Debian Bug report logs - #496393
The possibility of attack with the help of symlinks in some Debian packages

version graph

Package: xcal; Maintainer for xcal is Lars Bahner <bahner@debian.org>; Source for xcal is src:xcal.

Reported by: "Dmitry E. Oboukhov" <dimka@uvw.ru>

Date: Sun, 24 Aug 2008 18:10:30 UTC

Severity: grave

Fixed in version xcal/4.1-19

Done: Lars Bahner <bahner@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Lars Bahner <bahner@debian.org>:
Bug#496393; Package xcal. Full text and rfc822 format available.

Acknowledgement sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
New Bug report received and forwarded. Copy sent to Lars Bahner <bahner@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Dmitry E. Oboukhov" <dimka@uvw.ru>
To: submit@bugs.debian.org
Cc: dimka@uvw.ru
Subject: The possibility of attack with the help of symlinks in some Debian packages
Date: Sun, 24 Aug 2008 22:05:30 +0400
Package: xcal
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
    http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
    file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
    file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
    file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
    file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
    file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
    file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
    file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
    file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
    file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
    file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
    file: /usr/share/dtc/admin/accesslog.php
    file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
    file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
    file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
    file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
    file: /usr/share/linuxtrade/bin/linuxtrade.wn
    file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
    file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
    file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
    file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
    file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
    file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
    file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
    file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
    file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
    file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
    file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
    file: /usr/bin/impose
Binary-package: mgt (2.31-5)
    file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
    file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
    file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
    file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
    file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
    file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
    file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
    file: /usr/lib/lmbench/scripts/rccs
    file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
    file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
    file: /usr/lib/ogle/ogle_audio_debug
    file: /usr/lib/ogle/ogle_cli_debug
    file: /usr/lib/ogle/ogle_ctrl_debug
    file: /usr/lib/ogle/ogle_gui_debug
    file: /usr/lib/ogle/ogle_mpeg_ps_debug
    file: /usr/lib/ogle/ogle_mpeg_vs_debug
    file: /usr/lib/ogle/ogle_nav_debug
    file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
    file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
    file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
    file: /usr/bin/optics2rad
    file: /usr/bin/pdelta
    file: /usr/bin/dayfact
    file: /usr/bin/raddepend
Binary-package: vdr-dbg (1.6.0-5)
    file: /usr/bin/vdrleaktest
Binary-package: ogle-mmx (0.9.2-5.2)
    file: /usr/lib/ogle/ogle_audio_debug
    file: /usr/lib/ogle/ogle_cli_debug
    file: /usr/lib/ogle/ogle_ctrl_debug
    file: /usr/lib/ogle/ogle_gui_debug
    file: /usr/lib/ogle/ogle_mpeg_ps_debug
    file: /usr/lib/ogle/ogle_mpeg_vs_debug
    file: /usr/lib/ogle/ogle_nav_debug
    file: /usr/lib/ogle/ogle_vout_debug
Binary-package: convirt (0.8.2-3)
    file: /usr/share/convirt/image_store/_template_/provision.sh
    file: /usr/share/convirt/image_store/Linux_CD_Install/provision.sh
    file: /usr/share/convirt/image_store/Fedora_PV_Install/provision.sh
    file: /usr/share/convirt/image_store/CentOS_PV_Install/provision.sh
    file: /usr/share/convirt/image_store/common/provision.sh
