svgsalamander: CVE-2017-5617

Debian Bug report logs - #853134
svgsalamander: CVE-2017-5617

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: svgsalamander: CVE-2017-5617

Date: Mon, 30 Jan 2017 06:47:14 +0100

Source: svgsalamander
Version: 1.1.1+dfsg-1
Severity: important
Tags: upstream security
Forwarded: https://github.com/blackears/svgSalamander/issues/11

Hi,

the following vulnerability was published for svgsalamander.

CVE-2017-5617[0]:
SSRF issue

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-5617
[1] https://github.com/blackears/svgSalamander/issues/11

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #10 received at 853134@bugs.debian.org (full text, mbox, reply):

From: Felix Natter <fnatter@gmx.net>

To: debian-gis@lists.debian.org

Cc: 853134@bugs.debian.org, debian-java@lists.debian.org

Subject: CVE-2017-5617: svgSalamander

Date: Wed, 01 Feb 2017 09:13:40 +0100

hello d-gis/Bas,

there is a security vulnerability in svgSalamander:
  https://github.com/blackears/svgSalamander/issues/11

The problem occurs when including raster/svg images via <image>.
The reporter says "How to fix - any schemes apart from data in the
xlink:href attribute should be disallowed"

--> I am not aware of svgSalamander properties (the only other toggle I
can think of is java system properties), so can we _disable_ other
schemes? I don't think that breaks SVG renderding in Freeplane, how
about josm / other applications?

http://stackoverflow.com/questions/6249664/does-svg-support-embedding-of-bitmap-images
--> data: schema seems provides a way for including base64 encoded
raster/svg images inline in an SVG.

--> Can we discuss how to fix this?

Or shall we wait until Mark (the upstream author) fixes this
(might take a month)? Or at least ping him for a solution?

Cheers and Best Regards,
-- 
Felix Natter

Message #15 received at 853134@bugs.debian.org (full text, mbox, reply):

From: Bas Couwenberg <sebastic@xs4all.nl>

To: Felix Natter <fnatter@gmx.net>

Cc: debian-gis@lists.debian.org, 853134@bugs.debian.org, debian-java@lists.debian.org

Subject: Re: CVE-2017-5617: svgSalamander

Date: Wed, 01 Feb 2017 09:35:23 +0100

Hi Felix,

On 2017-02-01 09:13, Felix Natter wrote:
> there is a security vulnerability in svgSalamander:
>   https://github.com/blackears/svgSalamander/issues/11

I've been following that issue since it popped up on by DMD TODO list.

> The problem occurs when including raster/svg images via <image>.
> The reporter says "How to fix - any schemes apart from data in the
> xlink:href attribute should be disallowed"

The fix for svgSalamander is probably to patch the code which handles 
xlink:href and return NULL for any value that doesn't start with 
"data:", or something along those lines.

> --> I am not aware of svgSalamander properties (the only other toggle I
> can think of is java system properties), so can we _disable_ other
> schemes? I don't think that breaks SVG renderding in Freeplane, how
> about josm / other applications?

I don't know if it will break JOSM, but I suspect it won't. We'll have 
to test it with the patched svgsalamander when it's available.

> http://stackoverflow.com/questions/6249664/does-svg-support-embedding-of-bitmap-images
> --> data: schema seems provides a way for including base64 encoded
> raster/svg images inline in an SVG.
> 
> --> Can we discuss how to fix this?

Sure, ideally upstream is included in that discussion.

> Or shall we wait until Mark (the upstream author) fixes this
> (might take a month)? Or at least ping him for a solution?

Pinging him is a good idea, upstream needs to be involved in resolving 
this issue.

Including the JOSM developers (josm-dev@openstreetmap.org) is also a 
good idea, they (and Vincent Privat in particular) have contributed 
patches to svgSalamander recently.

I'll report the issue in the JOSM Trac since it also affects the 
embedded copy in their upstream SVN repo.

