wpa: CVE-2016-4476 CVE-2016-4477 / 2016-1 advisory

Debian Bug report logs - #823411
wpa: CVE-2016-4476 CVE-2016-4477 / 2016-1 advisory

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: wpa: CVE-2016-4476 CVE-2016-4477 / 2016-1 advisory

Date: Wed, 04 May 2016 14:47:28 +0200

Source: wpa
Version: 1.0-3
Severity: important
Tags: security upstream patch

Hi,

the following vulnerabilities were published for wpa.

CVE-2016-4476[0]:
|psk configuration parameter update allowing arbitrary data to be written

CVE-2016-4477[1]:
|psk configuration parameter update allowing arbitrary data to be
|written through local configuration change over the wpa_supplicant
|control interface

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-4476
[1] https://security-tracker.debian.org/tracker/CVE-2016-4477
[2] https://w1.fi/security/2016-1/psk-parameter-config-update.txt

Regards,
Salvatore

Message #14 received at 823411@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 823411@bugs.debian.org

Subject: Re: Bug#823411: wpa: CVE-2016-4476 CVE-2016-4477 / 2016-1 advisory

Date: Tue, 14 Jun 2016 22:13:43 +0200

Hi,

Any news for having those issues fixed in unstable? We have marked the
issues as no-dsa for jessie, so once the fix lands in unstable, can
you please schedule as well a fix for jessie via a stable point
release?

Regards,
Salvatore

Message #19 received at 823411-close@bugs.debian.org (full text, mbox, reply):

From: Andrew Shadura <andrewsh@debian.org>

To: 823411-close@bugs.debian.org

Subject: Bug#823411: fixed in wpa 2.3-2.4

Date: Thu, 21 Jul 2016 18:56:31 +0000

Source: wpa
Source-Version: 2.3-2.4

We believe that the bug you reported is fixed in the latest version of
wpa, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 823411@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andrew Shadura <andrewsh@debian.org> (supplier of updated wpa package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 21 Jul 2016 09:01:51 +0200
Source: wpa
Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb
Architecture: source
Version: 2.3-2.4
Distribution: unstable
Urgency: medium
Maintainer: Debian wpasupplicant Maintainers <pkg-wpa-devel@lists.alioth.debian.org>
Changed-By: Andrew Shadura <andrewsh@debian.org>
Description:
 hostapd    - IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
 wpagui     - graphical user interface for wpa_supplicant
 wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i)
 wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb)
Closes: 823411
Changes:
 wpa (2.3-2.4) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Add patches to address CVE-2016-4476 and CVE-2016-4477, thanks to
     Salvatore Bonaccorso <carnil@debian.org> (Closes: #823411):
     - WPS: Reject a Credential with invalid passphrase
     - Reject psk parameter set with invalid passphrase character
     - Remove newlines from wpa_supplicant config network output
     - Reject SET_CRED commands with newline characters in the string values
     - Reject SET commands with newline characters in the string values
   * Refresh patches to apply cleanly.
Checksums-Sha1:
 c711bba7b10cf7ee22802ba7787d084665db7ebc 2096 wpa_2.3-2.4.dsc
 4c849f528a04882a986e1972cddd98f04bad0c08 89572 wpa_2.3-2.4.debian.tar.xz
Checksums-Sha256:
 60b0a1e00cefd1e504a648f02942379f513ce55585c3408d87969847b3c8497c 2096 wpa_2.3-2.4.dsc
 f64d2bb4f4bcd1023e69edfb24b3b94d590f3923055943393fa7452c2e851c1b 89572 wpa_2.3-2.4.debian.tar.xz
Files:
 1192fab635a6d1c219289e95b3984645 2096 net optional wpa_2.3-2.4.dsc
 6a1659ea9519e0fd280922c8c23f2854 89572 net optional wpa_2.3-2.4.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJXkRc1AAoJEJ1bI/kYT6UUfPAH/AppxW4Vf2X7o3e12KCEHGjf
6FUy5I8Y+8RbEZ65uXp2Xo4jPKkwT9EN8LPcDetlYBavAfz2Fx8+CXt8PrVJFFxu
aqEz6yit4PyddJl1oZgYMRadGLPTMnuPoflGxzaCu/sWDokJdrhkwmnzFQVsQOGA
6f+LDT+qBlx0Y5KVeazVMvwplHOsx/xtG+k4Of8VZEbfyg8e/CocONfQ7CIc+Xzt
XoKMKFuwpZUzj/0O9u4KJuqkr6p9HtWecIpMEJqImIFd0zj5HxYtpD4s8JSf/Zhm
0ew+c1zOmyAqfFcvRw1FMkt0BULx9h94QZuQ5lS9xf5PFohYrIOvYEc/P7I2PNY=
=A2pg
-----END PGP SIGNATURE-----

