git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server and client RCE

Debian Bug report logs - #818318
git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server and client RCE

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Ximin Luo <infinity0@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server and client RCE, fixed in 2.7.1

Date: Tue, 15 Mar 2016 22:13:56 +0100

Package: git
Version: 1:2.7.0-1
Severity: grave
Tags: upstream security
Justification: user security hole

Dear Maintainer,

This was just posted:

http://seclists.org/oss-sec/2016/q1/645

Please upload 2.7.1 ASAP.


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable'), (300, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages git depends on:
ii  git-man                           1:2.7.0-1
ii  libc6                             2.21-9
ii  libcurl3-gnutls                   7.47.0-1
ii  liberror-perl                     0.17-1.2
ii  libexpat1                         2.1.0-7
ii  libpcre3                          2:8.38-3
ii  perl-modules-5.22 [perl-modules]  5.22.1-8
ii  zlib1g                            1:1.2.8.dfsg-2+b1

Versions of packages git recommends:
ii  less                         481-2.1
ii  openssh-client [ssh-client]  1:7.1p2-2
ii  patch                        2.7.5-1
ii  rsync                        3.1.1-3

Versions of packages git suggests:
ii  gettext-base         0.19.7-2
ii  git-arch             1:2.7.0-1
ii  git-cvs              1:2.7.0-1
ii  git-daemon-sysvinit  1:2.7.0-1
ii  git-doc              1:2.7.0-1
ii  git-el               1:2.7.0-1
ii  git-email            1:2.7.0-1
ii  git-gui              1:2.7.0-1
ii  git-mediawiki        1:2.7.0-1
ii  git-svn              1:2.7.0-1
ii  gitk                 1:2.7.0-1
ii  gitweb               1:2.7.0-1

-- no debconf information

Message #10 received at 818318@bugs.debian.org (full text, mbox, reply):

From: László Böszörményi (GCS) <gcs@debian.org>

To: Ximin Luo <infinity0@debian.org>, 818318@bugs.debian.org

Subject: Re: Bug#818318: git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server and client RCE, fixed in 2.7.1

Date: Tue, 15 Mar 2016 23:26:38 +0100

On Tue, Mar 15, 2016 at 10:13 PM, Ximin Luo <infinity0@debian.org> wrote:
> http://seclists.org/oss-sec/2016/q1/645
>
> Please upload 2.7.1 ASAP.
 Just for the record, it should be 2.7.3 due to an integer overflow
fix[1] (no CVE). On the other hand, CVE-2016-2315 is already fixed in
Stretch and Sid[2] with the 2.7.0 version.

Laszlo/GCS
[1] https://github.com/git/git/commit/13e0b0d3dc76353632dcb0bc63cdf03426154317
[2] https://security-tracker.debian.org/tracker/CVE-2016-2315

Message #17 received at 818318@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Ximin Luo <infinity0@debian.org>, 818318@bugs.debian.org

Cc: team@security.debian.org, Jonathan Nieder <jrnieder@gmail.com>

Subject: Re: Bug#818318: git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server and client RCE, fixed in 2.7.1

Date: Wed, 16 Mar 2016 12:22:59 +0100

[Message part 1 (text/plain, inline)]

Hi all,

Want to try to summarize:

CVE-2016-2315, fixed by
https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305
(v2.7.0-rc0).

Then there is CVE-2016-2324. AFAICT, this is fixed by the path_name
removal, in
https://github.com/git/git/commit/9831e92bfa833ee9c0ce464bbc2f941ae6c2698d
(v2.8.0-rc0). So this is *not* in any 2.7.x. According to the CVE
assignment, CVE-2016-2324 is for 'Related ... is integer overflow due
to a loop which adds more to "len"'. See:

http://www.openwall.com/lists/oss-security/2016/03/16/2

There is further one mentioned in the initial post, which is related
to a smilar issue in the diff code, which should be
https://github.com/git/git/commit/5b442c4f2723211ce0d862571e88ee206bfd51bf
(v2.7.3) and has not a CVE so far.

Laszlo mentioned then as well
https://github.com/git/git/commit/13e0b0d3dc76353632dcb0bc63cdf03426154317
(v2.7.3), this is a separate issue, but not related to the two assigned
CVEs AFAICS, but will be fixed as well if updating to 2.7.3 based
upload.

The original reporter mentions to be safe with 2.7.1, but in the light
of the second commit this does not look fully correct?

Do you concur on this summary?

Regards,
Salvatore

[signature.asc (application/pgp-signature, inline)]

Message #22 received at 818318@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 818318@bugs.debian.org

Cc: Ximin Luo <infinity0@debian.org>, team@security.debian.org, Jonathan Nieder <jrnieder@gmail.com>

Subject: Re: Bug#818318: git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server and client RCE

Date: Wed, 16 Mar 2016 14:31:24 +0100

Control: retitle -1 git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server and client RCE

Hi,

On Wed, Mar 16, 2016 at 12:22:59PM +0100, Salvatore Bonaccorso wrote:
> Then there is CVE-2016-2324. AFAICT, this is fixed by the path_name
> removal, in
> https://github.com/git/git/commit/9831e92bfa833ee9c0ce464bbc2f941ae6c2698d
> (v2.8.0-rc0). So this is *not* in any 2.7.x. According to the CVE
> assignment, CVE-2016-2324 is for 'Related ... is integer overflow due
> to a loop which adds more to "len"'. See:
> 
> http://www.openwall.com/lists/oss-security/2016/03/16/2

For reference as well the confirmation in
http://www.openwall.com/lists/oss-security/2016/03/16/9

Regards,
Salvatore

Message #31 received at 818318@bugs.debian.org (full text, mbox, reply):

From: Ben Hutchings <ben@decadent.org.uk>

To: 818318@bugs.debian.org

Subject: Re: git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server and client RCE

Date: Wed, 16 Mar 2016 23:33:36 +0000

[Message part 1 (text/plain, inline)]

I intend to NMU git to fix these bugs in unstable, as they make most of
my development activity unsafe.

git maintainers, please let me know if you're already preparing an
update.

