Debian Bug report logs - #440411
checkrestart: arbitrary root-privileged command execution

version graph

Package: debian-goodies; Maintainer for debian-goodies is Javier Fernandez-Sanguino Pen~a <jfs@debian.org>; Source for debian-goodies is src:debian-goodies.

Reported by: Thomas de Grenier de Latour <degrenier@easyconnect.fr>

Date: Sat, 1 Sep 2007 10:45:02 UTC

Severity: grave

Tags: security

Found in versions debian-goodies/0.33, debian-goodies/0.27, 0.23

Fixed in versions debian-goodies/0.34, debian-goodies/0.23+sarge1, debian-goodies/0.27+etch1

Done: Thijs Kinkhorst <thijs@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Javier Fernandez-Sanguino Pen~a <jfs@debian.org>:
Bug#440411; Package debian-goodies. Full text and rfc822 format available.

Acknowledgement sent to Thomas de Grenier de Latour <degrenier@easyconnect.fr>:
New Bug report received and forwarded. Copy sent to Javier Fernandez-Sanguino Pen~a <jfs@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Thomas de Grenier de Latour <degrenier@easyconnect.fr>
To: submit@bugs.debian.org
Subject: checkrestart: arbitrary root-privileged command execution
Date: Sat, 1 Sep 2007 12:42:19 +0200
Package: debian-goodies
Version: 0.33
Severity: grave
Tags: security

Hi,

The checkrestart program from debian-goodies (both latest 0.33 and
stable 0.27) allows arbitrary command execution with root privileges.

Example:

 $ cp /bin/sleep "; OWNED"
 $ ./"; OWNED" 1000 &
 $ rm "; OWNED"
 $ sudo checkrestart
 ...
 sh: OWNED: command not found
 ...

Since this program is likely launched as a daily root cron job on some
systems, I think this is a grave security hole.

The cause of the problem is the way "dpkg --search" is spawned
from the main() function:

    ...
    dpkgQuery = 'dpkg --search ' + ' '.join(programs.keys())
    for line in os.popen(dpkgQuery).readlines():
        ...

In my above example, one of the programs.keys() is "; OWNED", and thus
the executed command is "dpkg --search ... ; OWNED ...". 

Fixing this should be as easy as:

 ...
 import subprocess
 ...
    dpkgQuery = ["dpkg", "--search"] + programs.keys()
    dpkgProc = subprocess.Popen(dpkgQuery, stdout=subprocess.PIPE)
    for line in dpkgProc.stdout.readlines():
        ...

This way, the command arguments are all well separated, without any
shell interpretation.


PS: sorry for any mistake i may have done in the way i've reported this
bug.  I'm not a Debian user, so i'm not used to your system.  Actually,
i just happened to come accross this "checkrestart" script reading a
gentoo-dev@ post: 
  http://article.gmane.org/gmane.linux.gentoo.devel/51366/

-- 
TGL.



Bug marked as found in version 0.27. Request was from Thomas de Grenier de Latour <degrenier@easyconnect.fr> to control@bugs.debian.org. (Sat, 01 Sep 2007 11:45:01 GMT) Full text and rfc822 format available.

Bug marked as found in version 0.23. Request was from Thomas de Grenier de Latour <degrenier@easyconnect.fr> to control@bugs.debian.org. (Sat, 01 Sep 2007 11:57:02 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Javier Fernandez-Sanguino Pen~a <jfs@debian.org>:
Bug#440411; Package debian-goodies. Full text and rfc822 format available.

Acknowledgement sent to Javier Fernández-Sanguino Peña <jfs@computer.org>:
Extra info received and forwarded to list. Copy sent to Javier Fernandez-Sanguino Pen~a <jfs@debian.org>. Full text and rfc822 format available.

Message #14 received at 440411@bugs.debian.org (full text, mbox):

From: Javier Fernández-Sanguino Peña <jfs@computer.org>
To: Thomas de Grenier de Latour <degrenier@easyconnect.fr>, 440411@bugs.debian.org
Subject: Re: Bug#440411: checkrestart: arbitrary root-privileged command execution
Date: Sun, 2 Sep 2007 23:03:33 +0200
[Message part 1 (text/plain, inline)]
On Sat, Sep 01, 2007 at 12:42:19PM +0200, Thomas de Grenier de Latour wrote:
> The checkrestart program from debian-goodies (both latest 0.33 and
> stable 0.27) allows arbitrary command execution with root privileges.

