pspp: CVE-2018-20230

Debian Bug report logs - #916902
pspp: CVE-2018-20230

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: pspp: CVE-2018-20230

Date: Thu, 20 Dec 2018 06:22:14 +0100

Source: pspp
Version: 1.2.0-2
Severity: important
Tags: security upstream

Hi,

The following vulnerability was published for pspp.

CVE-2018-20230[0]:
| An issue was discovered in PSPP 1.2.0. There is a heap-based buffer
| overflow at the function read_bytes_internal in
| utilities/pspp-dump-sav.c, which allows attackers to cause a denial of
| service (application crash) or possibly have unspecified other impact.

> ==6100==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000471 at pc 0x7fa0eba71110 bp 0x7ffcb1f6d0f0 sp 0x7ffcb1f6c8a0
> WRITE of size 199 at 0x602000000471 thread T0                          
>     #0 0x7fa0eba7110f  (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x9810f)
>     #1 0x40d1a9 in read_bytes_internal utilities/pspp-dump-sav.c:1585
>     #2 0x40d2c9 in read_bytes utilities/pspp-dump-sav.c:1601
>     #3 0x40c0e6 in open_text_record utilities/pspp-dump-sav.c:1399
>     #4 0x40a13c in read_long_var_name_map utilities/pspp-dump-sav.c:912
>     #5 0x40943a in read_extension_record utilities/pspp-dump-sav.c:626
>     #6 0x407340 in main utilities/pspp-dump-sav.c:218
>     #7 0x7fa0eb20d09a in __libc_start_main ../csu/libc-start.c:308
>     #8 0x4024d9 in _start (/tmp/pspp-1.2.0/utilities/pspp-dump-sav+0x4024d9)
>                                                                        
> 0x602000000471 is located 0 bytes to the right of 1-byte region [0x602000000470,0x602000000471)
> allocated by thread T0 here:
>     #0 0x7fa0ebac1ed0 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe8ed0)
>     #1 0x40f138 in xmalloc gl/xmalloc.c:41
>     #2 0x40c0cb in open_text_record utilities/pspp-dump-sav.c:1398
>     #3 0x40a13c in read_long_var_name_map utilities/pspp-dump-sav.c:912
>     #4 0x40943a in read_extension_record utilities/pspp-dump-sav.c:626
>     #5 0x407340 in main utilities/pspp-dump-sav.c:218
>     #6 0x7fa0eb20d09a in __libc_start_main ../csu/libc-start.c:308
> 
> SUMMARY: AddressSanitizer: heap-buffer-overflow (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x9810f)
> Shadow bytes around the buggy address:
>   0x0c047fff8030: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa
>   0x0c047fff8040: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa
>   0x0c047fff8050: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa
>   0x0c047fff8060: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa
>   0x0c047fff8070: fa fa fd fa fa fa fd fd fa fa fd fd fa fa fd fa
> =>0x0c047fff8080: fa fa fd fa fa fa fd fa fa fa fd fa fa fa[01]fa
>   0x0c047fff8090: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>   0x0c047fff80a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>   0x0c047fff80b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>   0x0c047fff80c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>   0x0c047fff80d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> Shadow byte legend (one shadow byte represents 8 application bytes):
>   Addressable:           00
>   Partially addressable: 01 02 03 04 05 06 07
>   Heap left redzone:       fa
>   Freed heap region:       fd
>   Stack left redzone:      f1
>   Stack mid redzone:       f2
>   Stack right redzone:     f3
>   Stack after return:      f5
>   Stack use after scope:   f8
>   Global redzone:          f9
>   Global init order:       f6
>   Poisoned by user:        f7
>   Container overflow:      fc
>   Array cookie:            ac
>   Intra object redzone:    bb
>   ASan internal:           fe
>   Left alloca redzone:     ca
>   Right alloca redzone:    cb
> ==6100==ABORTING

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-20230
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20230
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1660318

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #10 received at 916902@bugs.debian.org (full text, mbox, reply):