Ben.

-- 
Ben Hutchings
If you seem to know what you are doing, you'll be given more to do.

[signature.asc (application/pgp-signature, inline)]

Message #36 received at 818318@bugs.debian.org (full text, mbox, reply):

From: Jonathan Nieder <jrnieder@gmail.com>

To: Ben Hutchings <ben@decadent.org.uk>, 818318@bugs.debian.org

Subject: Re: Bug#818318: git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server and client RCE

Date: Wed, 16 Mar 2016 17:16:05 -0700

Ben Hutchings wrote:

> I intend to NMU git to fix these bugs in unstable, as they make most of
> my development activity unsafe.
>
> git maintainers, please let me know if you're already preparing an
> update.

I'm already preparing an update.

Jonathan

Message #41 received at 818318@bugs.debian.org (full text, mbox, reply):

From: Ben Hutchings <ben@decadent.org.uk>

To: Jonathan Nieder <jrnieder@gmail.com>, 818318@bugs.debian.org

Subject: Re: Bug#818318: git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server and client RCE

Date: Thu, 17 Mar 2016 00:37:27 +0000

[Message part 1 (text/plain, inline)]

On Wed, 2016-03-16 at 17:16 -0700, Jonathan Nieder wrote:
> Ben Hutchings wrote:
> 
> > 
> > I intend to NMU git to fix these bugs in unstable, as they make most of
> > my development activity unsafe.
> > 
> > git maintainers, please let me know if you're already preparing an
> > update.
> I'm already preparing an update.

Thanks.  For what it's worth, I'm attaching my minimal fix for
CVE-2016-2324.  All existing tests pass, but I don't have a reproducer
for the security issue so I can't be certain it's fixed.

Ben.

-- 
Ben Hutchings
Absolutum obsoletum. (If it works, it's out of date.) - Stafford Beer

[0008-fix-integer-overflow-in-path_name-function.patch (text/x-patch, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #46 received at 818318@bugs.debian.org (full text, mbox, reply):

From: Jonathan Nieder <jrnieder@gmail.com>

To: Ben Hutchings <ben@decadent.org.uk>

Cc: 818318@bugs.debian.org

Subject: Re: Bug#818318: git: CVE-2016-2324 and CVE-2016-2315 (currently unpublished) server and client RCE

Date: Wed, 16 Mar 2016 17:48:52 -0700

On Thu, Mar 17, 2016 at 12:37:27AM +0000, Ben Hutchings wrote:
> On Wed, 2016-03-16 at 17:16 -0700, Jonathan Nieder wrote:
>> Ben Hutchings wrote:

>>> I intend to NMU git to fix these bugs in unstable, as they make most of
>>> my development activity unsafe.
>>>
>>> git maintainers, please let me know if you're already preparing an
>>> update.
>>
>> I'm already preparing an update.
>
> Thanks.  For what it's worth, I'm attaching my minimal fix for
> CVE-2016-2324.  All existing tests pass, but I don't have a reproducer
> for the security issue so I can't be certain it's fixed.

More patches are needed.  See https://git.kernel.org/cgit/git/git.git/log/?h=maint
(I mention this mostly for the sake of people backporting to stable,
testing, or oldstable.)

Message #51 received at 818318-close@bugs.debian.org (full text, mbox, reply):