Message #24 received at 823411-close@bugs.debian.org (full text, mbox, reply):

From: Andrew Shadura <andrewsh@debian.org>

To: 823411-close@bugs.debian.org

Subject: Bug#823411: fixed in wpa 2.5-1

Date: Sun, 31 Jul 2016 16:46:07 +0000

Source: wpa
Source-Version: 2.5-1

We believe that the bug you reported is fixed in the latest version of
wpa, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 823411@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andrew Shadura <andrewsh@debian.org> (supplier of updated wpa package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 31 Jul 2016 18:05:59 +0300
Source: wpa
Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb
Architecture: source
Version: 2.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian wpasupplicant Maintainers <pkg-wpa-devel@lists.alioth.debian.org>
Changed-By: Andrew Shadura <andrewsh@debian.org>
Description:
 hostapd    - IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
 wpagui     - graphical user interface for wpa_supplicant
 wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i)
 wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb)
Closes: 545766 729934 766746 785579 806889 823171 823411 827253
Launchpad-Bugs-Fixed: 1422143 1545363
Changes:
 wpa (2.5-1) unstable; urgency=medium
 .
   [ Stefan Lippers-Hollmann ]
   * wpasupplicant: install systemd unit (Closes: #766746).
   * wpasupplicant: configure driver fallback for networkd.
   * import changelogs from the security queues.
   * move previous patch for CVE-2015-1863 into a new subdirectory,
     debian/patches/2015-1/.
   * fix dependency ordering when invoked with DBus, by making sure that DBus
     isn't shut down before wpa_supplicant, as that would also bring down
     wireless links which are still holding open NFS shares. Thanks to Facundo
     Gaich <facugaich@gmail.com> and Michael Biebl <biebl@debian.org>
     (Closes: #785579).
   * import NMU changelogs and integrate NMU changes.
   * Add patches to address CVE-2016-4476 and CVE-2016-4477, thanks to Salvatore
     Bonaccorso <carnil@debian.org> (Closes: #823411):
     - WPS: Reject a Credential with invalid passphrase
     - Reject psk parameter set with invalid passphrase character
     - Remove newlines from wpa_supplicant config network output
     - Reject SET_CRED commands with newline characters in the string values
     - Reject SET commands with newline characters in the string values
   * use --buildsystem=qmake_qt4 (available since dh 8.9.1) for debhelper
     (Closes: #823171).
   * fix clean target, by splitting the find call into individual searches.
   * building wpa in a current unstable chroot using debhelper >= 9.20151219
     will introduce automatic dbgsym packages, thereby indirectly providing
     the requested debug packages for stretch and upwards (Closes: #729934).
     Don't add a versioned build-dependency in order to avoid unnecessary
     complications with backports.
   * change Vcs-Browser location to prefer https
   * debian/*: fix spelling errors noticed by lintian.
   * drop the obsolete Debian menu entry for wpa_gui, according to the tech-ctte
     decision on #741573.
   * fix debian/get-orig-source for wpa 2.6~.
   * add debian/watch file for the custom tarball generation.
 .
   [ Paul Donohue ]
   * debian/ifupdown/functions.sh: Fix handling for "wpa-roam". Call ifquery
     instead of directly parsing /run/*/ifstate files to work with current
     ifupdown. (Closes: #545766, LP: #1545363)
 .
   [ Martin Pitt ]
   * Add debian/system-sleep/wpasupplicant: Call wpa_cli suspend/resume
     before/after suspend, like the pm-utils hook. In some cases this brings
     back missing Wifi connection after resuming. (LP: #1422143)
 .
   [ Andrew Shadura ]
   * New upstream release (Closes: #806889).
   * Refresh patches, drop patches applied upstream.
   * Fix pkcs11 OpenSSL engine initialisation (Closes: #827253).
   * Update Vcs-* to point to Git.
Checksums-Sha1:
 ce358b60cf6dbbf9200419d5a2e77a1d912b66fc 2136 wpa_2.5-1.dsc
 b994c7d0901d859caf2569c5326dd994b28ef8a2 1902700 wpa_2.5.orig.tar.xz
 4f80cdd5d40d05f0ebd6700e5fb16a147b33f12d 78752 wpa_2.5-1.debian.tar.xz
Checksums-Sha256:
 dbc54a35ae11ce67aba99d1a7ab9771bb399fef0e52c8fbe56ff86df27506f29 2136 wpa_2.5-1.dsc
 f3fde9c30e26721d1be918c11596288c88d450c731f6adf7eeb0c3f6813cec1b 1902700 wpa_2.5.orig.tar.xz
 c6bb60940d424b2b21b106c5e4913f3d2f73996d42704d2348fc3ed0702ec0e2 78752 wpa_2.5-1.debian.tar.xz
Files:
 7d28fa74c0c3c81967e6ce3daae75427 2136 net optional wpa_2.5-1.dsc
 467fd350db7eba6649049b9053cb12db 1902700 net optional wpa_2.5.orig.tar.xz
 322fbbb0936f5a93785fdc5cde72f8ce 78752 net optional wpa_2.5-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEbBAEBAgAGBQJXnhQ8AAoJEJ1bI/kYT6UU23EH9jDrofui5ljhqYwS3PpbEYay
GW3FubJdk/LGMEodBsSUM3o2q9uSHcbbm5ELZPpnkjNpPEHMW6AgCG8MGmmHD3P6
VN2Jq7WSoS1ez1w1DHxVcn3uM5nJ1r6kO3qtI4sgSJ0GwCcOPbr6+4QqO0t1zAP9
kAVJK0My/JxZ+rlvE8WYO3nNcXgpyG361jdGK7ZpIIFzIqJeg14XIhPMbfRL8te2
QGR7vUndmGFO/mEizMQXxnNz900xs3ERJuNd2iR2qWffl7vo0tAE+ufjJ5R3FImE
DRobqJ5WTkx0IhrOj9dZQmYmNlBvkh7LB0HCY38ZptDxoFdoqR10aGpWxRC5tg==
=W/zp
-----END PGP SIGNATURE-----