Thanks. I was not aware of this bug.

> Since this program is likely launched as a daily root cron job on some
> systems, I think this is a grave security hole.

Actually, it should not be executed as a daily cron job, but should be run
manually by an admin.

> This way, the command arguments are all well separated, without any
> shell interpretation.

Thanks, I will test out the patch and fix this as soon as possible.

> PS: sorry for any mistake i may have done in the way i've reported this
> bug.  I'm not a Debian user, so i'm not used to your system.  Actually,
(...)

The bug has been reported just fine. 

Regards

Javier

[signature.asc (application/pgp-signature, inline)]

Reply sent to Javier Fernandez-Sanguino Pen~a <jfs@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Thomas de Grenier de Latour <degrenier@easyconnect.fr>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #19 received at 440411-close@bugs.debian.org (full text, mbox):

From: Javier Fernandez-Sanguino Pen~a <jfs@debian.org>
To: 440411-close@bugs.debian.org
Subject: Bug#440411: fixed in debian-goodies 0.34
Date: Sun, 02 Sep 2007 21:17:02 +0000
Source: debian-goodies
Source-Version: 0.34

We believe that the bug you reported is fixed in the latest version of
debian-goodies, which is due to be installed in the Debian FTP archive:

debian-goodies_0.34.dsc
  to pool/main/d/debian-goodies/debian-goodies_0.34.dsc
debian-goodies_0.34.tar.gz
  to pool/main/d/debian-goodies/debian-goodies_0.34.tar.gz
debian-goodies_0.34_all.deb
  to pool/main/d/debian-goodies/debian-goodies_0.34_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 440411@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Javier Fernandez-Sanguino Pen~a <jfs@debian.org> (supplier of updated debian-goodies package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 02 Sep 2007 23:07:30 +0200
Source: debian-goodies
Binary: debian-goodies
Architecture: source all
Version: 0.34
Distribution: unstable
Urgency: high
Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@debian.org>
Changed-By: Javier Fernandez-Sanguino Pen~a <jfs@debian.org>
Description: 
 debian-goodies - Small toolbox-style utilities for Debian systems
Closes: 440411
Changes: 
 debian-goodies (0.34) unstable; urgency=high
 .
   * Fix security bug that enables users to generate files in the
     filesystem with shell metacharacters and have the checkrestart
     script run external code (as root, since the script will only
     run as admin) (Closes: 440411)
Files: 
 ba71a7cecbfb0c053fb3bdd5c5d1444b 530 utils optional debian-goodies_0.34.dsc
 5377a64b6065c5b96e7409554754eadf 37345 utils optional debian-goodies_0.34.tar.gz
 80ded012d3d83b6552171206df57f7bd 44854 utils optional debian-goodies_0.34_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG2yajsandgtyBSwkRAkPaAJkBRYtUTlKPSbnFA4t0bspZloB61QCcDWBt
N9hG19lBaOIfiR+cqtSr8sQ=
=pOLa
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Javier Fernandez-Sanguino Pen~a <jfs@debian.org>:
Bug#440411; Package debian-goodies. Full text and rfc822 format available.

Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Javier Fernandez-Sanguino Pen~a <jfs@debian.org>. Full text and rfc822 format available.

Message #24 received at 440411@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 440411@bugs.debian.org
Subject: CVE assigned
Date: Tue, 4 Sep 2007 10:20:47 +0200
[Message part 1 (text/plain, inline)]
Hi,

This is CVE-2007-3912.
Please add it (retroactively) to the changelog.


Thijs
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Javier Fernandez-Sanguino Pen~a <jfs@debian.org>:
Bug#440411; Package debian-goodies. Full text and rfc822 format available.

Acknowledgement sent to Javier Fernández-Sanguino Peña <jfs@computer.org>:
Extra info received and forwarded to list. Copy sent to Javier Fernandez-Sanguino Pen~a <jfs@debian.org>. Full text and rfc822 format available.