From: Ben Pfaff <blp@cs.stanford.edu>

To: Salvatore Bonaccorso <carnil@debian.org>, 916902@bugs.debian.org

Subject: Re: Bug#916902: pspp: CVE-2018-20230

Date: Wed, 19 Dec 2018 22:07:59 -0800

On Thu, Dec 20, 2018 at 06:22:14AM +0100, Salvatore Bonaccorso wrote:
> Source: pspp
> Version: 1.2.0-2
> Severity: important
> Tags: security upstream
> 
> Hi,
> 
> The following vulnerability was published for pspp.
> 
> CVE-2018-20230[0]:
> | An issue was discovered in PSPP 1.2.0. There is a heap-based buffer
> | overflow at the function read_bytes_internal in
> | utilities/pspp-dump-sav.c, which allows attackers to cause a denial of
> | service (application crash) or possibly have unspecified other impact.

This is another instance of a recurring problem with PSPP, in which some
anonymous person reports a vulnerability to MITRE, but not to the
upstream authors or the pspp-security list, and so the authors only hear
about it when Red Hat and Debian file bugs based on it.  It makes me
really mad.

So, how did you find out about this vulnerability?  I haven't found a
way to monitor the MITRE database for PSPP-related vulnerabilities.
They don't provide a way to do that (I even asked them a while back).

Thanks,

Ben.

Message #15 received at 916902@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Ben Pfaff <blp@cs.stanford.edu>

Cc: 916902@bugs.debian.org

Subject: Re: Bug#916902: pspp: CVE-2018-20230

Date: Thu, 20 Dec 2018 07:16:38 +0100

Hi Ben!

On Wed, Dec 19, 2018 at 10:07:59PM -0800, Ben Pfaff wrote:
> On Thu, Dec 20, 2018 at 06:22:14AM +0100, Salvatore Bonaccorso wrote:
> > Source: pspp
> > Version: 1.2.0-2
> > Severity: important
> > Tags: security upstream
> > 
> > Hi,
> > 
> > The following vulnerability was published for pspp.
> > 
> > CVE-2018-20230[0]:
> > | An issue was discovered in PSPP 1.2.0. There is a heap-based buffer
> > | overflow at the function read_bytes_internal in
> > | utilities/pspp-dump-sav.c, which allows attackers to cause a denial of
> > | service (application crash) or possibly have unspecified other impact.
> 
> This is another instance of a recurring problem with PSPP, in which some
> anonymous person reports a vulnerability to MITRE, but not to the
> upstream authors or the pspp-security list, and so the authors only hear
> about it when Red Hat and Debian file bugs based on it.  It makes me
> really mad.

I completely agree! Those reporter should not trow in such reports
randomly in some bugzilla (we see that as well for the Debian BTS) but
rather if they want to report it downstream, then as well take care to
notify upstream. This seem not to have been happened here.

> So, how did you find out about this vulnerability?  I haven't found a
> way to monitor the MITRE database for PSPP-related vulnerabilities.
> They don't provide a way to do that (I even asked them a while back).

We noticed it while monitoring the newly assigned CVEs from MITRE. The
CVE list is updated regularly, which we twice a day import in the
security-tracker data file and which we then later on loook at to
further investigate.

Regards,
Salvatore

Message #20 received at 916902@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>

To: Ben Pfaff <blp@cs.stanford.edu>

Cc: Salvatore Bonaccorso <carnil@debian.org>, 916902@bugs.debian.org

Subject: Re: Bug#916902: pspp: CVE-2018-20230

Date: Fri, 22 Feb 2019 22:57:20 +0100

On Wed, Dec 19, 2018 at 10:07:59PM -0800, Ben Pfaff wrote:
> On Thu, Dec 20, 2018 at 06:22:14AM +0100, Salvatore Bonaccorso wrote:
> > Source: pspp
> > Version: 1.2.0-2
> > Severity: important
> > Tags: security upstream
> > 
> > Hi,
> > 
> > The following vulnerability was published for pspp.
> > 
> > CVE-2018-20230[0]:
> > | An issue was discovered in PSPP 1.2.0. There is a heap-based buffer
> > | overflow at the function read_bytes_internal in
> > | utilities/pspp-dump-sav.c, which allows attackers to cause a denial of
> > | service (application crash) or possibly have unspecified other impact.
> 
> This is another instance of a recurring problem with PSPP, in which some
> anonymous person reports a vulnerability to MITRE, but not to the
> upstream authors or the pspp-security list, and so the authors only hear
> about it when Red Hat and Debian file bugs based on it.  It makes me
> really mad.