Message #29 received at 823411-close@bugs.debian.org (full text, mbox, reply):

From: Andrew Shadura <andrewsh@debian.org>

To: 823411-close@bugs.debian.org

Subject: Bug#823411: fixed in wpa 2.3-1+deb8u4

Date: Mon, 01 Aug 2016 18:47:11 +0000

Source: wpa
Source-Version: 2.3-1+deb8u4

We believe that the bug you reported is fixed in the latest version of
wpa, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 823411@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andrew Shadura <andrewsh@debian.org> (supplier of updated wpa package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 21 Jul 2016 09:01:51 +0200
Source: wpa
Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb
Architecture: source
Version: 2.3-1+deb8u4
Distribution: jessie
Urgency: medium
Maintainer: Debian wpasupplicant Maintainers <pkg-wpa-devel@lists.alioth.debian.org>
Changed-By: Andrew Shadura <andrewsh@debian.org>
Description:
 hostapd    - IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
 wpagui     - graphical user interface for wpa_supplicant
 wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i)
 wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb)
Closes: 823411
Changes:
 wpa (2.3-1+deb8u4) jessie; urgency=medium
 .
   * Non-maintainer upload.
   * Add patches to address CVE-2016-4476 and CVE-2016-4477, thanks to
     Salvatore Bonaccorso <carnil@debian.org> (Closes: #823411):
     - WPS: Reject a Credential with invalid passphrase
     - Reject psk parameter set with invalid passphrase character
     - Remove newlines from wpa_supplicant config network output
     - Reject SET_CRED commands with newline characters in the string values
     - Reject SET commands with newline characters in the string values
   * Refresh patches to apply cleanly.
Checksums-Sha1:
 3d8598e48cbfa09a46d68ccd0165b0a65567b72e 2148 wpa_2.3-1+deb8u4.dsc
 43574461597b18eaf8cfb41a54bd3f7bf3a2283c 84096 wpa_2.3-1+deb8u4.debian.tar.xz
Checksums-Sha256:
 6efd60b178ed0f5d177bad3d68c3725e14bc64ecffbcf480a38d7b19e7b64994 2148 wpa_2.3-1+deb8u4.dsc
 34d34610a870cb14f5e09c78ebb670711d46547fda4e999a2fd06cb0f2ba0f91 84096 wpa_2.3-1+deb8u4.debian.tar.xz
Files:
 41b2fb9bbff9785dad5225b281d53d40 2148 net optional wpa_2.3-1+deb8u4.dsc
 5aab1dbdf856373df095350e4d58a3ce 84096 net optional wpa_2.3-1+deb8u4.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJXmkoQAAoJEJ1bI/kYT6UUGGwH/2utA/YZSAGryTC9hPPvCpio
Fca2qOYhQNad2u6j4eHdlhJfDxDJdsErEgzMR5Zl4C2y/shb/wKSZCvY9ZBOrWNe
g9trgLrW0b+xhC4+r984pw+Jcj2HlfoX63bOlZq43fCm7fn+S0x78mbsEgIgE1Ni
JS8njcK/xrHsMZHtxxsBBPq1ZOOt0qO4ocgnbNlVj1hqeszgShWtzjv4y2C6gKhO
jIO7ywxs/DbIrOZoMV8wBcF3IINSxs18kNrsPj0TeneGi2cofOZCsQ7MFRetcI+z
/peJunl5zK3uo37Z64h4pZpG7brViFR4Td9QrBRGeEr0wWHELrGJNbrQrPa6Ytk=
=6+Rk
-----END PGP SIGNATURE-----

Message #34 received at 823411-close@bugs.debian.org (full text, mbox, reply):

