Debian Bug report logs - #466449
diatheke: Diatheke allows arbitrary command execution using the range parameter

version graph

Package: diatheke; Maintainer for diatheke is Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>; Source for diatheke is src:sword.

Reported by: Dan Dennison <dan@thedennisons.org>

Date: Mon, 18 Feb 2008 20:36:05 UTC

Severity: critical

Tags: security

Fixed in versions sword/1.5.9-8, sword/1.5.7-7sarge1, sword/1.5.9-2etch1

Done: Thijs Kinkhorst <thijs@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Daniel Glassey <wdg@debian.org>:
Bug#466449; Package diatheke. Full text and rfc822 format available.

Acknowledgement sent to Dan Dennison <dan@thedennisons.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Daniel Glassey <wdg@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Dan Dennison <dan@thedennisons.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: diatheke: Diatheke allows arbitrary command execution using the range parameter
Date: Mon, 18 Feb 2008 15:35:20 -0500
Package: diatheke
Severity: critical
Tags: security
Justification: root security hole

The Diatheke CGI allows arbitrary command execution in the context of 
the webserver, e.g. www-data by simply abusing the range parameter.

For example, &range=`yes` will consume tons of resources on the affected 
webserver. Escalation of privleges and command shells are left as an 
exercise to the reader.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh

Versions of packages diatheke depends on:
ii  libc6                 2.7-8              GNU C Library: Shared libraries
ii  libcomerr2            1.40.6-1           common error description library
ii  libgcc1               1:4.3-20080202-1   GCC support library
ii  libkrb53              1.6.dfsg.3~beta1-2 MIT Kerberos runtime libraries
ii  libldap-2.4-2         2.4.7-5            OpenLDAP libraries
ii  libstdc++6            4.3-20080202-1     The GNU Standard C++ Library v3
ii  libsword6             1.5.9-7.1          API/library for bible software
ii  zlib1g                1:1.2.3.3.dfsg-11  compression library - runtime

Versions of packages diatheke recommends:
ii  apache2                       2.2.8-1    Next generation, scalable, extenda
ii  apache2-mpm-prefork [httpd]   2.2.8-1    Traditional model for Apache HTTPD




Reply sent to Daniel Glassey <wdg@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Dan Dennison <dan@thedennisons.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 466449-close@bugs.debian.org (full text, mbox):

From: Daniel Glassey <wdg@debian.org>
To: 466449-close@bugs.debian.org
Subject: Bug#466449: fixed in sword 1.5.9-8
Date: Tue, 19 Feb 2008 00:02:11 +0000
Source: sword
Source-Version: 1.5.9-8

We believe that the bug you reported is fixed in the latest version of
sword, which is due to be installed in the Debian FTP archive:

diatheke_1.5.9-8_i386.deb
  to pool/main/s/sword/diatheke_1.5.9-8_i386.deb
libsword-dev_1.5.9-8_i386.deb
  to pool/main/s/sword/libsword-dev_1.5.9-8_i386.deb
libsword6_1.5.9-8_i386.deb
  to pool/main/s/sword/libsword6_1.5.9-8_i386.deb
sword_1.5.9-8.diff.gz
  to pool/main/s/sword/sword_1.5.9-8.diff.gz
sword_1.5.9-8.dsc
  to pool/main/s/sword/sword_1.5.9-8.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 466449@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Glassey <wdg@debian.org> (supplier of updated sword package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 18 Feb 2008 22:57:25 +0000
Source: sword
Binary: libsword6 libsword-dev diatheke
Architecture: source i386
Version: 1.5.9-8
Distribution: unstable
Urgency: high
Maintainer: Daniel Glassey <wdg@debian.org>
Changed-By: Daniel Glassey <wdg@debian.org>
Description: 
 diatheke   - CGI script for making bible website
 libsword-dev - Development files for libsword
 libsword6  - API/library for bible software
Closes: 466449
Changes: 
 sword (1.5.9-8) unstable; urgency=high
 .
   * diatheke failed to use shell_escape for the range parameter
     properly, Closes: #466449
Files: 
 d213fb9ac2386e698fea2b02b6978851 709 libs optional sword_1.5.9-8.dsc
 d2a89c7f46b5b39d51034ea607be58b5 100567 libs optional sword_1.5.9-8.diff.gz
 1f0c6259a54dfe5fb5edf522eb7eec9f 529646 libs optional libsword6_1.5.9-8_i386.deb
 307a45596ca46eaaa9d1ad864fa7ff80 678664 libdevel optional libsword-dev_1.5.9-8_i386.deb
 8bf1c18a75a0738c0a1226d1743d545c 60998 web optional diatheke_1.5.9-8_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHuhlP/offrSwPzRoRAuS9AKC9pAaiNSE530tcVDCFabSZVyOcpQCg7jx2
oER4VELqtW8FIrsrWWpIvVM=
=69iZ
-----END PGP SIGNATURE-----





