Debian Bug report logs -
#891227
asterisk: CVE-2018-7284: AST-2018-004: Crash when receiving SUBSCRIBE request
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 23 Feb 2018 15:09:02 UTC
Severity: grave
Tags: patch, security, upstream
Found in versions asterisk/1:13.14.1~dfsg-1, asterisk/1:13.18.5~dfsg-1
Fixed in versions asterisk/1:13.20.0~dfsg-1, asterisk/1:13.14.1~dfsg-2+deb9u4
Done: Bernhard Schmidt <berni@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
:
Bug#891227
; Package src:asterisk
.
(Fri, 23 Feb 2018 15:09:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
.
(Fri, 23 Feb 2018 15:09:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: asterisk
Version: 1:13.18.5~dfsg-1
Severity: grave
Tags: patch security upstream
Hi,
the following vulnerability was published for asterisk.
CVE-2018-7284[0]:
| A Buffer Overflow issue was discovered in Asterisk through 13.19.1,
| 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk
| through 13.18-cert2. When processing a SUBSCRIBE request, the
| res_pjsip_pubsub module stores the accepted formats present in the
| Accept headers of the request. This code did not limit the number of
| headers it processed, despite having a fixed limit of 32. If more than
| 32 Accept headers were present, the code would write outside of its
| memory and cause a crash.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-7284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284
[1] http://downloads.asterisk.org/pub/security/AST-2018-004.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Marked as found in versions asterisk/1:13.14.1~dfsg-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Fri, 23 Feb 2018 20:06:05 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
:
Bug#891227
; Package src:asterisk
.
(Sat, 24 Feb 2018 06:48:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Tzafrir Cohen <tzafrir@cohens.org.il>
:
Extra info received and forwarded to list. Copy sent to Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
.
(Sat, 24 Feb 2018 06:48:03 GMT) (full text, mbox, link).
Message #12 received at 891227@bugs.debian.org (full text, mbox, reply):
Hi,
On Fri, Feb 23, 2018 at 04:04:52PM +0100, Salvatore Bonaccorso wrote:
> Source: asterisk
> Version: 1:13.18.5~dfsg-1
> Severity: grave
> Tags: patch security upstream
> [0] https://security-tracker.debian.org/tracker/CVE-2018-7284
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284
> [1] http://downloads.asterisk.org/pub/security/AST-2018-004.html
>
> Please adjust the affected versions in the BTS as needed.
I'm still looking into this. For the record, there were six security
advisories reposrted by the Asterisk project for the recent release:
- AST-2018-001 CVE-2018-7285: (Does not apply)
- AST-2018-002: Crash when given an invalid SDP media format description
- AST-2018-003: Crash with an invalid SDP fmtp attribute
- AST-2018-004 CVE-2018-7284: Crash when receiving SUBSCRIBE request
(Closes: #891227)
- AST-2018-005 CVE-2018-7286: Crash when large numbers of TCP connections
are closed suddenly (Closes: #891227)
- AST-2018-006 CVE-2018-7287: WebSocket frames with 0 sized payload causes
DoS
For 004 (this one) and 005 there are bugs. 001 does not apply to the
Debian package. I'm still looking at how those affect stable and
oldstable.
--
Tzafrir Cohen | tzafrir@jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir@cohens.org.il | | best
tzafrir@debian.org | | friend
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
:
Bug#891227
; Package src:asterisk
.
(Sat, 24 Feb 2018 11:42:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Tzafrir Cohen <tzafrir@cohens.org.il>
:
Extra info received and forwarded to list. Copy sent to Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
.
(Sat, 24 Feb 2018 11:42:03 GMT) (full text, mbox, link).