From: Andrew Shadura <andrewsh@debian.org>

To: 823411-close@bugs.debian.org

Subject: Bug#823411: fixed in wpa 2.5-2+v2.4-1

Date: Mon, 08 Aug 2016 11:25:55 +0000

Source: wpa
Source-Version: 2.5-2+v2.4-1

We believe that the bug you reported is fixed in the latest version of
wpa, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 823411@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andrew Shadura <andrewsh@debian.org> (supplier of updated wpa package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 05 Aug 2016 20:45:14 +0200
Source: wpa
Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb
Architecture: source
Version: 2.5-2+v2.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian wpasupplicant Maintainers <pkg-wpa-devel@lists.alioth.debian.org>
Changed-By: Andrew Shadura <andrewsh@debian.org>
Description:
 hostapd    - IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
 wpagui     - graphical user interface for wpa_supplicant
 wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i)
 wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb)
Closes: 545766 729934 766746 785579 806889 823171 823411 827253
Launchpad-Bugs-Fixed: 1422143 1482439 1545363
Changes:
 wpa (2.5-2+v2.4-1) unstable; urgency=medium
 .
   [ Ricardo Salveti de Araujo ]
   * debian/patches/dbus-fix-operations-for-p2p-mgmt.patch: fix operations
     when P2P management interface is used (LP: #1482439)
 .
   [ Stefan Lippers-Hollmann ]
   * wpasupplicant: install systemd unit (Closes: #766746).
   * wpasupplicant: configure driver fallback for networkd.
   * import changelogs from the security queues.
   * move previous patch for CVE-2015-1863 into a new subdirectory,
     debian/patches/2015-1/.
   * replace the Debian specific patch "wpasupplicant: fix systemd unit
     dependencies" with a backport of its official upstream change "systemd:
     Order wpa_supplicant before network.target".
   * fix dependency odering when invoked with DBus, by making sure that DBus
     isn't shut down before wpa_supplicant, as that would also bring down
     wireless links which are still holding open NFS shares. Thanks to Facundo
     Gaich <facugaich@gmail.com> and Michael Biebl <biebl@debian.org>
     (Closes: #785579).
   * import NMU changelogs and integrate NMU changes.
   * Add patches to address CVE-2016-4476 and CVE-2016-4477, thanks to Salvatore
     Bonaccorso <carnil@debian.org> (Closes: #823411):
     - WPS: Reject a Credential with invalid passphrase
     - Reject psk parameter set with invalid passphrase character
     - Remove newlines from wpa_supplicant config network output
     - Reject SET_CRED commands with newline characters in the string values
     - Reject SET commands with newline characters in the string values
   * use --buildsystem=qmake_qt4 (available since dh 8.9.1) for debhelper
     (Closes: #823171).
