8 2162 admin optional glusterfs_5.1-1.dsc
 f0b61496a761cf6bf149e9613596fd0e 7604907 admin optional glusterfs_5.1.orig.tar.gz
 f3c8984393c08b243a9158b28a7d4da9 17804 admin optional glusterfs_5.1-1.debian.tar.xz
 6d973f3418d646c8c1d0dcf09c464f6b 37636 debug optional glusterfs-client-dbgsym_5.1-1_amd64.deb
 e350b933b412307390ba00688c1562c8 2475512 admin optional glusterfs-client_5.1-1_amd64.deb
 bc1db8d0fc2ac29d4193ccfbb860943d 18467652 debug optional glusterfs-common-dbgsym_5.1-1_amd64.deb
 c692be461fd0fbba09c58306eb6e5128 5820232 admin optional glusterfs-common_5.1-1_amd64.deb
 b2c54b6015af298db7bef73b12e591c9 722080 debug optional glusterfs-server-dbgsym_5.1-1_amd64.deb
 7446e11375012456f9b26782dedb7bdf 2648416 admin optional glusterfs-server_5.1-1_amd64.deb
 6b3d7ed929057ce611a205a08b172c28 11611 admin optional glusterfs_5.1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAlvtSmgACgkQEtmwSpDL
2OSRSw//Yhv7sbcqPxdkyo2q2Ey2ZsxDozMyV6jlQqHEzLb2CEihzYRcMgmyHXom
HRPWs6OkLjkVSbQpUXveMKpfzekIX852UICtzZewY6zPCOXorqcWnNKY4mI0fDDB
z1PeK6khGZ3lPoWmt57p2hsxH1MQYLOrOzO3nj2Huxws6g0P2pOwUA2PbC7SQ/5F
VnQuaQ9Qq7dOPV3AvWJuX2n3OZwKzNdPaZG6mVHElWx8VEqmvLVk7o5IEjwg1alC
ju5/E/CK5Venip1xHAMHhvOgYc+Go2RBIMdoEGVX5JAghFxoG1yu1I4Kr/kOp8nu
5XqqgjQjD2/tdd4/JzzC6GdlHlx4RA4/FjCngVyiXBOZaCKynsCTFOLN8EjBuw3M
Pl5W7DAcwi0NvokS891ijp4NhjMq1CvdQn099EwVZusxa2QgfWhih+74ra1ofNv0
li6jHwF0Ixmjq8pgQvenUGwrZD4ieFqGF4b1YaE1sCb4qmiMWx+j7SPHG2dUJwvs
JVPnFxg0b47/5n8wCntDKv7lBCxum/pGU8QVT9p6dnJxhD0csefRNvrvpa8S6az5
4/qLUt3M12MqkY91Yzd2NyiXRnbTDVt1JANYJrs2l0CVAp3rzgX/1Ik9AXPSbh+X
UEulu7VLCvV3NWu4EF1zvamkNk38Psu7WMPOPr4w+SrwsaWxB28=
=8UmG
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.