Regardless of the questionable reporting done here, do you know if this
bug has been addressed/reported upstream?

Cheers,
        Moritz

Message #25 received at 916902@bugs.debian.org (full text, mbox, reply):

From: Ben Pfaff <blp@cs.stanford.edu>

To: Moritz Mühlenhoff <jmm@inutil.org>

Cc: Salvatore Bonaccorso <carnil@debian.org>, 916902@bugs.debian.org

Subject: Re: Bug#916902: pspp: CVE-2018-20230

Date: Fri, 22 Feb 2019 13:59:49 -0800

On Fri, Feb 22, 2019 at 10:57:20PM +0100, Moritz Mühlenhoff wrote:
> On Wed, Dec 19, 2018 at 10:07:59PM -0800, Ben Pfaff wrote:
> > On Thu, Dec 20, 2018 at 06:22:14AM +0100, Salvatore Bonaccorso wrote:
> > > Source: pspp
> > > Version: 1.2.0-2
> > > Severity: important
> > > Tags: security upstream
> > > 
> > > Hi,
> > > 
> > > The following vulnerability was published for pspp.
> > > 
> > > CVE-2018-20230[0]:
> > > | An issue was discovered in PSPP 1.2.0. There is a heap-based buffer
> > > | overflow at the function read_bytes_internal in
> > > | utilities/pspp-dump-sav.c, which allows attackers to cause a denial of
> > > | service (application crash) or possibly have unspecified other impact.
> > 
> > This is another instance of a recurring problem with PSPP, in which some
> > anonymous person reports a vulnerability to MITRE, but not to the
> > upstream authors or the pspp-security list, and so the authors only hear
> > about it when Red Hat and Debian file bugs based on it.  It makes me
> > really mad.
> 
> Regardless of the questionable reporting done here, do you know if this
> bug has been addressed/reported upstream?

Yes, I fixed it upstream with commit abd1f816ca3b ("pspp-dump-sav: Issue
error message for too-large extension records.") on January 1.

Message #32 received at 916902@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>

To: Ben Pfaff <blp@cs.stanford.edu>, friedrich.beckmann@gmx.de

Cc: Moritz Mühlenhoff <jmm@inutil.org>, Salvatore Bonaccorso <carnil@debian.org>, 916902@bugs.debian.org

Subject: Re: Bug#916902: pspp: CVE-2018-20230

Date: Sun, 17 Mar 2019 23:20:36 +0100

On Fri, Feb 22, 2019 at 01:59:49PM -0800, Ben Pfaff wrote:
> On Fri, Feb 22, 2019 at 10:57:20PM +0100, Moritz Mühlenhoff wrote:
> > On Wed, Dec 19, 2018 at 10:07:59PM -0800, Ben Pfaff wrote:
> > > On Thu, Dec 20, 2018 at 06:22:14AM +0100, Salvatore Bonaccorso wrote:
> > > > Source: pspp
> > > > Version: 1.2.0-2
> > > > Severity: important
> > > > Tags: security upstream
> > > > 
> > > > Hi,
> > > > 
> > > > The following vulnerability was published for pspp.
> > > > 
> > > > CVE-2018-20230[0]:
> > > > | An issue was discovered in PSPP 1.2.0. There is a heap-based buffer
> > > > | overflow at the function read_bytes_internal in
> > > > | utilities/pspp-dump-sav.c, which allows attackers to cause a denial of
> > > > | service (application crash) or possibly have unspecified other impact.
> > > 
> > > This is another instance of a recurring problem with PSPP, in which some
> > > anonymous person reports a vulnerability to MITRE, but not to the
> > > upstream authors or the pspp-security list, and so the authors only hear
> > > about it when Red Hat and Debian file bugs based on it.  It makes me
> > > really mad.
> > 
> > Regardless of the questionable reporting done here, do you know if this
> > bug has been addressed/reported upstream?
> 
> Yes, I fixed it upstream with commit abd1f816ca3b ("pspp-dump-sav: Issue
> error message for too-large extension records.") on January 1.