   * fix clean target, by splitting the find call into individual searches.
   * building wpa in a current unstable chroot using debhelper >= 9.20151219
     will introduce automatic dbgsym packages, thereby indirectly providing
     the requested debug packages for stretch and upwards (Closes: #729934).
     Don't add a versioned build-dependency in order to avoid unnecessary
     complications with backports.
   * change Vcs-Browser location to prefer https, but keep the unsecure tag for
     Vcs-Svn, as there is no option allowing to pull from the svn+ssh://
     location without an alioth account, this only makes lintian partially happy
     in regards to vcs-field-uses-insecure-uri.
   * debian/*: fix spelling errors noticed by lintian.
   * drop the obsolete Debian menu entry for wpa_gui, according to the tech-ctte
     decision on #741573.
   * fix debian/get-orig-source for wpa 2.6~.
   * add debian/watch file for the custom tarball generation.
 .
   [ Paul Donohue ]
   * debian/ifupdown/functions.sh: Fix handling for "wpa-roam". Call ifquery
     instead of directly parsing /run/*/ifstate files to work with current
     ifupdown. (Closes: #545766, LP: #1545363)
 .
   [ Martin Pitt ]
   * Add debian/system-sleep/wpasupplicant: Call wpa_cli suspend/resume
     before/after suspend, like the pm-utils hook. In some cases this brings
     back missing Wifi connection after resuming. (LP: #1422143)
 .
   [ Andrew Shadura ]
   * New upstream release (Closes: #806889).
   * Refresh patches, drop patches applied upstream.
   * Fix pkcs11 OpenSSL engine initialisation (Closes: #827253).
   * Update Vcs-* to point to Git.
Checksums-Sha1:
 e6155988a383a34e69d314ca9ebf469b145486ee 2185 wpa_2.5-2+v2.4-1.dsc
 be9f0c01074cebe981a168eb747eab252eeff5f6 1834600 wpa_2.5-2+v2.4.orig.tar.xz
 3357f2c0320fcea7b5dd9f5a521afd0a4bd1c2c3 84828 wpa_2.5-2+v2.4-1.debian.tar.xz
Checksums-Sha256:
 e41104260ddc75a7960ac5d0b68607a752c920ebc21439fab58412732dde52c4 2185 wpa_2.5-2+v2.4-1.dsc
 a1e4eda50796b2234a6cd2f00748bbe09f38f3f621919187289162faeb50b6b8 1834600 wpa_2.5-2+v2.4.orig.tar.xz
 f15158f99c77665dd7f6f6f50b35e535ea90772155ac23e9d0c26b2c1aa6d1b0 84828 wpa_2.5-2+v2.4-1.debian.tar.xz
Files:
 54d63746be61931f46899382f90ea5ef 2185 net optional wpa_2.5-2+v2.4-1.dsc
 6a77b9fe6838b4fca9b92cb22e14de1d 1834600 net optional wpa_2.5-2+v2.4.orig.tar.xz
 42a9406423204b32b431da8f8c6d122c 84828 net optional wpa_2.5-2+v2.4-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJXqGijAAoJEJ1bI/kYT6UUCVMH/3HtJTeB9X1ISg/12y4BP9dB
U5eSvh81gpZHtZ8njw6byvST/EpGFEfg0nWODgk0hGRF83QHUvKlkR5hBngSIGxP
EUpHXzIrmdWtKCHidxXcu3Qh6JeXdllreyocnUkt3S/Keiw6EUz7vp0edZ9cq32e
1Aq11qB+Bk7ZEV3wjuzjKISOYPm26KjCHJNNyEMJKHMvndATXMJR6EoFjDXjQyiP
G6oJ0sWc0UFfN9HmKXyDLbLoVhBIQxOzjbqvq5cZNSe2AKBEec/Rl3x60AtUDSG9
J4LBucUZUMTp9qobqClIMMfs9I4id3p3UyCUe8FVyW/UQ+EzOKdpALaYBCgvhgE=
=37do
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.