Kind Regards,

Bas

Message #20 received at 853134@bugs.debian.org (full text, mbox, reply):

From: Bas Couwenberg <sebastic@xs4all.nl>

To: Felix Natter <fnatter@gmx.net>

Cc: debian-gis@lists.debian.org, 853134@bugs.debian.org, debian-java@lists.debian.org

Subject: Re: CVE-2017-5617: svgSalamander

Date: Wed, 01 Feb 2017 10:08:25 +0100

On 2017-02-01 09:35, Bas Couwenberg wrote:
> Including the JOSM developers (josm-dev@openstreetmap.org) is also a
> good idea, they (and Vincent Privat in particular) have contributed
> patches to svgSalamander recently.
> 
> I'll report the issue in the JOSM Trac since it also affects the
> embedded copy in their upstream SVN repo.

JOSM issue: https://josm.openstreetmap.de/ticket/14319

Kind Regards,

Bas

Message #23 received at 853134@bugs.debian.org (full text, mbox, reply):

From: pkg-java-maintainers@lists.alioth.debian.org

To: 853134@bugs.debian.org, 853134-submitter@bugs.debian.org

Subject: Pending fixes for bugs in the svgsalamander package

Date: Thu, 02 Feb 2017 06:42:11 +0000

tag 853134 + pending
thanks

Some bugs in the svgsalamander package are closed in revision
1831801120fe371f2c19b8fffc11d4188d9ea51c in branch 'master' by Bas
Couwenberg

The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-java/svgsalamander.git/commit/?id=1831801

Commit message:

    Add patch by Vincent Privat to fix CVE-2017-5617 (SSRF).
    
    (closes: #853134)

Message #33 received at 853134@bugs.debian.org (full text, mbox, reply):

From: Sebastiaan Couwenberg <sebastic@xs4all.nl>

To: Felix Natter <fnatter@gmx.net>

Cc: debian-gis@lists.debian.org, 853134@bugs.debian.org, debian-java@lists.debian.org

Subject: Re: CVE-2017-5617: svgSalamander

Date: Thu, 2 Feb 2017 07:44:50 +0100

Control: tags -1 pending

On 02/01/2017 10:08 AM, Bas Couwenberg wrote:
> On 2017-02-01 09:35, Bas Couwenberg wrote:
>> Including the JOSM developers (josm-dev@openstreetmap.org) is also a
>> good idea, they (and Vincent Privat in particular) have contributed
>> patches to svgSalamander recently.
>>
>> I'll report the issue in the JOSM Trac since it also affects the
>> embedded copy in their upstream SVN repo.
> 
> JOSM issue: https://josm.openstreetmap.de/ticket/14319

Vicent Privat has fixed the issue for JOSM, and I've added a patch to
the svgsalamander Debian package with his changes.

We may want to include the regression test too, but I'm not sure how
that works in svgsalamander.

If we can't do that easily, we should just keep the patch as-is without
the regression tests that are included for JOSM.

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Message #38 received at 853134@bugs.debian.org (full text, mbox, reply):

From: Sebastiaan Couwenberg <sebastic@xs4all.nl>

To: Felix Natter <fnatter@gmx.net>

Cc: debian-gis@lists.debian.org, 853134@bugs.debian.org, debian-java@lists.debian.org

Subject: Re: CVE-2017-5617: svgSalamander

Date: Thu, 2 Feb 2017 19:09:26 +0100

On 02/02/2017 07:44 AM, Sebastiaan Couwenberg wrote:
> Control: tags -1 pending
> 
> On 02/01/2017 10:08 AM, Bas Couwenberg wrote:
>> On 2017-02-01 09:35, Bas Couwenberg wrote:
>>> Including the JOSM developers (josm-dev@openstreetmap.org) is also a
>>> good idea, they (and Vincent Privat in particular) have contributed
>>> patches to svgSalamander recently.
>>>
>>> I'll report the issue in the JOSM Trac since it also affects the
>>> embedded copy in their upstream SVN repo.
>>
>> JOSM issue: https://josm.openstreetmap.de/ticket/14319
> 
> Vicent Privat has fixed the issue for JOSM, and I've added a patch to
> the svgsalamander Debian package with his changes.
> 
> We may want to include the regression test too, but I'm not sure how
> that works in svgsalamander.
> 
> If we can't do that easily, we should just keep the patch as-is without
> the regression tests that are included for JOSM.