From: Jonathan Nieder <jrnieder@gmail.com>

To: 818318-close@bugs.debian.org

Subject: Bug#818318: fixed in git 1:2.8.0~rc3-1

Date: Thu, 17 Mar 2016 03:55:50 +0000

Source: git
Source-Version: 1:2.8.0~rc3-1

We believe that the bug you reported is fixed in the latest version of
git, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 818318@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonathan Nieder <jrnieder@gmail.com> (supplier of updated git package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 16 Mar 2016 18:28:12 -0700
Source: git
Binary: git git-man git-core git-doc git-arch git-cvs git-svn git-mediawiki git-email git-daemon-run git-daemon-sysvinit git-gui gitk git-el gitweb git-all
Architecture: source all amd64
Version: 1:2.8.0~rc3-1
Distribution: unstable
Urgency: medium
Maintainer: Gerrit Pape <pape@smarden.org>
Changed-By: Jonathan Nieder <jrnieder@gmail.com>
Description:
 git        - fast, scalable, distributed revision control system
 git-all    - fast, scalable, distributed revision control system (all subpacka
 git-arch   - fast, scalable, distributed revision control system (arch interop
 git-core   - fast, scalable, distributed revision control system (obsolete)
 git-cvs    - fast, scalable, distributed revision control system (cvs interope
 git-daemon-run - fast, scalable, distributed revision control system (git-daemon s
 git-daemon-sysvinit - fast, scalable, distributed revision control system (git-daemon s
 git-doc    - fast, scalable, distributed revision control system (documentatio
 git-el     - fast, scalable, distributed revision control system (emacs suppor
 git-email  - fast, scalable, distributed revision control system (email add-on
 git-gui    - fast, scalable, distributed revision control system (GUI)
 git-man    - fast, scalable, distributed revision control system (manual pages
 git-mediawiki - fast, scalable, distributed revision control system (MediaWiki in
 git-svn    - fast, scalable, distributed revision control system (svn interope
 gitk       - fast, scalable, distributed revision control system (revision tre
 gitweb     - fast, scalable, distributed revision control system (web interfac
Closes: 818318
Changes:
 git (1:2.8.0~rc3-1) unstable; urgency=medium
 .
   * new upstream release candidate (see RelNotes/2.8.0.txt).
     * harden against on-stack and on-heap buffer overflows (CVE-2016-2324,
       CVE-2016-2315; closes: #818318).
   * debian/git.docs: update for README -> README.md renaming.
Checksums-Sha1:
 596e1c8bf24561ad6741156dece8b323537f2cba 2794 git_2.8.0~rc3-1.dsc
 5cbc98cc2bf62e08291ef1166fc99f3d2f2a9757 3938976 git_2.8.0~rc3.orig.tar.xz
 688c47a22e9eefe477848b66acf7d6c176c92cb6 506748 git_2.8.0~rc3-1.debian.tar.xz
 7001694354cb5b1e03b11e64a77dcbd65c1f6e08 636792 git-all_2.8.0~rc3-1_all.deb
 d93d946bf568c8ad20db3e675ee9049a5fe0907a 650134 git-arch_2.8.0~rc3-1_all.deb
 9fdc6b2e07457f852e7d289fc8cb90cc56bc2a86 1418 git-core_2.8.0~rc3-1_all.deb
 bb5b58cf58d046025fcc9499649af0a78e781768 699874 git-cvs_2.8.0~rc3-1_all.deb
 4618cb47e4ff63d67a730232033d6de6d708f2d7 638360 git-daemon-run_2.8.0~rc3-1_all.deb
 bc2b3198eb6e3beaedf26f67dbba64444b12f550 639444 git-daemon-sysvinit_2.8.0~rc3-1_all.deb
 b5eaeaa22782c7b914419aefcd595681b9a9e975 1509272 git-doc_2.8.0~rc3-1_all.deb
 d3f84c3de01bb258c672790234298ee5fa46e363 656426 git-el_2.8.0~rc3-1_all.deb
 789a28d7ec03fa3bda17e21518b221c921367ff4 658770 git-email_2.8.0~rc3-1_all.deb
 0cae6924f8aa09c27166ac3ebebfd76590a18982 837764 git-gui_2.8.0~rc3-1_all.deb
 ba709d563814552a6344acfebc236f9d85051575 1369898 git-man_2.8.0~rc3-1_all.deb
 71954272f192e98100e088f4102dfcb379a22fa4 652450 git-mediawiki_2.8.0~rc3-1_all.deb
 7b27d15170072497318c3f219f4d9d00f9f41c5f 721508 git-svn_2.8.0~rc3-1_all.deb
 a7dd5d195d869e241c6faa284602032b34d7db3f 3681062 git_2.8.0~rc3-1_amd64.deb
 8177dce0c9ba18f99e7d8402142cecfdcc5f2482 762448 gitk_2.8.0~rc3-1_all.deb
 e54507e9114f347f742a61a256a3bef0c678d4b6 641250 gitweb_2.8.0~rc3-1_all.deb
Checksums-Sha256:
 6e81a318fb4eb5cca0333b7b6ff0c70dd0097e9fe711b159d5eac4b9f47c6c27 2794 git_2.8.0~rc3-1.dsc
 30758bcd59e457459a077ba3eb85c5a9ff1d4663bc3fa3227e337b9c76bbbe69 3938976 git_2.8.0~rc3.orig.tar.xz