Message #17 received at 891227@bugs.debian.org (full text, mbox, reply):
On Sat, Feb 24, 2018 at 07:38:41AM +0100, Tzafrir Cohen wrote:
> Hi,
>
> On Fri, Feb 23, 2018 at 04:04:52PM +0100, Salvatore Bonaccorso wrote:
> > Source: asterisk
> > Version: 1:13.18.5~dfsg-1
> > Severity: grave
> > Tags: patch security upstream
>
>
> > [0] https://security-tracker.debian.org/tracker/CVE-2018-7284
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284
> > [1] http://downloads.asterisk.org/pub/security/AST-2018-004.html
> >
> > Please adjust the affected versions in the BTS as needed.
>
> I'm still looking into this. For the record, there were six security
> advisories reposrted by the Asterisk project for the recent release:
>
> - AST-2018-001 CVE-2018-7285: (Does not apply)
> - AST-2018-002: Crash when given an invalid SDP media format description
> - AST-2018-003: Crash with an invalid SDP fmtp attribute
Those two are fixed in pjproject (specifically in 2.7.2). And probably
need to be backported to Stretch as well.
> - AST-2018-004 CVE-2018-7284: Crash when receiving SUBSCRIBE request
> (Closes: #891227)
> - AST-2018-005 CVE-2018-7286: Crash when large numbers of TCP connections
> are closed suddenly (Closes: #891227)
Those two only apply to pjsip-related code. Thus they don't apply to
oldstable. AST-004 patch seems to apply as-is to Stretch. AST-005 patch
may require more work.
> - AST-2018-006 CVE-2018-7287: WebSocket frames with 0 sized payload causes
> DoS
Only applies to 15. I missed that.
--
Tzafrir Cohen | tzafrir@jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir@cohens.org.il | | best
tzafrir@debian.org | | friend
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
:
Bug#891227
; Package src:asterisk
.
(Mon, 26 Feb 2018 07:21:11 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
.
(Mon, 26 Feb 2018 07:21:11 GMT) (full text, mbox, link).
Message #22 received at 891227@bugs.debian.org (full text, mbox, reply):
Hi Tzafrir,
Sorry for the lack of earlier reply, cc'ing the security team alias.
On Sat, Feb 24, 2018 at 12:39:38PM +0100, Tzafrir Cohen wrote:
> On Sat, Feb 24, 2018 at 07:38:41AM +0100, Tzafrir Cohen wrote:
> > Hi,
> >
> > On Fri, Feb 23, 2018 at 04:04:52PM +0100, Salvatore Bonaccorso wrote:
> > > Source: asterisk
> > > Version: 1:13.18.5~dfsg-1
> > > Severity: grave
> > > Tags: patch security upstream
> >
> >
> > > [0] https://security-tracker.debian.org/tracker/CVE-2018-7284
> > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284
> > > [1] http://downloads.asterisk.org/pub/security/AST-2018-004.html
> > >
> > > Please adjust the affected versions in the BTS as needed.
> >
> > I'm still looking into this. For the record, there were six security
> > advisories reposrted by the Asterisk project for the recent release:
> >
> > - AST-2018-001 CVE-2018-7285: (Does not apply)
> > - AST-2018-002: Crash when given an invalid SDP media format description
> > - AST-2018-003: Crash with an invalid SDP fmtp attribute
>
> Those two are fixed in pjproject (specifically in 2.7.2). And probably
> need to be backported to Stretch as well.
And I think those two are missing CVEs. I'm going to request two. I'm
though not sure if they would warrant a DSA.
For CVE-2018-7285 we reached same conclusion, that it only applies to
15.x.
>
> > - AST-2018-004 CVE-2018-7284: Crash when receiving SUBSCRIBE request
> > (Closes: #891227)
> > - AST-2018-005 CVE-2018-7286: Crash when large numbers of TCP connections
> > are closed suddenly (Closes: #891227)
>
> Those two only apply to pjsip-related code. Thus they don't apply to
> oldstable. AST-004 patch seems to apply as-is to Stretch. AST-005 patch
> may require more work.
Alright, thanks for working on it!
