Debian Bug report logs - #463011
ssh: unprivileged users may hijack forwarded X connections by listening on port 6010

version graph

Package: ssh; Maintainer for ssh is Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>; Source for ssh is src:openssh.

Reported by: Timo Juhani Lindfors <timo.lindfors@iki.fi>

Date: Mon, 28 Jan 2008 21:42:04 UTC

Severity: grave

Tags: security, upstream

Found in versions openssh/1:4.3p2-9, 4.7p1-2

Fixed in version openssh/1:4.7p1-5

Done: Colin Watson <cjwatson@debian.org>

Bug is archived. No further changes may be made.

Forwarded to deraadt@openbsd.org

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#463011; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Timo Juhani Lindfors <timo.lindfors@iki.fi>:
New Bug report received and forwarded. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Timo Juhani Lindfors <timo.lindfors@iki.fi>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ssh: unprivileged users may hijack forwarded X connections by listening on port 6010
Date: Mon, 28 Jan 2008 23:40:27 +0200
Package: ssh
Version: 1:4.3p2-9
Severity: normal
Tags: security

Steps to reproduce:
1) Malice logs to multiuser.example.com
2) Malice runs netcat -l -p 6010 -v -v
3) Alice logs to multuser.example.com and uses X11 forwarding (-X)
4) Alice starts emacs on the remote system (with X forwarding)

Expected results:
3) ssh sets DISPLAY to :11 since :10 would make emacs talk to Malice's
netcat.
4) emacs (xlib) sends MIT-MAGIC-COOKIE to $DISPLAY and Malice can't
see it.

Actual results:
3) ssh fails to listen on port 6010 with ipv4 localhost but does not
try other ports when it can listen using ipv6:

$ sudo netstat -alpn | grep 6010
tcp        0      0 0.0.0.0:6010            0.0.0.0:*               LISTEN     27820/netcat
tcp6       0      0 ::1:6010                :::*                    LISTEN     27823/15

Then ssh sets DISPLAY to ":10" without telling anybody that it is
actually listening only ipv6 and that malice controls the ipv4 port.

4) emacs (xlib) sends MIT-MAGIC-COOKIE to 127.0.0.1:6010 and malice's
   netcat can see it:

listening on [any] 6010 ...
connect to [127.0.0.1] from localhost [127.0.0.1] 58986
lMIT-MAGIC-COOKIE-1...

More info:
1) It seems that specifying "AddressFamily inet" avoids the problem.

2) Easiest way to exploit this is to run "vncserver :10" and allow
anybody to connect to it. When alice starts her emacs it will open its
window to Malice's VNC server and Malice can type M-x shell to run
shell commands with privileges of alice. In fact, I initially hit this
bug when the number of VNC users reached 11 and :10 was no longer
available for ssh causing mysterious failures.


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-k7
Locale: LANG=C, LC_CTYPE=fi_FI (charmap=ISO-8859-1)

Versions of packages ssh depends on:
ii  openssh-client                1:4.3p2-9  Secure shell client, an rlogin/rsh
ii  openssh-server                1:4.3p2-9  Secure shell server, an rshd repla

ssh recommends no packages.

-- debconf information excluded




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#463011; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Tomas Hoger <thoger@redhat.com>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. Full text and rfc822 format available.

Message #10 received at 463011@bugs.debian.org (full text, mbox):

From: Tomas Hoger <thoger@redhat.com>
To: 463011@bugs.debian.org
Subject: ssh: unprivileged users may hijack forwarded X connections by listening on port 6010
Date: Tue, 29 Jan 2008 09:20:26 +0100
Hi!

According to our OpenSSH maintainer, this issue was fixed in
RHEL / Fedora packages few years ago without realizing security
consequences of this bug.  You may want to check following patch:

http://cvs.fedora.redhat.com/viewcvs/rpms/openssh/devel/openssh-3.9p1-skip-used.patch?rev=1.1&view=markup

which should address this problem.

HTH

-- 
Tomas Hoger





Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#463011; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to "Phil Miller" <bugs-debian@millenix.mailshell.com>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. Full text and rfc822 format available.

Message #15 received at 463011@bugs.debian.org (full text, mbox):

From: "Phil Miller" <bugs-debian@millenix.mailshell.com>
To: 463011@bugs.debian.org, control@bugs.debian.org
Subject: Found in sid version, slight correction, upstreamed
Date: Sun, 3 Feb 2008 23:02:06 -0800
package openssh-client
found 463011 4.7p1-2
forwarded 463011 deraadt@openbsd.org
thanks

I just tested this using client versions packaged in Debian Sid and
Ubuntu Gutsy, and it worked as described on both. DISPLAY was set to
:10, even though another process was already listening on the relevant
port. However, step 2 of the reproduction recipe should have the
command as "netcat -l 6010 -vv" - the '-p' flag is an error.