Friedrich,
given that buster is now frozen, could you please cherrypick abd1f816ca3b
into a 1.2.0-3 upload and ask the release team for an unblock?

Cheers,
        Moritz

Message #39 received at 916902@bugs.debian.org (full text, mbox, reply):

From: Andreas Tille <andreas@an3as.eu>

To: Friedrich Beckmann <friedrich.beckmann@gmx.de>, Ben Pfaff <blp@cs.stanford.edu>, Debian Science List <debian-science@lists.debian.org>, 916902@bugs.debian.org

Subject: Taking over pspp into Debian Science team maintenance (Was: pspp: CVE-2018-20230)

Date: Tue, 23 Apr 2019 08:44:51 +0200

Hi Friedrich,

I stumbled upon #916902 in my Buster bug squashing effort.  I'm willing
to apply and upload the suggested fix[1], but I feel our both time
better spent if the changes are done in a repository on Salsa.  Since
the package perfectly fits into Debian Science scope I'd volunteer to
move the package to Debian Science.

In case I will not hear from you I in the next five days asume you agree
with this.

Kind regards

      Andreas.


[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916902#32

-- 
http://fam-tille.de

Message #44 received at 916902@bugs.debian.org (full text, mbox, reply):

From: Friedrich Beckmann <friedrich.beckmann@gmx.de>

To: Andreas Tille <andreas@an3as.eu>, 916902@bugs.debian.org

Cc: Ben Pfaff <blp@cs.stanford.edu>, Debian Science List <debian-science@lists.debian.org>

Subject: Re: Bug#916902: Taking over pspp into Debian Science team maintenance (Was: pspp: CVE-2018-20230)

Date: Tue, 23 Apr 2019 11:17:23 +0200

Hi Andreas,

thanks for your offer to add the bugfix! You are of course welcome to do so.
You can also create a project for the debian parts of pspp in salsa.

Regards

Friedrich

> Am 23.04.2019 um 08:44 schrieb Andreas Tille <andreas@an3as.eu>:
>
> Hi Friedrich,
>
> I stumbled upon #916902 in my Buster bug squashing effort.  I'm willing
> to apply and upload the suggested fix[1], but I feel our both time
> better spent if the changes are done in a repository on Salsa.  Since
> the package perfectly fits into Debian Science scope I'd volunteer to
> move the package to Debian Science.
>
> In case I will not hear from you I in the next five days asume you agree
> with this.
>
> Kind regards
>
>      Andreas.
>
>
> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916902#32
>
> --
> http://fam-tille.de

Message #49 received at 916902@bugs.debian.org (full text, mbox, reply):

From: Andreas Tille <andreas@an3as.eu>

To: Friedrich Beckmann <friedrich.beckmann@gmx.de>

Cc: 916902@bugs.debian.org, Ben Pfaff <blp@cs.stanford.edu>, Debian Science List <debian-science@lists.debian.org>

Subject: Re: Bug#916902: Taking over pspp into Debian Science team maintenance (Was: pspp: CVE-2018-20230)

Date: Tue, 23 Apr 2019 13:18:13 +0200

Hi Friedrich,

thanks for the quick confirmation.
I've injected the packaging into

   https://salsa.debian.org/science-team/pspp

and added Ben Pfaff to the Debian Science team.  Please create a login
on Salsa yourself to enable you becoming a member of the team and thus
getting commit permissions.

Kind regards

        Andreas.