 63f5211003220410c40557986ba05d44f8d8bf0b6f1d1ef2bbc4213ec186f158 506748 git_2.8.0~rc3-1.debian.tar.xz
 8a92072d68ca3e844d01aee13a4de06a637cdcdd3eadc05d1017f9079370e23a 636792 git-all_2.8.0~rc3-1_all.deb
 df1e314ba148fd87fee557d3613475e77b12a46e76a22d529ce18bf6d766c6fe 650134 git-arch_2.8.0~rc3-1_all.deb
 fd8f95da3fb13af9c4583ca89f9a7e62da65cf751c1ff3bf41f4df615ea6f59c 1418 git-core_2.8.0~rc3-1_all.deb
 5240460c43a3b93ef02b1a1bfc82e12851c9beefe4ca34877ad1f69fd5939532 699874 git-cvs_2.8.0~rc3-1_all.deb
 e34a4ef6a0d32e4f1cbab7578e7ff38e38e07446a55ebb868e692a7cb8ff027a 638360 git-daemon-run_2.8.0~rc3-1_all.deb
 801e42c87cc339db4195e4e79ed7146914a9459e39e840ad848b97ee94ba5e07 639444 git-daemon-sysvinit_2.8.0~rc3-1_all.deb
 ea0fe44595ef3153e6ae78b68c5c1e577f529c92d91bcaf4e3a5fdabfb7a25a4 1509272 git-doc_2.8.0~rc3-1_all.deb
 67a2a87eb6e61432726c039cdef7567a3d5cd4c284fe6aba40b632c173b6fcb4 656426 git-el_2.8.0~rc3-1_all.deb
 ac61ff95791e338e00cf2557f3d753d567cf79368c037c6781e2df6a5c1b918f 658770 git-email_2.8.0~rc3-1_all.deb
 85b70cca6ce0b182fae2f4a9a437c24a16f039492d3261d4281d69cf172edfee 837764 git-gui_2.8.0~rc3-1_all.deb
 9febe5abba50e4bced2803dd1232ac214c2c1b72526462a95704942e6f7ac4b6 1369898 git-man_2.8.0~rc3-1_all.deb
 614c8197da4cc30de6aaee9ba4c28d4b65f5b27cfb52d2d5db42429b9c1d64a1 652450 git-mediawiki_2.8.0~rc3-1_all.deb
 7ac039059c95739067da75ac15212e3ac660830e97933681ce22443b32a08216 721508 git-svn_2.8.0~rc3-1_all.deb
 4a3853affc89dc4314ae921f0f95245bc9c8fbcc5621d2a58ed3445510374360 3681062 git_2.8.0~rc3-1_amd64.deb
 0264ad957d4e910b629e3e8f789038f9b09462edca6b886cca2bbdda7c8c8c61 762448 gitk_2.8.0~rc3-1_all.deb
 5a424c6de626ab50808aa4a59f39b5df4a00964d1310af04bcaaf86de9edef8b 641250 gitweb_2.8.0~rc3-1_all.deb
Files:
 97b2f14b897986011f36ec49444f8fb8 2794 vcs optional git_2.8.0~rc3-1.dsc
 28257aab6a68dacb03dc266900ed0345 3938976 vcs optional git_2.8.0~rc3.orig.tar.xz
 9b65cdd75d27e37e25b4241e6a7f7a69 506748 vcs optional git_2.8.0~rc3-1.debian.tar.xz
 bb3830fc28e300df3a3afb2e99ca548e 636792 vcs optional git-all_2.8.0~rc3-1_all.deb
 1314f3cfc936b0879afcb5c5ce951922 650134 vcs optional git-arch_2.8.0~rc3-1_all.deb
 80db4b01d5833d0cc5b75aacad2c9f43 1418 vcs optional git-core_2.8.0~rc3-1_all.deb
 c0e93a48bbd2dbe6dc141037262636e5 699874 vcs optional git-cvs_2.8.0~rc3-1_all.deb
 4ee5e6a9fb24557f497329921df00fd0 638360 vcs optional git-daemon-run_2.8.0~rc3-1_all.deb
 f1ff2530af63fac57329348035a83419 639444 vcs extra git-daemon-sysvinit_2.8.0~rc3-1_all.deb
 12a185ff942030d8342c9545ad16b022 1509272 doc optional git-doc_2.8.0~rc3-1_all.deb
 7d7f8b236ada962a708604780faa7c04 656426 vcs optional git-el_2.8.0~rc3-1_all.deb
 130d9a11a9669ebe2c103d2eee2930dc 658770 vcs optional git-email_2.8.0~rc3-1_all.deb
 61f00caaf1077a09e1f51c571cf72dae 837764 vcs optional git-gui_2.8.0~rc3-1_all.deb
 160e671630e0186662ab57058e844938 1369898 doc optional git-man_2.8.0~rc3-1_all.deb
 bcdc854c03f9b3378e4e042a3d889ec5 652450 vcs optional git-mediawiki_2.8.0~rc3-1_all.deb
 54fcd600174c0ca6bbf790783891ec81 721508 vcs optional git-svn_2.8.0~rc3-1_all.deb
 7c44cc0dedbfee235d1ca43a39ee0fa9 3681062 vcs optional git_2.8.0~rc3-1_amd64.deb
 0fda1dad3b83e1bee9f49dc9bd45c85c 762448 vcs optional gitk_2.8.0~rc3-1_all.deb
 a150431afa92268df78eec42fc730992 641250 vcs optional gitweb_2.8.0~rc3-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJW6g4IAAoJEN/Gce6zM/ol4oUP/1hf7XK36/lAi1SQqUS/G/ae
iZAzWP+BLudWIuVXF27DHI1z8lpqdZHeecNNZ4w1Rss2JM37dzMHyFK3dqjb1kO9
wE/Rb36njU1w2BRNbxVt7keouOpr7uQx9ojodaoq1fQLCNaZb6w2f8/2aKD2rRof
FlyOQe/DO5abqHbSolkFWPlcu5J/0p/cXNPHZYkgXH1a5PqVxbST6OqesWaUGmB0
ZBExAODTgct7+M1IIlOBLj3ErYR3do1X+ePbXKG2RxEjZm6moEvwAJp2vaeT/RtE
BeEHVeqbs/fj+hjCGxjzqMUAu6ONcpJLMEL94aH6SWh5sReC+XDqtrWLKwIAjbvt
8wkiJyUUjy0sX/1Lqu8he/3aPMsn0W5bStqcI3GnUXqYb5WG8ytkG7bUcSXu35QI
F48u84hSTNSgfT5yap7t6ANinEPWNKRJ5kpVrYCiXfbgaW/OUanyPfBVz4P/w8HN
GPl7TO3ZIdA4TbgwXu/Xc6JxBuhg5T1zW6p7bpwGKiUgG2eBuz/5fyKoOqzu5TNS
97lP91Eb4u58fMAgoEuQ+hreAuMZYo7jqh40fs0xdKraW7XmBI1d6yWS+7DKG/Sl
+7FKKdihIomSj6PeGfCaKN+rRlNdWqkPxpnn/HS3zduKYapPhiZFpJuZacrdY9Gb
05dwbpUXOAwj/XnfsrDw
=7Wwp
-----END PGP SIGNATURE-----