Reply sent to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Dan Dennison <dan@thedennisons.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #15 received at 466449-close@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 466449-close@bugs.debian.org
Subject: Bug#466449: fixed in sword 1.5.7-7sarge1
Date: Thu, 28 Feb 2008 07:52:17 +0000
Source: sword
Source-Version: 1.5.7-7sarge1

We believe that the bug you reported is fixed in the latest version of
sword, which is due to be installed in the Debian FTP archive:

diatheke_1.5.7-7sarge1_i386.deb
  to pool/main/s/sword/diatheke_1.5.7-7sarge1_i386.deb
libsword-dev_1.5.7-7sarge1_i386.deb
  to pool/main/s/sword/libsword-dev_1.5.7-7sarge1_i386.deb
libsword4_1.5.7-7sarge1_i386.deb
  to pool/main/s/sword/libsword4_1.5.7-7sarge1_i386.deb
sword_1.5.7-7sarge1.diff.gz
  to pool/main/s/sword/sword_1.5.7-7sarge1.diff.gz
sword_1.5.7-7sarge1.dsc
  to pool/main/s/sword/sword_1.5.7-7sarge1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 466449@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated sword package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 21 Feb 2008 23:45:32 +0100
Source: sword
Binary: libsword4 libsword-dev diatheke
Architecture: source i386
Version: 1.5.7-7sarge1
Distribution: oldstable-security
Urgency: high
Maintainer: Daniel Glassey <wdg@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 diatheke   - CGI script for making bible website
 libsword-dev - Development files for libsword
 libsword4  - API/library for bible software
Closes: 466449
Changes: 
 sword (1.5.7-7sarge1) oldstable-security; urgency=high
 .
   * Non-maintainer upload by the security team.
   * Fix remote command execution in diatheke.pl (Closes: #466449)
     with maintainer-supplied patch.
Files: 
 4f7872250c457ac36f0b20b4be235647 938 libs optional sword_1.5.7-7sarge1.dsc
 369f09068839c646aeab691c63a40d67 1482711 libs optional sword_1.5.7.orig.tar.gz
 f8993cddacdac25ca55b7e99ced8ff49 277640 libs optional sword_1.5.7-7sarge1.diff.gz
 4dabb05ea1d6b72ba61e8877cbad1544 388072 libs optional libsword4_1.5.7-7sarge1_i386.deb
 f04d2f9bc41e5703967630adf4e12754 556994 libdevel optional libsword-dev_1.5.7-7sarge1_i386.deb
 665ce388ee9a74a0d850007beae3051a 58108 web optional diatheke_1.5.7-7sarge1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBR74IYWz0hbPcukPfAQJSPwf9FGg4WMaBQurWVna+xkNHblnqh49TNoww
0J2Zk7rWLIyUudLfTh/x6IB4OtsExY3gBZwi/Dxlh7OTUU0rVwJKAbfkEwcFgltS
4sLEdOX1OQXA4BcgDjn6/MLNf8EF64KmRfaFWX8jgERU0AsNsfLYRYGdk3qDQzXA
mDpBcegA0qwsgyv8bNG7EWNacimnnRNdGFe2Gx3Lxcij9414TwtxAMShHEfks/t+
kf6V3+NLkjYcxWoAn9WPcrnL6VG6DFOojB3xB2fZHy8BBGD6TINm6/1rmzuxwBwI
FWvC3Ljp1I20bSwj5kGCX/aIvQ/G0bnD0SsnmdRuv8C5mvNVN75CNA==
=iCgh
-----END PGP SIGNATURE-----





Reply sent to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Dan Dennison <dan@thedennisons.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #20 received at 466449-close@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 466449-close@bugs.debian.org
Subject: Bug#466449: fixed in sword 1.5.9-2etch1
Date: Wed, 02 Apr 2008 19:52:19 +0000
Source: sword
Source-Version: 1.5.9-2etch1

We believe that the bug you reported is fixed in the latest version of
sword, which is due to be installed in the Debian FTP archive:

diatheke_1.5.9-2etch1_i386.deb
  to pool/main/s/sword/diatheke_1.5.9-2etch1_i386.deb
libsword-dev_1.5.9-2etch1_i386.deb
  to pool/main/s/sword/libsword-dev_1.5.9-2etch1_i386.deb
libsword6_1.5.9-2etch1_i386.deb
  to pool/main/s/sword/libsword6_1.5.9-2etch1_i386.deb
sword_1.5.9-2etch1.diff.gz
  to pool/main/s/sword/sword_1.5.9-2etch1.diff.gz
sword_1.5.9-2etch1.dsc
  to pool/main/s/sword/sword_1.5.9-2etch1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 466449@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated sword package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 21 Feb 2008 23:35:10 +0100
Source: sword
Binary: libsword-dev libsword6 diatheke
Architecture: source i386
Version: 1.5.9-2etch1
Distribution: stable-security
Urgency: high
Maintainer: Daniel Glassey <wdg@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 diatheke   - CGI script for making bible website
 libsword-dev - Development files for libsword
 libsword6  - API/library for bible software
Closes: 466449
Changes: 
 sword (1.5.9-2etch1) stable-security; urgency=high
 .
   * Non-maintainer upload by the security team.
   * Fix remote command execution in diatheke.pl (Closes: #466449)
     with maintainer-supplied patch.
Files: 
 d93f49c3798272c9de84ec6ae5d1cbed 1026 libs optional sword_1.5.9-2etch1.dsc
 346539f31b41015161d8dd0d2f035243 1806178 libs optional sword_1.5.9.orig.tar.gz
 c39c316e9c81e54136eb02f68292c09d 82071 libs optional sword_1.5.9-2etch1.diff.gz
 95b5aaff3ccec4dcd1f77e95f6bf2da0 526314 libs optional libsword6_1.5.9-2etch1_i386.deb
 e3c8ec3d6dcfcfae0cddbb618353db36 701078 libdevel optional libsword-dev_1.5.9-2etch1_i386.deb
 0a384fecde3e4492fda105eb9d82ce35 62206 web optional diatheke_1.5.9-2etch1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBR74B9mz0hbPcukPfAQK1vQgAslglZdmw1KrpxLpOGJFk9mPJDzX6lTDa
xL0r/4/IxFapDxUoxD0Yk/wOsVltChGM8e8Ro4955sWKabR/s0vw1mJg08l9cGy4
sk9JUsfTuQ5PhhsgqHFjZW3SZuoOdRnrGWHQtAKTxbVQ57t4RxYJvcnKRbMN3E3g
WZimOoxEPFoI9qK4zAj6b0DMKdqJmxeD6n3UO62B1CUZEmbU78XSYrEDtrsqgmZv
1V9MNzaVo4cqY8NPlKMWQ07R7/biw9IRrRGNHuqivsvdwcdinFEJ6afhwfbigX6F
M1NfKM/YmXGUWZk9mFp8hoKnTd6tpq4AMK4wWkrBrRBQOsj7Lvbayw==
=DYIY
-----END PGP SIGNATURE-----





Reply sent to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Dan Dennison <dan@thedennisons.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #25 received at 466449-close@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 466449-close@bugs.debian.org
Subject: Bug#466449: fixed in sword 1.5.7-7sarge1
Date: Sat, 12 Apr 2008 17:54:56 +0000
Source: sword
Source-Version: 1.5.7-7sarge1

We believe that the bug you reported is fixed in the latest version of
sword, which is due to be installed in the Debian FTP archive:

diatheke_1.5.7-7sarge1_i386.deb
  to pool/main/s/sword/diatheke_1.5.7-7sarge1_i386.deb
libsword-dev_1.5.7-7sarge1_i386.deb
  to pool/main/s/sword/libsword-dev_1.5.7-7sarge1_i386.deb
libsword4_1.5.7-7sarge1_i386.deb
  to pool/main/s/sword/libsword4_1.5.7-7sarge1_i386.deb
sword_1.5.7-7sarge1.diff.gz
  to pool/main/s/sword/sword_1.5.7-7sarge1.diff.gz
sword_1.5.7-7sarge1.dsc
  to pool/main/s/sword/sword_1.5.7-7sarge1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 466449@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated sword package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 21 Feb 2008 23:45:32 +0100
Source: sword
Binary: libsword4 libsword-dev diatheke
Architecture: source i386
Version: 1.5.7-7sarge1
Distribution: oldstable-security
Urgency: high
Maintainer: Daniel Glassey <wdg@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 diatheke   - CGI script for making bible website
 libsword-dev - Development files for libsword
 libsword4  - API/library for bible software
Closes: 466449
Changes: 
 sword (1.5.7-7sarge1) oldstable-security; urgency=high
 .
   * Non-maintainer upload by the security team.
   * Fix remote command execution in diatheke.pl (Closes: #466449)
     with maintainer-supplied patch.
Files: 
 4f7872250c457ac36f0b20b4be235647 938 libs optional sword_1.5.7-7sarge1.dsc
 369f09068839c646aeab691c63a40d67 1482711 libs optional sword_1.5.7.orig.tar.gz
 f8993cddacdac25ca55b7e99ced8ff49 277640 libs optional sword_1.5.7-7sarge1.diff.gz
 4dabb05ea1d6b72ba61e8877cbad1544 388072 libs optional libsword4_1.5.7-7sarge1_i386.deb
 f04d2f9bc41e5703967630adf4e12754 556994 libdevel optional libsword-dev_1.5.7-7sarge1_i386.deb
 665ce388ee9a74a0d850007beae3051a 58108 web optional diatheke_1.5.7-7sarge1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBR74IYWz0hbPcukPfAQJSPwf9FGg4WMaBQurWVna+xkNHblnqh49TNoww
0J2Zk7rWLIyUudLfTh/x6IB4OtsExY3gBZwi/Dxlh7OTUU0rVwJKAbfkEwcFgltS
4sLEdOX1OQXA4BcgDjn6/MLNf8EF64KmRfaFWX8jgERU0AsNsfLYRYGdk3qDQzXA
mDpBcegA0qwsgyv8bNG7EWNacimnnRNdGFe2Gx3Lxcij9414TwtxAMShHEfks/t+
kf6V3+NLkjYcxWoAn9WPcrnL6VG6DFOojB3xB2fZHy8BBGD6TINm6/1rmzuxwBwI
FWvC3Ljp1I20bSwj5kGCX/aIvQ/G0bnD0SsnmdRuv8C5mvNVN75CNA==
=iCgh
-----END PGP SIGNATURE-----