Message #29 received at 440411@bugs.debian.org (full text, mbox):

From: Javier Fernández-Sanguino Peña <jfs@computer.org>
To: Thijs Kinkhorst <thijs@debian.org>, 440411@bugs.debian.org
Subject: Re: Bug#440411: CVE assigned
Date: Tue, 4 Sep 2007 23:30:17 +0200
[Message part 1 (text/plain, inline)]
On Tue, Sep 04, 2007 at 10:20:47AM +0200, Thijs Kinkhorst wrote:
> Hi,
> 
> This is CVE-2007-3912.
> Please add it (retroactively) to the changelog.

Done, will commit it in 0.35

Javier
[signature.asc (application/pgp-signature, inline)]

Reply sent to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Thomas de Grenier de Latour <degrenier@easyconnect.fr>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #34 received at 440411-close@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 440411-close@bugs.debian.org
Subject: Bug#440411: fixed in debian-goodies 0.23+sarge1
Date: Sat, 29 Mar 2008 19:52:16 +0000
Source: debian-goodies
Source-Version: 0.23+sarge1

We believe that the bug you reported is fixed in the latest version of
debian-goodies, which is due to be installed in the Debian FTP archive:

debian-goodies_0.23+sarge1.dsc
  to pool/main/d/debian-goodies/debian-goodies_0.23+sarge1.dsc
debian-goodies_0.23+sarge1.tar.gz
  to pool/main/d/debian-goodies/debian-goodies_0.23+sarge1.tar.gz
debian-goodies_0.23+sarge1_all.deb
  to pool/main/d/debian-goodies/debian-goodies_0.23+sarge1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 440411@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated debian-goodies package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 24 Mar 2008 15:13:00 +0100
Source: debian-goodies
Binary: debian-goodies
Architecture: source all
Version: 0.23+sarge1
Distribution: oldstable-security
Urgency: high
Maintainer: Matt Zimmerman <mdz@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 debian-goodies - Small toolbox-style utilities for Debian systems
Closes: 440411
Changes: 
 debian-goodies (0.23+sarge1) oldstable-security; urgency=high
 .
   * Non-maintainer upload by the security team.
   * Fix security bug that enables users to generate files in the
     filesystem with shell metacharacters and have the checkrestart
     script run external code (as root, since the script will only
     run as admin). (CVE-2007-3912, closes: 440411)
Files: 
 37eb124fef7c9897ea41ec861ec740ff 819 utils optional debian-goodies_0.23+sarge1.dsc
 e0834e7e962fabc65362a60c73362585 11779 utils optional debian-goodies_0.23+sarge1.tar.gz
 c8bc8eab12c7e3f29e53f4172ee837a4 22488 utils optional debian-goodies_0.23+sarge1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBR+e5Y2z0hbPcukPfAQLBLAgAjN7dJp97Yis19s5xaPKcxKDfFUWD5Fcf
w4RFo1Y9v/A0ra0oP4zQMijI8og2kyMhcYQPDQyaQU5nr4oihjVqb/b5hpYDhe2Y
T0ErjGTHkBdgYJf6+NX3DNmCbvAnhSKkk7hsCP1r0q/PJQW7cVupah8JpesmysE2
+9ULUqWK1iP6sfeGh6OfC7qonj8va2Gq1uYaxbLd8wHgs53qkaiZZjdcTGRTwKUy
DSNwJVGz6KNFeiqFIsYDQz6HPtCMNhP/5UKquF2hvol6UHZXyNy89Feci544fIY9
p7MIE/hzPy30HxzR560rgDaZPHaOvqNpsqx7TdoIhkadNWO9paj2MA==
=pm4Q
-----END PGP SIGNATURE-----





Reply sent to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Thomas de Grenier de Latour <degrenier@easyconnect.fr>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #39 received at 440411-close@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 440411-close@bugs.debian.org
Subject: Bug#440411: fixed in debian-goodies 0.27+etch1
Date: Wed, 02 Apr 2008 19:52:17 +0000
Source: debian-goodies
Source-Version: 0.27+etch1