Message #56 received at 818318-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 818318-close@bugs.debian.org

Subject: Bug#818318: fixed in git 1:2.1.4-2.1+deb8u2

Date: Sat, 19 Mar 2016 21:32:08 +0000

Source: git
Source-Version: 1:2.1.4-2.1+deb8u2

We believe that the bug you reported is fixed in the latest version of
git, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 818318@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated git package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 18 Mar 2016 06:20:38 +0100
Source: git
Binary: git git-man git-core git-doc git-arch git-cvs git-svn git-mediawiki git-email git-daemon-run git-daemon-sysvinit git-gui gitk git-el gitweb git-all
Architecture: all source
Version: 1:2.1.4-2.1+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Gerrit Pape <pape@smarden.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 818318
Description: 
 git        - fast, scalable, distributed revision control system
 git-all    - fast, scalable, distributed revision control system (all subpacka
 git-arch   - fast, scalable, distributed revision control system (arch interop
 git-core   - fast, scalable, distributed revision control system (obsolete)
 git-cvs    - fast, scalable, distributed revision control system (cvs interope
 git-daemon-run - fast, scalable, distributed revision control system (git-daemon s
 git-daemon-sysvinit - fast, scalable, distributed revision control system (git-daemon s
 git-doc    - fast, scalable, distributed revision control system (documentatio
 git-el     - fast, scalable, distributed revision control system (emacs suppor
 git-email  - fast, scalable, distributed revision control system (email add-on
 git-gui    - fast, scalable, distributed revision control system (GUI)
 git-man    - fast, scalable, distributed revision control system (manual pages
 git-mediawiki - fast, scalable, distributed revision control system (MediaWiki in
 git-svn    - fast, scalable, distributed revision control system (svn interope
 gitk       - fast, scalable, distributed revision control system (revision tre
 gitweb     - fast, scalable, distributed revision control system (web interfac
Changes:
 git (1:2.1.4-2.1+deb8u2) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix remote code execution via buffer overflows (CVE-2016-2315,
     CVE-2016-2324) (Closes: #818318)
Checksums-Sha1: 
 eff45ecb2d97753aba7ffe0574b09c8f81ab1895 2803 git_2.1.4-2.1+deb8u2.dsc
 fcb169a47ceb312389a144978bfed9b0cf4b9e3b 472524 git_2.1.4-2.1+deb8u2.debian.tar.xz
 775e3dadeabf80d6c6341d9ccf55600896c21352 1406222 git-doc_2.1.4-2.1+deb8u2_all.deb
 bf9b0384e1b534e74657851d01720fbf30288904 589128 git-arch_2.1.4-2.1+deb8u2_all.deb
 40c1b4ec0a2a3ab1b3c8d27def12da86225b59a2 638064 git-cvs_2.1.4-2.1+deb8u2_all.deb
 323c7a13a4db4cd0c4855722044c3513bbbecba3 661778 git-svn_2.1.4-2.1+deb8u2_all.deb
 44306913475eed02b0a2308c65ebdfef76393057 591450 git-mediawiki_2.1.4-2.1+deb8u2_all.deb
 4262ecc4ff55803cc0efa10dd94485f5a9b7ac17 577496 git-daemon-run_2.1.4-2.1+deb8u2_all.deb
 49825c9113d25f0014c27ff7b0f500880e6ddb5e 578448 git-daemon-sysvinit_2.1.4-2.1+deb8u2_all.deb
 cf6b270ef66bf75472419219548730e4c212e4f8 595460 git-email_2.1.4-2.1+deb8u2_all.deb
 235db8710daf435df48c89ad62a3bededde4ff21 766830 git-gui_2.1.4-2.1+deb8u2_all.deb
 09e32a4ab7cb27d8fac2782ddf6cac27cb572638 695608 gitk_2.1.4-2.1+deb8u2_all.deb
 e952e959b6b105733c162fc290335372e5ab9c14 580228 gitweb_2.1.4-2.1+deb8u2_all.deb
 42038dc83dd67e70e57f47141cc1c15cacb9b240 575774 git-all_2.1.4-2.1+deb8u2_all.deb
 e6f944a5614e1b7a99bc73f300d663536a1a52ed 595552 git-el_2.1.4-2.1+deb8u2_all.deb
 df1c3c3ce00bb585a60bf02efe29c210ace8103d 1267340 git-man_2.1.4-2.1+deb8u2_all.deb
 c811ef7304a6b6879e07ca48c025623418e0a821 1496 git-core_2.1.4-2.1+deb8u2_all.deb
Checksums-Sha256: 
 acc2cf0a4b5099336e57fae72ae9fdfbcf1fdd083ef824364a17a2d6e22e722d 2803 git_2.1.4-2.1+deb8u2.dsc
 392c84599070db4550bdcab86709d083cd9d8543d1358a0fed9b272ec60c9d0c 472524 git_2.1.4-2.1+deb8u2.debian.tar.xz