Reply sent to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Dan Dennison <dan@thedennisons.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #30 received at 466449-close@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 466449-close@bugs.debian.org
Subject: Bug#466449: fixed in sword 1.5.9-2etch1
Date: Sat, 26 Jul 2008 09:58:01 +0000
Source: sword
Source-Version: 1.5.9-2etch1

We believe that the bug you reported is fixed in the latest version of
sword, which is due to be installed in the Debian FTP archive:

diatheke_1.5.9-2etch1_i386.deb
  to pool/main/s/sword/diatheke_1.5.9-2etch1_i386.deb
libsword-dev_1.5.9-2etch1_i386.deb
  to pool/main/s/sword/libsword-dev_1.5.9-2etch1_i386.deb
libsword6_1.5.9-2etch1_i386.deb
  to pool/main/s/sword/libsword6_1.5.9-2etch1_i386.deb
sword_1.5.9-2etch1.diff.gz
  to pool/main/s/sword/sword_1.5.9-2etch1.diff.gz
sword_1.5.9-2etch1.dsc
  to pool/main/s/sword/sword_1.5.9-2etch1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 466449@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated sword package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 21 Feb 2008 23:35:10 +0100
Source: sword
Binary: libsword-dev libsword6 diatheke
Architecture: source i386
Version: 1.5.9-2etch1
Distribution: stable-security
Urgency: high
Maintainer: Daniel Glassey <wdg@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 diatheke   - CGI script for making bible website
 libsword-dev - Development files for libsword
 libsword6  - API/library for bible software
Closes: 466449
Changes: 
 sword (1.5.9-2etch1) stable-security; urgency=high
 .
   * Non-maintainer upload by the security team.
   * Fix remote command execution in diatheke.pl (Closes: #466449)
     with maintainer-supplied patch.
Files: 
 d93f49c3798272c9de84ec6ae5d1cbed 1026 libs optional sword_1.5.9-2etch1.dsc
 346539f31b41015161d8dd0d2f035243 1806178 libs optional sword_1.5.9.orig.tar.gz
 c39c316e9c81e54136eb02f68292c09d 82071 libs optional sword_1.5.9-2etch1.diff.gz
 95b5aaff3ccec4dcd1f77e95f6bf2da0 526314 libs optional libsword6_1.5.9-2etch1_i386.deb
 e3c8ec3d6dcfcfae0cddbb618353db36 701078 libdevel optional libsword-dev_1.5.9-2etch1_i386.deb
 0a384fecde3e4492fda105eb9d82ce35 62206 web optional diatheke_1.5.9-2etch1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBR74B9mz0hbPcukPfAQK1vQgAslglZdmw1KrpxLpOGJFk9mPJDzX6lTDa
xL0r/4/IxFapDxUoxD0Yk/wOsVltChGM8e8Ro4955sWKabR/s0vw1mJg08l9cGy4
sk9JUsfTuQ5PhhsgqHFjZW3SZuoOdRnrGWHQtAKTxbVQ57t4RxYJvcnKRbMN3E3g
WZimOoxEPFoI9qK4zAj6b0DMKdqJmxeD6n3UO62B1CUZEmbU78XSYrEDtrsqgmZv
1V9MNzaVo4cqY8NPlKMWQ07R7/biw9IRrRGNHuqivsvdwcdinFEJ6afhwfbigX6F
M1NfKM/YmXGUWZk9mFp8hoKnTd6tpq4AMK4wWkrBrRBQOsj7Lvbayw==
=DYIY
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 02 Jul 2009 07:42:05 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 13:22:50 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.