We believe that the bug you reported is fixed in the latest version of
debian-goodies, which is due to be installed in the Debian FTP archive:

debian-goodies_0.27+etch1.dsc
  to pool/main/d/debian-goodies/debian-goodies_0.27+etch1.dsc
debian-goodies_0.27+etch1.tar.gz
  to pool/main/d/debian-goodies/debian-goodies_0.27+etch1.tar.gz
debian-goodies_0.27+etch1_all.deb
  to pool/main/d/debian-goodies/debian-goodies_0.27+etch1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 440411@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated debian-goodies package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 24 Mar 2008 15:25:59 +0100
Source: debian-goodies
Binary: debian-goodies
Architecture: source all
Version: 0.27+etch1
Distribution: stable-security
Urgency: high
Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@computer.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 debian-goodies - Small toolbox-style utilities for Debian systems
Closes: 440411
Changes: 
 debian-goodies (0.27+etch1) stable-security; urgency=high
 .
   * Fix security bug that enables users to generate files in the
     filesystem with shell metacharacters and have the checkrestart
     script run external code (as root, since the script will only
     run as admin). Thanks to Thomas de Grenier de Latour for spotting
     this and providing a patch. (CVE-2007-3912, Closes: 440411)
Files: 
 8653d033f9e6b9f0949fab2cc1813970 836 utils optional debian-goodies_0.27+etch1.dsc
 089ff8f154eb3fe4bc47dd85f1581a65 28708 utils optional debian-goodies_0.27+etch1.tar.gz
 2739973911e8b0d9ec12559507f6a708 36868 utils optional debian-goodies_0.27+etch1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBR+e62mz0hbPcukPfAQJYoAf/Vpo+8A6hntrKOR7jDp4pGT9v7HWhhJDS
wltzzk4odJkE4OFrIi69roUACp6O46xRAvCi1KJjj/JizXjmcNGPsYoXq7sSUPNS
uK7GZ0/Cnf70ArAM8hvu7m1+nggs7DEB/LdhJWvItYKufD4oBAP7XihDQPVe5kIr
TCufoECwlt/Xd38bKR3dDWoP/Iu39JJ6vhVL84lKxt5d1viQ3cetajGzkWqnESdj
srmuwclluK+gq68/va2blvgcKaZRweD8FI2YM5mF1P3OHdzPn2fGN7vK7YfsGZBh
x8MYgNVkI5LGZE9QnDKLtF9ag5xPvWaPTo1PRcgITwdlyABaHI8CTQ==
=3f0S
-----END PGP SIGNATURE-----





Reply sent to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Thomas de Grenier de Latour <degrenier@easyconnect.fr>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #44 received at 440411-close@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 440411-close@bugs.debian.org
Subject: Bug#440411: fixed in debian-goodies 0.23+sarge1
Date: Sat, 12 Apr 2008 17:54:36 +0000
Source: debian-goodies
Source-Version: 0.23+sarge1

We believe that the bug you reported is fixed in the latest version of
debian-goodies, which is due to be installed in the Debian FTP archive:

debian-goodies_0.23+sarge1.dsc
  to pool/main/d/debian-goodies/debian-goodies_0.23+sarge1.dsc
debian-goodies_0.23+sarge1.tar.gz
  to pool/main/d/debian-goodies/debian-goodies_0.23+sarge1.tar.gz
debian-goodies_0.23+sarge1_all.deb
  to pool/main/d/debian-goodies/debian-goodies_0.23+sarge1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 440411@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated debian-goodies package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 24 Mar 2008 15:13:00 +0100
Source: debian-goodies
Binary: debian-goodies
Architecture: source all
Version: 0.23+sarge1
Distribution: oldstable-security
Urgency: high
Maintainer: Matt Zimmerman <mdz@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 debian-goodies - Small toolbox-style utilities for Debian systems
Closes: 440411
Changes: 
 debian-goodies (0.23+sarge1) oldstable-security; urgency=high
 .
   * Non-maintainer upload by the security team.
   * Fix security bug that enables users to generate files in the
     filesystem with shell metacharacters and have the checkrestart
     script run external code (as root, since the script will only
     run as admin). (CVE-2007-3912, closes: 440411)
Files: 
 37eb124fef7c9897ea41ec861ec740ff 819 utils optional debian-goodies_0.23+sarge1.dsc
 e0834e7e962fabc65362a60c73362585 11779 utils optional debian-goodies_0.23+sarge1.tar.gz
 c8bc8eab12c7e3f29e53f4172ee837a4 22488 utils optional debian-goodies_0.23+sarge1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBR+e5Y2z0hbPcukPfAQLBLAgAjN7dJp97Yis19s5xaPKcxKDfFUWD5Fcf
w4RFo1Y9v/A0ra0oP4zQMijI8og2kyMhcYQPDQyaQU5nr4oihjVqb/b5hpYDhe2Y
T0ErjGTHkBdgYJf6+NX3DNmCbvAnhSKkk7hsCP1r0q/PJQW7cVupah8JpesmysE2
+9ULUqWK1iP6sfeGh6OfC7qonj8va2Gq1uYaxbLd8wHgs53qkaiZZjdcTGRTwKUy
DSNwJVGz6KNFeiqFIsYDQz6HPtCMNhP/5UKquF2hvol6UHZXyNy89Feci544fIY9
p7MIE/hzPy30HxzR560rgDaZPHaOvqNpsqx7TdoIhkadNWO9paj2MA==
=pm4Q
-----END PGP SIGNATURE-----