 bc8de536f004bb568469e43a11d438e3475d3aafe870d46f4729b2ae155f64de 1406222 git-doc_2.1.4-2.1+deb8u2_all.deb
 758e3d803c273842f2eb99b9bcf77aca8ad7ce3c7db35ed57ace14f6d213e5ad 589128 git-arch_2.1.4-2.1+deb8u2_all.deb
 d88bce7473b16a3e49d38b838c10f735e271acc97f9560efb8684ae8bee5ce33 638064 git-cvs_2.1.4-2.1+deb8u2_all.deb
 f978103f70fa302c2eea1c20ca069bcfd51435e80f9e19e1551db2d98154bc5c 661778 git-svn_2.1.4-2.1+deb8u2_all.deb
 1ed44cffc4062bae1e5426173c2cd304861cb10f9eda08bfbeb0410f81bd18b6 591450 git-mediawiki_2.1.4-2.1+deb8u2_all.deb
 10bedde9ff98fc875b7a2fd9657879cece2fa0369a745c1368b299aaf62455b7 577496 git-daemon-run_2.1.4-2.1+deb8u2_all.deb
 da0f2325ea14bb33d071406d87096075a094e6e02b118349b4c442c22566bb45 578448 git-daemon-sysvinit_2.1.4-2.1+deb8u2_all.deb
 93bc515bee7c00af860bade61b3a0f29196b6306c3d00c835bd1c6253ab04002 595460 git-email_2.1.4-2.1+deb8u2_all.deb
 efba50280eab274da553705476d497367a6bb40d69dc374489b4e5befb56dcd4 766830 git-gui_2.1.4-2.1+deb8u2_all.deb
 a48d7833091679bc650ee4a93749091b93dcbd7466fc5f7b6518bfdf32a6faa0 695608 gitk_2.1.4-2.1+deb8u2_all.deb
 93ff164ecc8f0971ec788f2d44b8424624e03208a0e5f06de6b3d537e0389c1e 580228 gitweb_2.1.4-2.1+deb8u2_all.deb
 be003d41036363869724922276b310952f3c1be705b02f55def7dad96d46246d 575774 git-all_2.1.4-2.1+deb8u2_all.deb
 52aeca866ffbb1c1a6df9de68c3ca8bddff446cc0ca135485b7251b77f28c5a2 595552 git-el_2.1.4-2.1+deb8u2_all.deb
 b4fd6bce179acff4c9a7c267720c57e1c9ca6132bfb01be842809849efc1d233 1267340 git-man_2.1.4-2.1+deb8u2_all.deb
 74c363ff600c21816fdfcd7b8676e6a37af439b18ed2607f3b6eaf30500cfdb2 1496 git-core_2.1.4-2.1+deb8u2_all.deb
Files: 
 18032ee7c867d06e94debf8f946845e7 2803 vcs optional git_2.1.4-2.1+deb8u2.dsc
 afc275e6db5636874f3da6e1ab1291a3 472524 vcs optional git_2.1.4-2.1+deb8u2.debian.tar.xz
 4ee8c73a99254a7564e9ad71ba3dc1f2 1406222 doc optional git-doc_2.1.4-2.1+deb8u2_all.deb
 f9876c665fab954acc452e932fcacf57 589128 vcs optional git-arch_2.1.4-2.1+deb8u2_all.deb
 868470d6b70bb1e1bedd8bccf300631e 638064 vcs optional git-cvs_2.1.4-2.1+deb8u2_all.deb
 3e6c48db6d6b65089d5f8109e977b44c 661778 vcs optional git-svn_2.1.4-2.1+deb8u2_all.deb
 8edca675c254e46e1abff6eaae3f04d6 591450 vcs optional git-mediawiki_2.1.4-2.1+deb8u2_all.deb
 cb8f118b4ef5e7e09c15ff13b89c9f94 577496 vcs optional git-daemon-run_2.1.4-2.1+deb8u2_all.deb
 4a751e070477a3d042eb8031205225d0 578448 vcs extra git-daemon-sysvinit_2.1.4-2.1+deb8u2_all.deb
 fe477274c5366f6acc7627d9ef4b3db0 595460 vcs optional git-email_2.1.4-2.1+deb8u2_all.deb
 ad91bfec1565378d921bd809ef176af3 766830 vcs optional git-gui_2.1.4-2.1+deb8u2_all.deb
 1c951db87d36838cfd8e13a70f7d14ec 695608 vcs optional gitk_2.1.4-2.1+deb8u2_all.deb
 51275b495cedadd18c25ededcfa28f13 580228 vcs optional gitweb_2.1.4-2.1+deb8u2_all.deb
 a273d49eb491a27f2a94a86366d15607 575774 vcs optional git-all_2.1.4-2.1+deb8u2_all.deb
 538ba7057df6c9fefbc03ce624aa4c87 595552 vcs optional git-el_2.1.4-2.1+deb8u2_all.deb
 df48e7520ae3c4e3571711d51272996a 1267340 doc optional git-man_2.1.4-2.1+deb8u2_all.deb
 eb0555fcaa5099945e0bbdbfbed7eaa6 1496 vcs optional git-core_2.1.4-2.1+deb8u2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJW7VLnAAoJEAVMuPMTQ89ED4sP/25uIiVdIFH2IOwNOc3Px7gY
2q/xhkOL8jxBxE8iPyaP8CW3KqvkKm2fqGEodpWwvlWmHwMkem0jrG1BRkiYEqx3
fnffZSh+ME68i3ARA1F4HatrHx5iYWWAPXbqgPmGsxKwtgmBG0c+SPmxC10OX4Jf
35C/hzsh/yL/Ze2sGgAcsw7EbDlcALXVQbFbuImLLTpvhyFrTQwVAzExDfhPjy01
ImFJi0aoZYIPbjw8VuEoleGFhMDsmspsuYWpjWfGxTKdlJKkFmxHQs9O7CEzyfaw
t965MMpGJ1yds5K6LGufV7azEjgfWf+XhCTrSICrW2Oxz85vh46xV219w7FvInGb
/eBHu6Xxvb4w9KkOFj+UqmftJ8DTtZZj1gUg52APCo28NfKxF/NtTG4f5CSAsGJZ
mdZuOHhVO9pIiwXOyxBtNOGg8t3Ndw2VwOWfRDMMrElW9RaipEWcqavASj05z5Zb
PeaywU0hjYuTDt/98FVXV/kgwMz4A3z6jzGaNvKNMdc6owom44OqVcJr94dfZYfy
oA8hPQoRUHVJTeYVoO8dvlIrdx8n4VcQycwRvJSNaYwtYxqpUYENJUHhDtWcpLVd
c+5z837R3p3gqWCgME0mpSWYWXR1dxMpS1LzL59UOp7qyfbhhSkt1MqXBBMBqRa1
YaGx/g4pRCza2M2+t/yE
=h6Xb
-----END PGP SIGNATURE-----