I want the fixed package uploaded ASAP, preferably today because
tomorrow I leave for FOSDEM and aren't likely to be able to do an upload.

Felix, have you had a look at the patch?

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Message #41 received at 853134@bugs.debian.org (full text, mbox, reply):

From: pkg-java-maintainers@lists.alioth.debian.org

To: 853134@bugs.debian.org, 853134-submitter@bugs.debian.org

Subject: Pending fixes for bugs in the svgsalamander package

Date: Fri, 03 Feb 2017 08:17:27 +0000

tag 853134 + pending
thanks

Some bugs in the svgsalamander package are closed in revision
c78ebe2de2e70bc6b69600f1c5878951013f4ba1 in branch '  jessie' by Bas
Couwenberg

The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-java/svgsalamander.git/commit/?id=c78ebe2

Commit message:

    Add patch by Vincent Privat to fix CVE-2017-5617 (SSRF).
    
    (closes: #853134)

Message #47 received at 853134@bugs.debian.org (full text, mbox, reply):

From: pkg-java-maintainers@lists.alioth.debian.org

To: 853134@bugs.debian.org, 853134-submitter@bugs.debian.org

Subject: Pending fixes for bugs in the svgsalamander package

Date: Fri, 03 Feb 2017 08:30:40 +0000

tag 853134 + pending
thanks

Some bugs in the svgsalamander package are closed in revision
0463aaee3bee4c864869832a1cbac9986e1bb16b in branch '  wheezy' by Bas
Couwenberg

The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-java/svgsalamander.git/commit/?id=0463aae

Commit message:

    Add patch by Vincent Privat to fix CVE-2017-5617 (SSRF).
    
    (closes: #853134)

Message #55 received at 853134@bugs.debian.org (full text, mbox, reply):

From: Sebastiaan Couwenberg <sebastic@xs4all.nl>

To: Felix Natter <fnatter@gmx.net>

Cc: debian-gis@lists.debian.org, 853134@bugs.debian.org, debian-java@lists.debian.org

Subject: Re: CVE-2017-5617: svgSalamander

Date: Fri, 3 Feb 2017 09:33:45 +0100

On 02/02/2017 07:09 PM, Sebastiaan Couwenberg wrote:
> On 02/02/2017 07:44 AM, Sebastiaan Couwenberg wrote:
>> On 02/01/2017 10:08 AM, Bas Couwenberg wrote:
>>> On 2017-02-01 09:35, Bas Couwenberg wrote:
>>>> Including the JOSM developers (josm-dev@openstreetmap.org) is also a
>>>> good idea, they (and Vincent Privat in particular) have contributed
>>>> patches to svgSalamander recently.
>>>>
>>>> I'll report the issue in the JOSM Trac since it also affects the
>>>> embedded copy in their upstream SVN repo.
>>>
>>> JOSM issue: https://josm.openstreetmap.de/ticket/14319
>>
>> Vicent Privat has fixed the issue for JOSM, and I've added a patch to
>> the svgsalamander Debian package with his changes.
>>
>> We may want to include the regression test too, but I'm not sure how
>> that works in svgsalamander.
>>
>> If we can't do that easily, we should just keep the patch as-is without
>> the regression tests that are included for JOSM.
> 
> I want the fixed package uploaded ASAP, preferably today because
> tomorrow I leave for FOSDEM and aren't likely to be able to do an upload.

I've uploaded the fixed svgsalamander to unstable, and also ported the
patch to the package in jessie & wheezy.