On Tue, Apr 23, 2019 at 11:17:23AM +0200, Friedrich Beckmann wrote:
> Hi Andreas,
> 
> thanks for your offer to add the bugfix! You are of course welcome to do so.
> You can also create a project for the debian parts of pspp in salsa.
> 
> Regards
> 
> Friedrich
> 
> > Am 23.04.2019 um 08:44 schrieb Andreas Tille <andreas@an3as.eu>:
> >
> > Hi Friedrich,
> >
> > I stumbled upon #916902 in my Buster bug squashing effort.  I'm willing
> > to apply and upload the suggested fix[1], but I feel our both time
> > better spent if the changes are done in a repository on Salsa.  Since
> > the package perfectly fits into Debian Science scope I'd volunteer to
> > move the package to Debian Science.
> >
> > In case I will not hear from you I in the next five days asume you agree
> > with this.
> >
> > Kind regards
> >
> >      Andreas.
> >
> >
> > [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916902#32
> >
> > --
> > http://fam-tille.de
> 
> 

-- 
http://fam-tille.de

Message #54 received at 916902@bugs.debian.org (full text, mbox, reply):

From: Friedrich Beckmann <friedrich.beckmann@gmx.de>

To: Andreas Tille <andreas@an3as.eu>

Cc: 916902@bugs.debian.org, Ben Pfaff <blp@cs.stanford.edu>, Debian Science List <debian-science@lists.debian.org>

Subject: Re: Bug#916902: Taking over pspp into Debian Science team maintenance (Was: pspp: CVE-2018-20230)

Date: Tue, 23 Apr 2019 13:26:38 +0200

Hi Andreas,

i created the account beckmanf-guest at salsa.

Regards

Friedrich

> Am 23.04.2019 um 13:18 schrieb Andreas Tille <andreas@an3as.eu>:
> 
> Hi Friedrich,
> 
> thanks for the quick confirmation.
> I've injected the packaging into
> 
>   https://salsa.debian.org/science-team/pspp
> 
> and added Ben Pfaff to the Debian Science team.  Please create a login
> on Salsa yourself to enable you becoming a member of the team and thus
> getting commit permissions.
> 
> Kind regards
> 
>        Andreas.
> 
> On Tue, Apr 23, 2019 at 11:17:23AM +0200, Friedrich Beckmann wrote:
>> Hi Andreas,
>> 
>> thanks for your offer to add the bugfix! You are of course welcome to do so.
>> You can also create a project for the debian parts of pspp in salsa.
>> 
>> Regards
>> 
>> Friedrich
>> 
>>> Am 23.04.2019 um 08:44 schrieb Andreas Tille <andreas@an3as.eu>:
>>> 
>>> Hi Friedrich,
>>> 
>>> I stumbled upon #916902 in my Buster bug squashing effort.  I'm willing
>>> to apply and upload the suggested fix[1], but I feel our both time
>>> better spent if the changes are done in a repository on Salsa.  Since
>>> the package perfectly fits into Debian Science scope I'd volunteer to
>>> move the package to Debian Science.
>>> 
>>> In case I will not hear from you I in the next five days asume you agree
>>> with this.
>>> 
>>> Kind regards
>>> 
>>>     Andreas.
>>> 
>>> 
>>> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916902#32
>>> 
>>> --
>>> http://fam-tille.de
>> 
>> 
> 
> -- 
> http://fam-tille.de

Message #59 received at 916902-close@bugs.debian.org (full text, mbox, reply):