Message #61 received at 818318-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 818318-close@bugs.debian.org

Subject: Bug#818318: fixed in git 1:1.7.10.4-1+wheezy3

Date: Sat, 19 Mar 2016 21:33:12 +0000

Source: git
Source-Version: 1:1.7.10.4-1+wheezy3

We believe that the bug you reported is fixed in the latest version of
git, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 818318@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated git package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 17 Mar 2016 21:48:34 +0100
Source: git
Binary: git git-man git-core git-doc git-arch git-cvs git-svn git-email git-daemon-run git-daemon-sysvinit git-gui gitk git-el gitweb git-all
Architecture: source amd64 all
Version: 1:1.7.10.4-1+wheezy3
Distribution: wheezy-security
Urgency: high
Maintainer: Gerrit Pape <pape@smarden.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 git        - fast, scalable, distributed revision control system
 git-all    - fast, scalable, distributed revision control system (all subpacka
 git-arch   - fast, scalable, distributed revision control system (arch interop
 git-core   - fast, scalable, distributed revision control system (obsolete)
 git-cvs    - fast, scalable, distributed revision control system (cvs interope
 git-daemon-run - fast, scalable, distributed revision control system (git-daemon s
 git-daemon-sysvinit - fast, scalable, distributed revision control system (git-daemon s
 git-doc    - fast, scalable, distributed revision control system (documentatio
 git-el     - fast, scalable, distributed revision control system (emacs suppor
 git-email  - fast, scalable, distributed revision control system (email add-on
 git-gui    - fast, scalable, distributed revision control system (GUI)
 git-man    - fast, scalable, distributed revision control system (manual pages
 git-svn    - fast, scalable, distributed revision control system (svn interope
 gitk       - fast, scalable, distributed revision control system (revision tre
 gitweb     - fast, scalable, distributed revision control system (web interfac
Closes: 818318
Changes: 
 git (1:1.7.10.4-1+wheezy3) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix remote code execution via buffer overflows (CVE-2016-2315,
     CVE-2016-2324) (Closes: #818318)
Checksums-Sha1: 
 33788d8aa5cdb3580320548039ca2d916ca6e9b7 2633 git_1.7.10.4-1+wheezy3.dsc
 e7586bfcc0e59136607fa6c5180305b4f0d67a48 517892 git_1.7.10.4-1+wheezy3.diff.gz
 e3a02b37e4ce951002c6b62cdcb7184591e623e8 6688270 git_1.7.10.4-1+wheezy3_amd64.deb
 4a9ec4ad79ea65387661a1e23c18519ce1d9c22c 2270342 git-doc_1.7.10.4-1+wheezy3_all.deb
 ea777649577a586a1cb04f216e19bef554474354 464662 git-arch_1.7.10.4-1+wheezy3_all.deb
 c8606caba8c128ea63c0116c203214ca9a375358 533274 git-cvs_1.7.10.4-1+wheezy3_all.deb
 43a5f881ceb315d676071a3bc1389a4edc9a7cc3 520548 git-svn_1.7.10.4-1+wheezy3_all.deb
 b61d5271eb018dc381efa386320c54272a1343ef 451460 git-daemon-run_1.7.10.4-1+wheezy3_all.deb
 f8ea660afbdd8dab495a94ccb6ae118b3b95cada 452702 git-daemon-sysvinit_1.7.10.4-1+wheezy3_all.deb
 d2a45af0a2b90c3a2c30b19f94ec7a6c32046fe0 470014 git-email_1.7.10.4-1+wheezy3_all.deb
 45a45d5f2bdf6a22ca813f56da126161fef7bd45 728944 git-gui_1.7.10.4-1+wheezy3_all.deb
 9de328311e1c13c07ef65bfbaa9ec1bea8290c2e 578638 gitk_1.7.10.4-1+wheezy3_all.deb
 caa65c0766ae19d509fbfd2e94b556a3a694354c 453990 gitweb_1.7.10.4-1+wheezy3_all.deb
 cf18b2cc0b6b46cee2ddc9f9971dce3ca2799662 449602 git-all_1.7.10.4-1+wheezy3_all.deb
 5c6b71bfd6948fe5fe54163e9a5d4f2f2921985d 1342 git-core_1.7.10.4-1+wheezy3_all.deb
 68ddde77d41fa2641ba285441d63b91b1872edfe 472650 git-el_1.7.10.4-1+wheezy3_all.deb
 f3c1e75e2ce16ec5fb39c698636c2ce228ed56e9 1074930 git-man_1.7.10.4-1+wheezy3_all.deb
Checksums-Sha256: 
 98acd10098b85387ec4dbe8c680f220023d627cbf17950133ddb5d15820508ee 2633 git_1.7.10.4-1+wheezy3.dsc
 7e116fd683aa6780e03f269c3ffbb33c0feeceeac467b07826481b73a2cd7096 517892 git_1.7.10.4-1+wheezy3.diff.gz
 0fcb6ba7fe301375ab7c5e3d4d177e3e13c10311b227ffecbda84bd72ef725e3 6688270 git_1.7.10.4-1+wheezy3_amd64.deb
 f838e4fe3c132401943652e441e3702cc0eca7be245b78184ff65e12be4770af 2270342 git-doc_1.7.10.4-1+wheezy3_all.deb
 27b5e0b1675e362551db86a44a379d70db612372d9f92392e620c067c2ac82dc 464662 git-arch_1.7.10.4-1+wheezy3_all.deb
 143ac0a2863779e198ea47855360fc368533b68ed257e7513821b38e8382e8b9 533274 git-cvs_1.7.10.4-1+wheezy3_all.deb