    file: /usr/share/convirt/image_store/example/provision.sh
    file: /usr/share/convirt/image_store/Windows_CD_Install/provision.sh
Binary-package: printfilters-ppd (2.13-9)
    file: /usr/lib/printfilters/master-filter
Binary-package: r-base-core (2.7.1-1)
    file: /usr/lib/R/bin/javareconf
    file: /usr/lib/R/bin/javareconf.orig
Binary-package: xmcd (2.6-19.3)
    file: /usr/share/xmcd/scripts/ncsarmt
    file: /usr/share/xmcd/scripts/ncsawrap
Binary-package: tiger (1:3.2.2-3.1)
    file: /usr/lib/tiger/util/genmsgidx
Binary-package: scilab-bin (4.1.2-5)
    file: /usr/lib/scilab-4.1.2/bin/scilink
    file: /usr/lib/scilab-4.1.2/util/scidoc
    file: /usr/lib/scilab-4.1.2/util/scidem
Binary-package: dpkg-cross (2.3.0)
    file: /usr/share/dpkg-cross/bin/gccross
Binary-package: ltp-network-test (20060918-2.1)
    file: /usr/lib/debian-test/tests/linux/testcases/bin/ftp_setup_vsftp_conf
    file: /usr/lib/debian-test/tests/linux/testcases/bin/nfs_fsstress.sh
Binary-package: cman (2.20080629-1)
    file: /usr/sbin/fence_egenera
Binary-package: scratchbox2 (1.99.0.24-1)
    file: /usr/share/scratchbox2/scripts/dpkg-checkbuilddeps
    file: /usr/share/scratchbox2/scripts/sb2-check-pkg-mappings
Binary-package: sendmail-base (8.14.3-5)
    file: /usr/sbin/checksendmail
    file: /usr/bin/expn
Binary-package: fwbuilder (2.1.19-3)
    file: /usr/bin/fwb_install
Binary-package: sng (1.0.2-5)
    file: /usr/bin/sng_regress
Binary-package: dist (1:3.5-17-1)
    file: /usr/bin/patcil
    file: /usr/bin/patdiff
Binary-package: sympa (5.3.4-5)
    file: /usr/lib/cgi-bin/sympa/wwsympa.fcgi
    file: /usr/lib/sympa/bin/sympa.pl
Binary-package: postfix (2.5.2-2)
    file: /usr/lib/postfix_groups.pl
Binary-package: caudium (3:1.4.12-11)
    file: /usr/share/caudium/configvar
Binary-package: mgetty-fax (1.1.36-1.2)
    file: /usr/bin/faxspool
Binary-package: aegis (4.24-3)
    file: /usr/share/doc/aegis/examples/remind/bng_dvlpd.sh
    file: /usr/share/doc/aegis/examples/remind/bng_rvwd.sh
    file: /usr/share/doc/aegis/examples/remind/awt_dvlp.sh
    file: /usr/share/doc/aegis/examples/remind/awt_intgrtn.sh
Binary-package: aegis-web (4.24-3)
    file: /usr/lib/cgi-bin/aegis.cgi
Binary-package: digitaldj (0.7.5-6+b1)
    file: /usr/share/digitaldj/fest.pl
Binary-package: mon (0.99.2-12)
    file: /usr/lib/mon/alert.d/test.alert
Binary-package: feta (1.4.16)
    file: /usr/share/feta/plugins/to-upgrade
Binary-package: arb-common (0.0.20071207.1-4)
    file: /usr/lib/arb/SH/arb_fastdnaml
    file: /usr/lib/arb/SH/dszmconnect.pl
Binary-package: qemu (0.9.1-5)
    file: /usr/sbin/qemu-make-debian-root
Binary-package: apertium (3.0.7+1-1+b1)
    file: /usr/bin/apertium-gen-deformat
    file: /usr/bin/apertium-gen-reformat
    file: /usr/bin/apertium
Binary-package: xcal (4.1-18.3)
    file: /usr/bin/pscal
Binary-package: myspell-tools (1:3.1-20)
    file: /usr/bin/i2myspell
Binary-package: gccxml (0.9.0+cvs20080525-1)
    file: /usr/share/gccxml-0.9/MIPSpro/find_flags
Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4)
    file: /usr/share/freeradius-dialupadmin/bin/backup_radacct
    file: /usr/share/freeradius-dialupadmin/bin/clean_radacct
    file: /usr/share/freeradius-dialupadmin/bin/monthly_tot_stats
    file: /usr/share/freeradius-dialupadmin/bin/tot_stats
    file: /usr/share/freeradius-dialupadmin/bin/truncate_radacct
Binary-package: dhis-server (5.3-1)
    file: /usr/lib/dhis-server/dhis-dummy-log-engine
Binary-package: wims (3.62-13)
    file: /var/lib/wims/public_html/bin/coqweb
    file: /var/lib/wims/bin/account.sh
Binary-package: initramfs-tools (0.92f)
    file: /usr/share/initramfs-tools/init
Binary-package: realtimebattle-common (1.0.8-7)
    file: /usr/lib/realtimebattle/Robots/perl.robot
Binary-package: netmrg (0.20-1)
    file: /usr/bin/rrdedit
Binary-package: bulmages-servers (0.11.1-2)
    file: /usr/share/bulmages/examples/scripts/actualizabulmacont
    file: /usr/share/bulmages/examples/scripts/installbulmages-db
    file: /usr/share/bulmages/examples/scripts/creabulmafact
    file: /usr/share/bulmages/examples/scripts/creabulmacont
    file: /usr/share/bulmages/examples/scripts/actualizabulmafact
Binary-package: xastir (1.9.2-1)
    file: /usr/lib/xastir/get-maptools.sh
    file: /usr/lib/xastir/get_shapelib.sh
Binary-package: plait (1.5.2-1)
    file: /usr/bin/plaiter
    file: /usr/bin/plait
Binary-package: cdrw-taper (0.4-2)
    file: /usr/sbin/amlabel-cdrw
Binary-package: konwert-filters (1.8-11.1)
    file: /usr/share/konwert/filters/any-UTF8
Binary-package: gdrae (0.1-1)
    file: /usr/bin/gdrae
Binary-package: lazarus-src (0.9.24-0-9)
    file: /usr/lib/lazarus/tools/install/create_lazarus_export_tgz.sh