I'll coordinate with the security & LTS teams before uploading to
package for jessie & wheezy.

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Message #60 received at 853134-close@bugs.debian.org (full text, mbox, reply):

From: Bas Couwenberg <sebastic@debian.org>

To: 853134-close@bugs.debian.org

Subject: Bug#853134: fixed in svgsalamander 1.1.1+dfsg-2

Date: Fri, 03 Feb 2017 08:49:27 +0000

Source: svgsalamander
Source-Version: 1.1.1+dfsg-2

We believe that the bug you reported is fixed in the latest version of
svgsalamander, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 853134@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bas Couwenberg <sebastic@debian.org> (supplier of updated svgsalamander package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 03 Feb 2017 08:39:45 +0100
Source: svgsalamander
Binary: libsvgsalamander-java libsvgsalamander-java-doc
Architecture: source all
Version: 1.1.1+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Bas Couwenberg <sebastic@debian.org>
Description:
 libsvgsalamander-java - SVG engine for Java
 libsvgsalamander-java-doc - SVG engine for Java (documentation)
Closes: 853134
Changes:
 svgsalamander (1.1.1+dfsg-2) unstable; urgency=medium
 .
   * Team upload.
   * Add patch by Vincent Privat to fix CVE-2017-5617 (SSRF).
     (closes: #853134)
Checksums-Sha1:
 3770cbe76b0b2ed4d8b216dcd2837ee7ff1d811f 2196 svgsalamander_1.1.1+dfsg-2.dsc
 2111eb84ec68cf057b61071c450dfcee7e87bd33 8100 svgsalamander_1.1.1+dfsg-2.debian.tar.xz
 6880a1a8cfa19288d8f604aabaa490876f55b503 175524 libsvgsalamander-java-doc_1.1.1+dfsg-2_all.deb
 3f00ad19a70a87a6dda71b69bc5a6b202976d412 276870 libsvgsalamander-java_1.1.1+dfsg-2_all.deb
 7c6eb9fa627a4004811c624e7f8c4ae7e9337935 10382 svgsalamander_1.1.1+dfsg-2_amd64.buildinfo
Checksums-Sha256:
 f964b53ec7ca5d727effd4918909b2c4cd5c151041c3405806fdb5b1636a90a0 2196 svgsalamander_1.1.1+dfsg-2.dsc
 2becf22e5b1dbc85febf7db7a77f75689841e0bdf97edf68aedb04401b661c4d 8100 svgsalamander_1.1.1+dfsg-2.debian.tar.xz
 a8c8246bffe346dca56d2c132e36f0b512fb70d6ee113a0c9e89994b10625e52 175524 libsvgsalamander-java-doc_1.1.1+dfsg-2_all.deb
 f58ade8578a7a462743f9903fc26dcb5cc0efb9690dd394f07800c16782d7996 276870 libsvgsalamander-java_1.1.1+dfsg-2_all.deb
 0698de1251aecb2860f78c858a507aa21a2bed515f93af577359146cc03840ca 10382 svgsalamander_1.1.1+dfsg-2_amd64.buildinfo
Files:
 dd6e331f299d3a709ae870d1ad14784b 2196 java extra svgsalamander_1.1.1+dfsg-2.dsc
 2f1e170e8ea7f7585806f9f9f5f09969 8100 java extra svgsalamander_1.1.1+dfsg-2.debian.tar.xz
 0c967507a7b81885f1502562e753d8ba 175524 doc extra libsvgsalamander-java-doc_1.1.1+dfsg-2_all.deb
 30bf685e9413bfd49cd77ef9113dc7ca 276870 java extra libsvgsalamander-java_1.1.1+dfsg-2_all.deb
 1c99c1e4089232a64dfe45ec41850055 10382 java extra svgsalamander_1.1.1+dfsg-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJYlDW9AAoJEGdQ8QrojUrxhWMQAI9u6ubXBi8iLWot+R0QRSZ1
RIaoI14iT3rpe8QqoRAn7tgnqcEzogtHWxcB8i4vMc+WfWxdWrVfz9l8n/0WT/3n
ZZ7bIA8eFxXrCXJ1CF4sf5LT9Ugbib4QMscYkAksex/pNb+TYecKYba+gtyfXkCa
kooWfwaRbLSLiwK1i79mirSAEAs6l6Axiq4YPqDrUeVvSoQjDB1DSVMHSHVVq7Pw
EUzrJjcGV5RiC8qO1zvMduN5aYxeHTaPagxAlhmSzbo1ApUwduc3qDI4Dt1EUFTG
dOuvrFJKzdrd9CZ28Nac/3FSIFlHgB2KGgmOErVbx3Yu8w8eVRjwKZa7NsqqBpTk
qRwypgufVaFXp9J3+T2GOi/zX5XmYWkS+SB3STQUb/CNS/vUSZJb+IsY8MyJu72F
WnoCkB7ciC6mibcyMQnwZRU6xvO2hpFraqmtbSrBjlzeORXtCLqJBjvBkSaiSdV4
Ag3c4JO/cfjXQOwmhwzjClLFHaNwG9ru3udkPvZZGUE723GxbMZt4oPgbZH3a2hM
iSIoI+oZMemIIEWiOm/mxGk/lIeBk7WTfX8CpsdOfywaqphqj8I4NV/YODL1mQC2
x2YwBXDWGPVd9TPxLWf8zTQqeGrPkG+zwRmPzQutHLF0jHA9HDseGvI41xW1WGJN
pg5niHnEbZKXlIS3WyB0
=VIpb
-----END PGP SIGNATURE-----