 be725c83e6e868153e0d1ded558f41d1d5eb3329c903b3de83e30bf986cb6f87 520548 git-svn_1.7.10.4-1+wheezy3_all.deb
 2c6e8d27505700a905f3752728f3d03643f8c3d29a0e8481199f6efc61b2e033 451460 git-daemon-run_1.7.10.4-1+wheezy3_all.deb
 b8dd24c012dd886d67ccf1b38a00289784a8a91b8dee3e35d32b41cf6fe98471 452702 git-daemon-sysvinit_1.7.10.4-1+wheezy3_all.deb
 cc6582de22968aa5a24ac5abf3255e2f63547e7dc66da5eb281c9edcf54fc608 470014 git-email_1.7.10.4-1+wheezy3_all.deb
 3030d78bad2694c9111ea25a83994fc7edc0b0f06926c772d4b29ea2d48b1a74 728944 git-gui_1.7.10.4-1+wheezy3_all.deb
 230c21e389f86226e4e3fd80a22ee903bbaa83b4121568b583b44f5f447016aa 578638 gitk_1.7.10.4-1+wheezy3_all.deb
 4c0f15ad8068a91c3b1b5a5489c3a9ca8d28bdee3908575adebfeba678b7b417 453990 gitweb_1.7.10.4-1+wheezy3_all.deb
 3b468c789b5e67ec856e5bda089a03241d2b54612143acd918c8c6e4c8b7f1bf 449602 git-all_1.7.10.4-1+wheezy3_all.deb
 902cce33a97abee4b4fcf7be2b170a25f64d83a94dde48d0299cade74681fe3b 1342 git-core_1.7.10.4-1+wheezy3_all.deb
 750f773046164bea7a040beb58ed220a537273f456a6f9676e47407a23a512c6 472650 git-el_1.7.10.4-1+wheezy3_all.deb
 f77339c426a60223f3b28afcded3cdf1827cf1bf46b22a3bb3d370bee2a96bec 1074930 git-man_1.7.10.4-1+wheezy3_all.deb
Files: 
 6e8ac2a8775bfc09dbd9eea521123347 2633 vcs optional git_1.7.10.4-1+wheezy3.dsc
 62a78d51b9b4b85978b1e5a3f3410bf6 517892 vcs optional git_1.7.10.4-1+wheezy3.diff.gz
 4644fefc807d02fd131ac6efc4eced68 6688270 vcs optional git_1.7.10.4-1+wheezy3_amd64.deb
 08d777dd55a57fa59b2647bfb43ca5d1 2270342 doc optional git-doc_1.7.10.4-1+wheezy3_all.deb
 1d2b195dcbf7a22026f7e0406bd6a55d 464662 vcs optional git-arch_1.7.10.4-1+wheezy3_all.deb
 56f3c74b652f08a34f275d3b653af80f 533274 vcs optional git-cvs_1.7.10.4-1+wheezy3_all.deb
 052158651e12d4f5a982291a743fb703 520548 vcs optional git-svn_1.7.10.4-1+wheezy3_all.deb
 d16d12bcdc45f61e7b989ef35486fb01 451460 vcs optional git-daemon-run_1.7.10.4-1+wheezy3_all.deb
 d95c9b0f444c8df132752156d604dc0a 452702 vcs extra git-daemon-sysvinit_1.7.10.4-1+wheezy3_all.deb
 d57e10355ea0aede5ca1eba3e5738dfa 470014 vcs optional git-email_1.7.10.4-1+wheezy3_all.deb
 711036100523ac537db2d6569f8277c9 728944 vcs optional git-gui_1.7.10.4-1+wheezy3_all.deb
 31594cb385fa040d29ef1ba88bbd0cfb 578638 vcs optional gitk_1.7.10.4-1+wheezy3_all.deb
 469f110f6de2557816bfbf12e16a0362 453990 vcs optional gitweb_1.7.10.4-1+wheezy3_all.deb
 017e44320940d350ee87488cd7b4af09 449602 vcs optional git-all_1.7.10.4-1+wheezy3_all.deb
 4c6ce41b988e09b787dc325e1997913b 1342 vcs optional git-core_1.7.10.4-1+wheezy3_all.deb
 605f84fc7787af97362f231ca7eaeb41 472650 vcs optional git-el_1.7.10.4-1+wheezy3_all.deb
 95cd8fe21e469685c854005059d1f35e 1074930 doc optional git-man_1.7.10.4-1+wheezy3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJW7U1YAAoJEAVMuPMTQ89E/vMP+gMO59lmBrNCKLIX/9jxgNYh
1IfvINGsulIQ7XLXsJwH1+9FgIF4ATiDtmnfIV/OoTEG3ZSuPA4vmx8tg0AUwRY9
rgR+GhFcT6opL0WixQOo8sy4jMvMZMGaCflFA7gQjL0KnsXDkwHI2pv8TqpVdS1S
APhGGIK12KU5v1MdfLoysqWj5wt0lDa6zFjQfn+qP6Dv0Ka5bTNf5/sJn9STxBQE
R4dO+r2tgaEQhlikHZeATH35IckedREf37+5tayHHXz3M5utRHugvjEFmABfG10Y
+3T/Hy2Cy27ab7XUn35LYp3MbfKthHCd50PIjlDOHcgIY6iiXB2GOg57YqX2HlPr
AIn66WidfbyxOE2xPKZeTodXoshi72TkGLjHvvp/RuF9esJmfNabd7t23f1MiQgs
ex3e+wX0byUtNz5gmAzeyz6TbU2tSB9BGs5gPxAp/LRE1nGTWzKJ7DIndZ/lhbjZ
OEJgYweLWBn5AQfG2T8sZdT30PDQDwv+rBoJjUo8bI/R/l3e3oqAUQ8gk6Ad5E/O
P9bf8gbpvK+KqVe3aI7+8iUddMpPSPPYw0wVoaRQobwvjdlRQYUi4+sRsFjlmFPg
ZBmXet1cly69CxfZTKIuXNzkawUBxZ8q5QJwlCzMooXgWTjmsYERlhLjJDEwmyhu
QtF73l4MfR68XaSmeaay
=PBGP
-----END PGP SIGNATURE-----

Message #66 received at 818318@bugs.debian.org (full text, mbox, reply):

From: Geoffrey Thomas <geofft@hudson-trading.com>

To: Jonathan Nieder <jrnieder@gmail.com>

Cc: 818318@bugs.debian.org

Subject: git security updates for wheezy-backports?

Date: Mon, 21 Mar 2016 10:48:35 -0400

Hi git maintainers,

I believe the version of git in wheezy-backports is affected by last
week's security issues in #818318 (CVE-2016-2315 and CVE-2016-2324),
as well as by CVE-2015-7545, since both of those were applied to the
versions in wheezy and jessie.

Are you uploading patched versions to backports? Would it be helpful
for me to prepare and test an upload to backports? (I'd need
sponsorship, since I'm not a DD and also don't have a valid PGP key
currently.)

Thanks,
-- 
Geoffrey Thomas
geofft@hudson-trading.com

Send a report that this bug log contains spam.