Reply sent to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Thomas de Grenier de Latour <degrenier@easyconnect.fr>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #49 received at 440411-close@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 440411-close@bugs.debian.org
Subject: Bug#440411: fixed in debian-goodies 0.27+etch1
Date: Sat, 26 Jul 2008 09:40:26 +0000
Source: debian-goodies
Source-Version: 0.27+etch1

We believe that the bug you reported is fixed in the latest version of
debian-goodies, which is due to be installed in the Debian FTP archive:

debian-goodies_0.27+etch1.dsc
  to pool/main/d/debian-goodies/debian-goodies_0.27+etch1.dsc
debian-goodies_0.27+etch1.tar.gz
  to pool/main/d/debian-goodies/debian-goodies_0.27+etch1.tar.gz
debian-goodies_0.27+etch1_all.deb
  to pool/main/d/debian-goodies/debian-goodies_0.27+etch1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 440411@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated debian-goodies package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 24 Mar 2008 15:25:59 +0100
Source: debian-goodies
Binary: debian-goodies
Architecture: source all
Version: 0.27+etch1
Distribution: stable-security
Urgency: high
Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@computer.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 debian-goodies - Small toolbox-style utilities for Debian systems
Closes: 440411
Changes: 
 debian-goodies (0.27+etch1) stable-security; urgency=high
 .
   * Fix security bug that enables users to generate files in the
     filesystem with shell metacharacters and have the checkrestart
     script run external code (as root, since the script will only
     run as admin). Thanks to Thomas de Grenier de Latour for spotting
     this and providing a patch. (CVE-2007-3912, Closes: 440411)
Files: 
 8653d033f9e6b9f0949fab2cc1813970 836 utils optional debian-goodies_0.27+etch1.dsc
 089ff8f154eb3fe4bc47dd85f1581a65 28708 utils optional debian-goodies_0.27+etch1.tar.gz
 2739973911e8b0d9ec12559507f6a708 36868 utils optional debian-goodies_0.27+etch1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBR+e62mz0hbPcukPfAQJYoAf/Vpo+8A6hntrKOR7jDp4pGT9v7HWhhJDS
wltzzk4odJkE4OFrIi69roUACp6O46xRAvCi1KJjj/JizXjmcNGPsYoXq7sSUPNS
uK7GZ0/Cnf70ArAM8hvu7m1+nggs7DEB/LdhJWvItYKufD4oBAP7XihDQPVe5kIr
TCufoECwlt/Xd38bKR3dDWoP/Iu39JJ6vhVL84lKxt5d1viQ3cetajGzkWqnESdj
srmuwclluK+gq68/va2blvgcKaZRweD8FI2YM5mF1P3OHdzPn2fGN7vK7YfsGZBh
x8MYgNVkI5LGZE9QnDKLtF9ag5xPvWaPTo1PRcgITwdlyABaHI8CTQ==
=3f0S
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 Aug 2008 07:26:53 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 11:29:01 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.