Message #63 received at 853134@bugs.debian.org (full text, mbox, reply):

From: pkg-java-maintainers@lists.alioth.debian.org

To: 853134@bugs.debian.org, 853134-submitter@bugs.debian.org

Subject: Pending fixes for bugs in the svgsalamander package

Date: Fri, 03 Feb 2017 08:53:24 +0000

tag 853134 + pending
thanks

Some bugs in the svgsalamander package are closed in revision
975eaafa1bc3696ecf70b417de6109cf94094645 in branch '  wheezy' by Bas
Couwenberg

The full diff can be seen at
https://anonscm.debian.org/cgit/pkg-java/svgsalamander.git/commit/?id=975eaaf

Commit message:

    Add patch by Vincent Privat to fix CVE-2017-5617 (SSRF).
    
    (closes: #853134)

Message #75 received at 853134-close@bugs.debian.org (full text, mbox, reply):

From: Bas Couwenberg <sebastic@debian.org>

To: 853134-close@bugs.debian.org

Subject: Bug#853134: fixed in svgsalamander 0~svn95-1+deb8u1

Date: Sun, 12 Feb 2017 22:17:30 +0000

Source: svgsalamander
Source-Version: 0~svn95-1+deb8u1

We believe that the bug you reported is fixed in the latest version of
svgsalamander, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 853134@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bas Couwenberg <sebastic@debian.org> (supplier of updated svgsalamander package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 03 Feb 2017 09:03:52 +0100
Source: svgsalamander
Binary: libsvgsalamander-java libsvgsalamander-java-doc
Architecture: source all
Version: 0~svn95-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Bas Couwenberg <sebastic@debian.org>
Description:
 libsvgsalamander-java - SVG engine for Java
 libsvgsalamander-java-doc - SVG engine for Java (documentation)
Closes: 853134
Changes:
 svgsalamander (0~svn95-1+deb8u1) jessie-security; urgency=high
 .
   * Team upload.
   * Add patch by Vincent Privat to fix CVE-2017-5617 (SSRF).
     (closes: #853134)
Checksums-Sha1:
 6518f599f8fccdc51863fc597198f9ad9141fc59 2229 svgsalamander_0~svn95-1+deb8u1.dsc
 67e9342d85b65d607c48e5ad389141d68ea096b2 989743 svgsalamander_0~svn95.orig.tar.gz
 2394d73544d6b9aa9a07f2f0202a42973c0e82bb 6356 svgsalamander_0~svn95-1+deb8u1.debian.tar.xz