As noted in the control section, I have forwarded this to Theo
DeRaadt, the point of contact for security issues found in OpenBSD's
software.

I hope to see this fixed soon. Keep up the great packaging work!

Phil




Bug marked as found in version 4.7p1-2. Request was from "Phil Miller" <bugs-debian@millenix.mailshell.com> to control@bugs.debian.org. (Mon, 04 Feb 2008 08:09:03 GMT) Full text and rfc822 format available.

Noted your statement that Bug has been forwarded to deraadt@openbsd.org. Request was from "Phil Miller" <bugs-debian@millenix.mailshell.com> to control@bugs.debian.org. (Mon, 04 Feb 2008 08:09:03 GMT) Full text and rfc822 format available.

Severity set to `grave' from `normal' Request was from "Phil Miller" <bugs-debian@millenix.mailshell.com> to control@bugs.debian.org. (Mon, 04 Feb 2008 08:09:04 GMT) Full text and rfc822 format available.

Tags added: upstream Request was from "Phil Miller" <bugs-debian@millenix.mailshell.com> to control@bugs.debian.org. (Mon, 04 Feb 2008 08:09:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#463011; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Timo Lindfors <timo.lindfors@iki.fi>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. Full text and rfc822 format available.

Message #28 received at 463011@bugs.debian.org (full text, mbox):

From: Timo Lindfors <timo.lindfors@iki.fi>
To: 463011@bugs.debian.org
Subject: different netcat versions, way to passively eavesdrop
Date: Sat, 09 Feb 2008 23:51:08 +0200
Hi,

I guess there are different netcat versions around. "nc -l -p 6010 -v
-v" definitely works here and "man netcat" says

"nc -l -p port [-options] [hostname] [port]"

I also now realized that if Malice forwards the data to the ipv6 port
she can completely passively eavesdrop everything alice does. This can be
done with something like

strace -f -o strace.out -s 4096 socat TCP-LISTEN:6010,fork,reuseaddr TCP6:ip6-localhost:6010

and looking at strace.out (I'm sure there's some easier way to log
traffic with socat but couldn't find it yet).

best regards,
Timo Lindfors




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#463011; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. Full text and rfc822 format available.

Message #33 received at 463011@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: Tomas Hoger <thoger@redhat.com>, 463011@bugs.debian.org
Cc: Timo Juhani Lindfors <timo.lindfors@iki.fi>, Phil Miller <bugs-debian@millenix.mailshell.com>
Subject: Re: Bug#463011: ssh: unprivileged users may hijack forwarded X connections by listening on port 6010
Date: Sat, 22 Mar 2008 12:40:43 +0000
On Tue, Jan 29, 2008 at 09:20:26AM +0100, Tomas Hoger wrote:
> According to our OpenSSH maintainer, this issue was fixed in
> RHEL / Fedora packages few years ago without realizing security
> consequences of this bug.  You may want to check following patch:
> 
> http://cvs.fedora.redhat.com/viewcvs/rpms/openssh/devel/openssh-3.9p1-skip-used.patch?rev=1.1&view=markup
> 
> which should address this problem.

Thanks, and sorry I've taken so long to address this. This patch seems
like the right answer to me, and will be in my next Debian upload. Do
you know whether it's been forwarded upstream yet?

-- 
Colin Watson                                       [cjwatson@debian.org]




Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Timo Juhani Lindfors <timo.lindfors@iki.fi>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #38 received at 463011-close@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: 463011-close@bugs.debian.org
Subject: Bug#463011: fixed in openssh 1:4.7p1-5
Date: Sat, 22 Mar 2008 13:02:03 +0000
Source: openssh
Source-Version: 1:4.7p1-5

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:

openssh-client-udeb_4.7p1-5_i386.udeb
  to pool/main/o/openssh/openssh-client-udeb_4.7p1-5_i386.udeb
openssh-client_4.7p1-5_i386.deb
  to pool/main/o/openssh/openssh-client_4.7p1-5_i386.deb
openssh-server-udeb_4.7p1-5_i386.udeb
  to pool/main/o/openssh/openssh-server-udeb_4.7p1-5_i386.udeb
openssh-server_4.7p1-5_i386.deb
  to pool/main/o/openssh/openssh-server_4.7p1-5_i386.deb
openssh_4.7p1-5.diff.gz
  to pool/main/o/openssh/openssh_4.7p1-5.diff.gz
openssh_4.7p1-5.dsc
  to pool/main/o/openssh/openssh_4.7p1-5.dsc
ssh-askpass-gnome_4.7p1-5_i386.deb
  to pool/main/o/openssh/ssh-askpass-gnome_4.7p1-5_i386.deb
ssh-krb5_4.7p1-5_all.deb
  to pool/main/o/openssh/ssh-krb5_4.7p1-5_all.deb
ssh_4.7p1-5_all.deb
  to pool/main/o/openssh/ssh_4.7p1-5_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 463011@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 22 Mar 2008 12:37:00 +0000
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source all i386
Version: 1:4.7p1-5
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 openssh-client - secure shell client, an rlogin/rsh/rcp replacement
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell server, an rshd replacement
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 463011 468563 471437
Changes: 
 openssh (1:4.7p1-5) unstable; urgency=low
 .
   * Recommends: xauth rather than Suggests: xbase-clients.
   * Document in ssh(1) that '-S none' disables connection sharing
     (closes: #471437).
   * Patch from Red Hat / Fedora:
     - SECURITY: Don't use X11 forwarding port which can't be bound on all
       address families, preventing hijacking of X11 forwarding by
       unprivileged users when both IPv4 and IPv6 are configured (closes:
       #463011).
   * Use printf rather than echo -en (a bashism) in openssh-server.config and
     openssh-server.preinst.
   * debconf template translations:
     - Update Finnish (thanks, Esko Arajärvi; closes: #468563).
Files: 
 ab0704790dd6cd1ed05c53acaa14618b 1104 net standard openssh_4.7p1-5.dsc
 de3876a70bacdad310f18fb41d50c900 187533 net standard openssh_4.7p1-5.diff.gz
 e882d86eee0e147f5e5c3692ea2c5aca 1040 net extra ssh_4.7p1-5_all.deb
 3cb62a15cd49e27929ac1371cebb9846 87866 net extra ssh-krb5_4.7p1-5_all.deb
 872c383e134dd329d23ab5323547736c 662368 net standard openssh-client_4.7p1-5_i386.deb
 f6ac89a0c92822ecd334a351c6de7ab8 245170 net optional openssh-server_4.7p1-5_i386.deb
 932310d414eaee6417206c08a351baed 95366 gnome optional ssh-askpass-gnome_4.7p1-5_i386.deb
 96618c089325bc509e85d079f7b8dd77 158528 debian-installer optional openssh-client-udeb_4.7p1-5_i386.udeb
 3aec92fd3244e7664eafd71d9f13d14c 169116 debian-installer optional openssh-server-udeb_4.7p1-5_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iD8DBQFH5QB79t0zAhD6TNERAsfeAJ90FkbUrNM7wALBx8Hwi7KQ9R2dtwCghuTQ
al33pNJ1Vj4L3i5zBwgEDt8=
=WXOA
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#463011; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Timo Lindfors <timo.lindfors@iki.fi>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. Full text and rfc822 format available.

Message #43 received at 463011@bugs.debian.org (full text, mbox):

From: Timo Lindfors <timo.lindfors@iki.fi>
To: 463011@bugs.debian.org
Subject: Bug#463011: update also for etch?
Date: Sat, 22 Mar 2008 16:06:30 +0200
Hi,

would this bug also warrant a security update for etch?

best regards,
Timo Lindfors




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#463011; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. Full text and rfc822 format available.

Message #48 received at 463011@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: Timo Lindfors <timo.lindfors@iki.fi>, 463011@bugs.debian.org
Cc: security@debian.org
Subject: Re: Bug#463011: update also for etch?
Date: Sat, 22 Mar 2008 15:11:47 +0000
On Sat, Mar 22, 2008 at 04:06:30PM +0200, Timo Lindfors wrote:
> Hi,
> 
> would this bug also warrant a security update for etch?

That would seem reasonable, but I'm about to go on holiday for a while
and won't have time to look at it until I get back. In case somebody on
the security team would like to do this, the patch is attached to the
bug:

  http://cvs.fedora.redhat.com/viewcvs/rpms/openssh/devel/openssh-3.9p1-skip-used.patch?rev=1.1&view=markup

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#463011; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Rolf Kutz <rk@vzsze.de>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. Full text and rfc822 format available.

Message #53 received at 463011@bugs.debian.org (full text, mbox):

From: Rolf Kutz <rk@vzsze.de>
To: 463011@bugs.debian.org
Subject: OpenSSH 5.0 has just been released.
Date: Fri, 4 Apr 2008 11:01:50 +0200
[Message part 1 (text/plain, inline)]
Interersting to read the release notes of openssh
5.0 about this bug:

http://www.openssh.com/txt/release-5.0
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011#15

Seems they need someone to blame for their delay.

regards, Rolf

-- 
Vorgang zu schwer zu erklären.
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#463011; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. Full text and rfc822 format available.