From: Andreas Tille <tille@debian.org>

To: 916902-close@bugs.debian.org

Subject: Bug#916902: fixed in pspp 1.2.0-3

Date: Tue, 23 Apr 2019 13:04:38 +0000

Source: pspp
Source-Version: 1.2.0-3

We believe that the bug you reported is fixed in the latest version of
pspp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 916902@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Tille <tille@debian.org> (supplier of updated pspp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 23 Apr 2019 13:59:03 +0200
Source: pspp
Binary: pspp pspp-dbgsym
Architecture: source amd64
Version: 1.2.0-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Science Team <debian-science-maintainers@lists.alioth.debian.org>
Changed-By: Andreas Tille <tille@debian.org>
Description:
 pspp       - Statistical analysis tool
Closes: 916902
Changes:
 pspp (1.2.0-3) unstable; urgency=medium
 .
   [ Andreas Tille ]
   * Team upload.
   * Take over package into Debian Science team maintenance
 .
   [ Ben Pfaff ]
   * Issue error message for too-large extension records. (CVE-2018-20230)
     Closes: #916902
Checksums-Sha1:
 b69f73fb205d4b66bc36b036e7cc5cf7faddddae 2596 pspp_1.2.0-3.dsc
 8b9a01d048a8e543c11f17d6e92e09bf22ce357c 28332 pspp_1.2.0-3.debian.tar.xz
 8b522b00fda7b53b03758a1b5ce3001d3d740e39 3795416 pspp-dbgsym_1.2.0-3_amd64.deb
 5802898e41c196b6abfa54dcb13a2ae2bceae161 18249 pspp_1.2.0-3_amd64.buildinfo
 ec07cc41c41f0db4c287811d05564ad8c6ca1845 3809960 pspp_1.2.0-3_amd64.deb
Checksums-Sha256:
 d9652af99ade53670534314848ec06dd82f9f1358a14884086305297f0dd0fcd 2596 pspp_1.2.0-3.dsc
 37fade9f21d7e4748eb01ae54ea751378905bb7c380d31b0873ca9763b58a399 28332 pspp_1.2.0-3.debian.tar.xz
 9ac5c90175908aa4e32d0676675d2df398a82ab8565e97862898aa7215a338c4 3795416 pspp-dbgsym_1.2.0-3_amd64.deb
 b4cc64ac40396d591c2401d0bd3c89995859bbf3bdaa99c99c82477449301519 18249 pspp_1.2.0-3_amd64.buildinfo
 02b15744576cefe92a1f874d8663575caaa71c0e6c60795e8617c23338fc5fc3 3809960 pspp_1.2.0-3_amd64.deb
Files:
 aa887b04f373a6debfd0f6b2d2f8ac43 2596 math optional pspp_1.2.0-3.dsc
 db112244122caa38580e71f1829a3080 28332 math optional pspp_1.2.0-3.debian.tar.xz
 16e600785f903d6a9c13a817f47f5b09 3795416 debug optional pspp-dbgsym_1.2.0-3_amd64.deb
 4177b58614dd9f03ca4d20905441ef73 18249 math optional pspp_1.2.0-3_amd64.buildinfo
 42f4ff59934206b37574fc317b94a854 3809960 math optional pspp_1.2.0-3_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCAAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAly/BogRHHRpbGxlQGRl
Ymlhbi5vcmcACgkQV4oElNHGRtFwSw//YL2M32a3Ky6AYQIBVFzIYQortBcs8ZS+
uqHnuZr6wRJgj82NS8Bvwo0JE69gps6dLCfua+8oYdWh65LtrhYuQeqdt1zj9eoA
HkwifMsEEalHMTYTQ3Ml+obELv0q4hn77ShRbT0yZ6i94RQiOOZ6qU5X3AvFs7SN
LgFxyaZ9D7o7CjZdUxa05p0jwuYeM+BxxDpIecB5OWSaeptBrcVWVD0ys5P37v7E
e6wqAjBVjyVOb0MSC0fp4IJmeHfiq/y85THoeKKChKUjeIIWE2IzIZKMZP+y9n3x
ikrsiwiUGRdRoRU8of6zwNiY7KcXTtUrImg/Nj/EXKPimhEbKpD2FJdQGl8FnU4P
xYWMx5iJjnS+FFHehaK9Rd9Z+lsKngjqfUFUp5KfuSH+v8ZeEjdc9W7mtA3ROVQd
QzTNguG/yizjyYPralfTMAV3tMm+u9o00NhexsSKeNbnUZrZhXu/mrOreHOzUrVw
0q95T+weg3drk+LyUOuVfYfezPHRbSN3PwC3Bznd2l11Gz4QAUYr3TO8LaH9P/3n
3VfxLLG6AiPiqeErofHXyAM3KL42Ey6F7v+OohP5PWhLRI2QxJEI/lUCZ+lw8ohY
7NJCLniUz2FSkbXdp9G5cgt8blklXp7HPdDnsrlHJ0KHKwYS3/u9LUTxYYFGU/4I
Wi1juPW2I00=
=tMeX
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.