> > - AST-2018-006 CVE-2018-7287: WebSocket frames with 0 sized payload causes
> > DoS
>
> Only applies to 15. I missed that.
Ack.
Regards,
Salvatore
Reply sent
to Bernhard Schmidt <berni@debian.org>
:
You have taken responsibility.
(Tue, 03 Apr 2018 12:36:05 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Tue, 03 Apr 2018 12:36:05 GMT) (full text, mbox, link).
Message #27 received at 891227-close@bugs.debian.org (full text, mbox, reply):
Source: asterisk
Source-Version: 1:13.20.0~dfsg-1
We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 891227@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bernhard Schmidt <berni@debian.org> (supplier of updated asterisk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 03 Apr 2018 10:59:20 +0200
Source: asterisk
Binary: asterisk asterisk-modules asterisk-dahdi asterisk-vpb asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh423 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-tests asterisk-doc asterisk-dev asterisk-config
Architecture: source
Version: 1:13.20.0~dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-config - Configuration files for Asterisk
asterisk-dahdi - DAHDI devices support for the Asterisk PBX
asterisk-dev - Development files for Asterisk
asterisk-doc - Source code documentation for Asterisk
asterisk-mobile - Bluetooth phone support for the Asterisk PBX
asterisk-modules - loadable modules for the Asterisk PBX
asterisk-mp3 - MP3 playback support for the Asterisk PBX
asterisk-mysql - MySQL database protocol support for the Asterisk PBX
asterisk-ooh423 - H.323 protocol support for the Asterisk PBX - ooH323c
asterisk-tests - internal test modules of the Asterisk PBX
asterisk-voicemail - simple voicemail support for the Asterisk PBX
asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX
asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX
asterisk-vpb - VoiceTronix devices support for the Asterisk PBX
Closes: 891227 891228
Changes:
asterisk (1:13.20.0~dfsg-1) unstable; urgency=medium
.
* New upstream version 13.20.0 (Closes: #891227, #891228)
* Reorganize upstream GPG keys
- Split individual signing keys in separate files
- Add new key for Ben Ford <bford@digium.com>: 0x073B0C1FC9B2E352
- Add new key for Joshua Colp <jcolp@digium.com>:
0xCDBEE4CC699E200EB4D46BB79E76E3A42341CE04
* Fix missing/broken Closes: in previous changelog
* Install realtime database schema into asterisk-doc
* Point Vcs-* to salsa
Checksums-Sha1:
b552791e29e539d5147d2a597ce1397c6431588b 4239 asterisk_13.20.0~dfsg-1.dsc
a3fdada38e44765370c3c77cad24f688abec1b92 6275676 asterisk_13.20.0~dfsg.orig.tar.xz
93ce3bfc83fdadfe6545f643aced8239d832b1e9 136328 asterisk_13.20.0~dfsg-1.debian.tar.xz
4a929b8f51be364bd64fe882bbe2ed7b930916a6 27997 asterisk_13.20.0~dfsg-1_amd64.buildinfo
Checksums-Sha256:
94773b221c73a63491e050b26214e901a4338abfff4dcbe6fc48a1a8566a96ef 4239 asterisk_13.20.0~dfsg-1.dsc
e90da610ebeadb1cc5924a58b5bf962d3d660dcf0a2b7862504a6cc4e7e14d66 6275676 asterisk_13.20.0~dfsg.orig.tar.xz
dad474a3483519aa1983156e80f9dc7410958d8d347962a1e5dc822e613b06bd 136328 asterisk_13.20.0~dfsg-1.debian.tar.xz