Message #58 received at 463011@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: openssh-unix-dev@mindrot.org
Cc: 463011@bugs.debian.org
Subject: Re: [openssh-unix-announce] Announce: OpenSSH 5.0 released
Date: Fri, 04 Apr 2008 11:04:05 +0100
Damien Miller wrote:
>We apologise for any inconvenience resulting from this release
>being made so shortly after 4.9. Unfortunately we only learned of
>the below security issue from the public CVE report. The Debian
>OpenSSH maintainers responsible for handling the initial report of
>this bug failed to report it via either the private OpenSSH security
>contact list (openssh@openssh.com) or the portable OpenSSH Bugzilla
>(http://bugzilla.mindrot.org/).
>
>We ask anyone wishing to report security bugs in OpenSSH to please use
>the openssh@openssh.com contact and to practice responsible disclosure.

My apologies for this; after having been in a very busy period at work
for some time, I was dealing with the bug in a rush immediately before
going on holiday for a week, and a comment on the bug by that point
indicated that it had already been forwarded to Theo DeRaadt. Since that
sounded vaguely reasonable and I was short on time, I didn't think to
check further.

(The bug log indicates that a member of Red Hat's Security Response Team
was also aware of the same problem.)

-- 
Colin Watson                                       [cjwatson@debian.org]




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#463011; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to David Ehle <ehle@agni.phys.iit.edu>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. Full text and rfc822 format available.

Message #63 received at 463011@bugs.debian.org (full text, mbox):

From: David Ehle <ehle@agni.phys.iit.edu>
To: 463011@bugs.debian.org
Subject: Bug#463011: update also for etch?
Date: Tue, 15 Apr 2008 11:21:24 -0500 (CDT)
Hello,

I would like to second this request that a security update be put in place 
for etch.  While I was not able to actually "shoulder surf" a forwarded X 
application, the bug does seem to stop X apps from running remotely when 
the conditions are met, (netcat or VNC) so it might technically qualify as 
a DOS attack.

Also this bug is in the list of vulnerabilities that Scanners catch now so 
I'm getting pressure to address it on our Stable systems... I'd much 
rather do it the debian way via a package from security.

Is there any idea if or when the update will occur?

Thanks!!

--
David Ehle
Computing Systems Manager
CAPP CSRRI
rm 077
LS Bld. IIT Main Campus
Chicago IL 60616
312-567-3751




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#463011; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to "Phil Miller" <pmiller@hmc.edu>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. Full text and rfc822 format available.

Message #68 received at 463011@bugs.debian.org (full text, mbox):

From: "Phil Miller" <pmiller@hmc.edu>
To: 463011@bugs.debian.org, openssh@openssh.com
Subject: Upstream report of Debian bug #463011
Date: Wed, 16 Apr 2008 22:36:55 -0700
I've posted a copy of the message I sent to Theo on February 3 at
<http://www.cs.hmc.edu/~pmiller/openssh-report>.
The instruction of where to submit a report was found at
<http://www.openbsd.org/security.html>
which may not have been the fastest means of contact, in retrospect,
but should have evoked a much quicker response than it did. Given
that, I would be inclined to ask if there was a problem in that
message's delivery, if someone with the means to check feels like
doing so.

Phil




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#463011; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Theo de Raadt <deraadt@cvs.openbsd.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>. Full text and rfc822 format available.

Message #73 received at 463011@bugs.debian.org (full text, mbox):

From: Theo de Raadt <deraadt@cvs.openbsd.org>
To: "Phil Miller" <pmiller@hmc.edu>
Cc: 463011@bugs.debian.org, openssh@openssh.com
Subject: Re: Upstream report of Debian bug #463011
Date: Thu, 17 Apr 2008 00:19:35 -0600
> I've posted a copy of the message I sent to Theo on February 3 at
> <http://www.cs.hmc.edu/~pmiller/openssh-report>.
> The instruction of where to submit a report was found at
> <http://www.openbsd.org/security.html>
> which may not have been the fastest means of contact, in retrospect,
> but should have evoked a much quicker response than it did. Given
> that, I would be inclined to ask if there was a problem in that
> message's delivery, if someone with the means to check feels like
> doing so.

Well, I never saw it.

I came back from NZ to about 8000 pieces of mail.  But I don't
think it was even in my mailbox, because I scan quite carefully.





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 16 Mar 2009 07:49:02 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 04:11:34 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.