 f35995e2599f4c5ffdd929b199f29c853ad63907 258726 libsvgsalamander-java_0~svn95-1+deb8u1_all.deb
 217f5d76df77a2106702d78644d3c521f18b117d 177350 libsvgsalamander-java-doc_0~svn95-1+deb8u1_all.deb
Checksums-Sha256:
 ea1e8083f68d60fda9ba9b802f01164407d46478904bc6db604b9ab3fccf5380 2229 svgsalamander_0~svn95-1+deb8u1.dsc
 97a6b7dd30322ed6938680a9c5746e658d17e02f6bafe1b3a4e2f48f0d2402bd 989743 svgsalamander_0~svn95.orig.tar.gz
 e4b76c2e6430541d95b72c79d44f2298d4a8285af42bf324ebebbcd7f7d7ea12 6356 svgsalamander_0~svn95-1+deb8u1.debian.tar.xz
 f5ffd4ad8a576faef57304c5af0c451110859ced4f37715de0e99afa6e845d2b 258726 libsvgsalamander-java_0~svn95-1+deb8u1_all.deb
 b492ba971b32ca2e49aeffe7952b7818da4feee80c32c37a3e4d43f58fefaf16 177350 libsvgsalamander-java-doc_0~svn95-1+deb8u1_all.deb
Files:
 fb51b355f3172d390e26e08d7566fdc1 2229 java extra svgsalamander_0~svn95-1+deb8u1.dsc
 ea543cb5a9a9d23d35cd9707bef518ab 989743 java extra svgsalamander_0~svn95.orig.tar.gz
 f0b102c3c598d5d9cfba5bfce9ee1d32 6356 java extra svgsalamander_0~svn95-1+deb8u1.debian.tar.xz
 e6e94e15ba8078676158745ba486765f 258726 java extra libsvgsalamander-java_0~svn95-1+deb8u1_all.deb
 b64a26bfccbd64ba00bdc0c91df0b864 177350 doc extra libsvgsalamander-java-doc_0~svn95-1+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJYlFPHAAoJEGdQ8QrojUrxxCoP/Ry7P423H9jwYsQWAznI5I1e
+w+d26EkeDcbZoBA1bT0IYJteBsrYzgZCt4Ssv5x1dxWcU1QixNp1YfYJQdSuAHa
+55BN/04jc/YxS06iIjyO0YZNACnrheArffMmqeMJH8g3Rk7E9S79lA3JaNfHrF7
XzsX6qBky8G7kZNUQGhgob7N/eDUqcnOSw8CFBNqFl40y77zmugC4I4bgZyUahYV
haldRJVuD6AIxLXU9OkFZKP1WMPih70rlStMHmoFYUMuR+wrXSc6BVM/6/gNPnke
3A05cbuaYfCBAS003CQ8OVUTSZc0yaQes4crgzLtgXr87CW7H4e8W2loRO821a8N
79aFcICEXjCChBEnAsCox4QXgFoQ+HdcBC6Luq+L94YbKkjvKyCU+nt9y3jP0zJ8
PZKkkuqmLQwsReqY67mgrX47O2A0g/j9D2R13Kp50tyGBxkR9yV9nqfYuMj1slVV
ZApvA7Lq/hJzdc6Ywf3Upf6tDdMlcDyqWu1ssiHMc3nI+Gh81sW92zgW41+SoT/4
FYaht4e3seZkPeOmzSptLHJct7MyPdFyPpB9lRr6X0sXOYha71SxQnpG31q74xr6
e/afirBoUY1mgrRhXsPcSB2AwZOOQclu4J5RxLP3aLWHG3aT6qUzYH241Cp16Ytt
8TxcH6drtXChyRcScWbk
=NgmT
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.