64ac712184a00fc354ae017fd86e4f237f61a1c6ea641ab22f89f08ccdb7584c 27997 asterisk_13.20.0~dfsg-1_amd64.buildinfo
Files:
e8a3da57b2a48aa64c789c692aae58a8 4239 comm optional asterisk_13.20.0~dfsg-1.dsc
5794d9b469ed78fa0c2234129249d041 6275676 comm optional asterisk_13.20.0~dfsg.orig.tar.xz
6598b3f0655200952dcd83a625db06dc 136328 comm optional asterisk_13.20.0~dfsg-1.debian.tar.xz
af9b05c2e1b1a0266dd3daa31e298f30 27997 comm optional asterisk_13.20.0~dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAlrDcZ0RHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJPQsQ//bPjCE9rZ0Jq6e2G9FxfKZQ8gKk5OFtnk
n9EK1Teezoqkrp4H09iKVPL4OIkz3cCwJJRqzZd506vVBoqyVcUuhxXQs50kE2Va
SJ+FY03zGNoajAmjJLkGBe35dxnABCmHMtFtoODubNBVB2+Bn4lO//Voz+b9Bmoa
QMCs1OkefHmnF2AcJkaf9E8GadM3FqPjr0NkoW/JP1h/tBRnA5clX/qNHO6rMUCI
nuwaZCAneuFRmxXtbUSvBGapObssenzyIFHU/HjWJSQxjexL5wDc8rVzg9ZUdBuh
4+izVe5ICHCbrBaRBfClG2rp4WtsfZxZ4Csylsb1j6ORmyyMvG+CEoSchjTnqvNR
oRb2RQzJr9odwPTaRLho0TPXflrmna80ByOSyuKbxmY/bgKjxGlAE+eZDk68Evvb
JjJKd+Dpl/VLXTvhlw+QeQF93R7E/mLVxMAteqrBhYzrMNUX/H+7vvauvoElczan
OYNqyP8Euy1CgJk7aeJYeqO6JEOrL+g3H8SYJRBlneaUdly7P/MVeB4TwGRwlryZ
ob2ikFTtGBljJg2j4LXpklrNRoRVdxmkeAOSOmz+gLAELa+h/mjPsqMybhxmPdYL
6ZkqKHOqBOeDuB+9Dn2CBjZGD0zhUWmLSa5FKKun5EnFHoOfdvkL+oQaIKINkFB6
1CD4hW+9YXU=
=rU52
-----END PGP SIGNATURE-----
Reply sent
to Bernhard Schmidt <berni@debian.org>
:
You have taken responsibility.
(Sat, 20 Oct 2018 09:48:32 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Sat, 20 Oct 2018 09:48:32 GMT) (full text, mbox, link).
Message #32 received at 891227-close@bugs.debian.org (full text, mbox, reply):
Source: asterisk
Source-Version: 1:13.14.1~dfsg-2+deb9u4
We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 891227@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bernhard Schmidt <berni@debian.org> (supplier of updated asterisk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 30 Sep 2018 23:24:10 +0200
Source: asterisk
Binary: asterisk asterisk-modules asterisk-dahdi asterisk-vpb asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh423 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-config
Architecture: source
Version: 1:13.14.1~dfsg-2+deb9u4
Distribution: stretch-security
Urgency: medium
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-config - Configuration files for Asterisk
asterisk-dahdi - DAHDI devices support for the Asterisk PBX
asterisk-dev - Development files for Asterisk
asterisk-doc - Source code documentation for Asterisk
asterisk-mobile - Bluetooth phone support for the Asterisk PBX
asterisk-modules - loadable modules for the Asterisk PBX
asterisk-mp3 - MP3 playback support for the Asterisk PBX
asterisk-mysql - MySQL database protocol support for the Asterisk PBX
asterisk-ooh423 - H.323 protocol support for the Asterisk PBX - ooH323c
asterisk-voicemail - simple voicemail support for the Asterisk PBX
asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX
asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX
asterisk-vpb - VoiceTronix devices support for the Asterisk PBX
Closes: 891227 891228 902954 909554
Changes:
asterisk (1:13.14.1~dfsg-2+deb9u4) stretch-security; urgency=medium
.
* AST-2018-004 / CVE-2018-7284: Crash when receiving SUBSCRIBE request
(Closes: #891227)
* AST-2018-005 / CVE-2018-7286: Crash when large numbers of TCP connections
are closed suddenly (Closes: #891228)
* AST-2018-008 / CVE-2018-12227: PJSIP endpoint presence disclosure when
using ACL (Closes: #902954)
* AST-2018-009 / CVE-2018-17281: Remote crash vulnerability in HTTP
websocket upgrade (Closes: #909554)
Checksums-Sha1:
9a3d0f011044550d59f6bf8e2923c431397c4e2e 4133 asterisk_13.14.1~dfsg-2+deb9u4.dsc
d5d169d9367ec8d67cc3aa9f07fed12d0400c050 154060 asterisk_13.14.1~dfsg-2+deb9u4.debian.tar.xz
64bbea1c48356a6dd0c687a3b1fcc939388260af 27619 asterisk_13.14.1~dfsg-2+deb9u4_amd64.buildinfo
Checksums-Sha256:
fae9d4d830d8c45e6c294a27db8c8133bb84671e60a29876416abce9cabdc878 4133 asterisk_13.14.1~dfsg-2+deb9u4.dsc
4a2bbbcd52004c4b3a5a829335737871f0f316cc5998f303b74243858c252255 154060 asterisk_13.14.1~dfsg-2+deb9u4.debian.tar.xz
ca23a882cdb0309c2f412598a28cddb950cdecae8acf80bb7d311b4332ac9301 27619 asterisk_13.14.1~dfsg-2+deb9u4_amd64.buildinfo
Files:
8a617142c87fedca32b83bee1dab0c83 4133 comm optional asterisk_13.14.1~dfsg-2+deb9u4.dsc
e6fe8549c46eefceb013bd4ff2fba769 154060 comm optional asterisk_13.14.1~dfsg-2+deb9u4.debian.tar.xz
b7e962fcb77a55234f6e21e240ede4b0 27619 comm optional asterisk_13.14.1~dfsg-2+deb9u4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAlvDtFkRHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJOXlA//Wa/OyyBpgrTSLo0jtgPuvvkzQaUjai8Q
m00ggHJWacLlNj5fFHzUthWuoC26Sy31QziXfBoUBiJ/T8IMOruNh4cs5F0Uw/qA
14PO9irEivgq1aGzPMqJLMXiZofpJU3dz4Jm9hsGCZwtY9SX4k9UroMZYPxaUbIm
wCJ7c+ALOjv1U+aTDTWDQg8h4t1G6MdyBpaughVkuddfx0Sgxf17DNrbq1+OKpTC
P8Z7PAijrWZPuxMyvEkbF5UgbU4B3Kw28kymSMdJhMRHNEuAyE4EmDlnifSwo5a3
Z3O+lW8eN4Y+HhuwPQW+ILdzG/wM8LwBvtMxoF7dSxnh4kg7gWPO9LaQsmuhZoyn
bVrMmRG4M1hryu/1fUh45wH+xuY3ajYJ0G8LXhenyAILyazmI8PKwj7ZGr0JZCl7
bTKLU1rZ/DTuebMG3J6nw6+uykAezWClg/KI5jaZEchxv9eMg2HEigG7wGbDydwh
YmkD7h6NmpM2tw+7+DOoCJvtZWgNAY3vc+9dApGGDJeUVfDV1KfQPF7aSMCHKhF7
2WL9tpvVStVAvKUQUHKyz517eHPVE4GeejLVnwdB9kF2C0koEzfUbY5cFO1wW8Q0
Dt2/LKqa1W452g1iJadnDmIRx2Ry0rWXHQOOk74x3us+w6HLgp5AeAHbwbKecADa
UTCgAhtIYE8=
=m3FA
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 18 Nov 2018 07:26:22 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:10:58 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.