Reply sent to Lars Bahner <bahner@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 496393-close@bugs.debian.org (full text, mbox):

From: Lars Bahner <bahner@debian.org>
To: 496393-close@bugs.debian.org
Subject: Bug#496393: fixed in xcal 4.1-18.5
Date: Sun, 24 Aug 2008 21:32:08 +0000
Source: xcal
Source-Version: 4.1-18.5

We believe that the bug you reported is fixed in the latest version of
xcal, which is due to be installed in the Debian FTP archive:

xcal_4.1-18.5.diff.gz
  to pool/main/x/xcal/xcal_4.1-18.5.diff.gz
xcal_4.1-18.5.dsc
  to pool/main/x/xcal/xcal_4.1-18.5.dsc
xcal_4.1-18.5_i386.deb
  to pool/main/x/xcal/xcal_4.1-18.5_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 496393@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lars Bahner <bahner@debian.org> (supplier of updated xcal package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 24 Aug 2008 21:26:18 +0000
Source: xcal
Binary: xcal
Architecture: source i386
Version: 4.1-18.5
Distribution: unstable
Urgency: low
Maintainer: Lars Bahner <bahner@debian.org>
Changed-By: Lars Bahner <bahner@debian.org>
Description: 
 xcal       - a graphical calendar with memos and reminder alarms
Closes: 496393
Changes: 
 xcal (4.1-18.5) unstable; urgency=low
 .
   * Removed internationlization patch from pscal. As it didn't work
     properly.
   * Fixed incorrect tempfile handling in pscal (closes: #496393)
   * Added recommendation on lpr
Checksums-Sha1: 
 5c2f550d07634b9bde1480f5b4675767ed7069b6 953 xcal_4.1-18.5.dsc
 cae4449a5f0b185417e7fcdc80ab31cf90898b0d 44777 xcal_4.1-18.5.diff.gz
 64d4840d280062583f680409affbbc88bfddad9c 75254 xcal_4.1-18.5_i386.deb
Checksums-Sha256: 
 4b5c5ed76c1b319eeaa7c5940f2f07654802cde4d94d764c87e25c7e54fbf234 953 xcal_4.1-18.5.dsc
 3823127a585249358b4c2c11bd12a6ea6a81a7ecea8030d64ea3e7ec78a66cac 44777 xcal_4.1-18.5.diff.gz
 f0f97c7f6a6b256bcd65a86b15d27821d9966a6a65066a8ce000a64f39d0810a 75254 xcal_4.1-18.5_i386.deb
Files: 
 eed8051d17d865b853dc6b6701d159ea 953 misc optional xcal_4.1-18.5.dsc
 853613da1ca9ad2fe1b6a74014de5af7 44777 misc optional xcal_4.1-18.5.diff.gz
 e5d1dd82b2de6434f25feb205ca10325 75254 misc optional xcal_4.1-18.5_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkix0kcACgkQmXJ8FFTsuK9w1gCgo4EBsgmN4WEaa4C4FTK0PcZp
m2IAn2mrk280i8Nb0mrw4sDd51ZNphxP
=qcxj
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Lars Bahner <bahner@debian.org>:
Bug#496393; Package xcal. Full text and rfc822 format available.

Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Lars Bahner <bahner@debian.org>. Full text and rfc822 format available.

Message #15 received at 496393@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 496393@bugs.debian.org
Cc: control@bugs.debian.org, "Dmitry E. Oboukhov" <dimka@uvw.ru>
Subject: this bug is not fixed
Date: Mon, 25 Aug 2008 09:44:03 +0200
[Message part 1 (text/plain, inline)]
reopen 496393
thanks

Hi,

Maybe I'm completely missing something, but the patch you added just seems to 
make matters much worse. Perhaps I don't understand it, but you remove use of 
the safe "mktemp" function and replace it with tempfiles based on PID? It 
looks to me like this change just introduced a new tempfile vulnerability.

And perhaps Dmytri can tell us what the original bug was that he found in his 
file, so the real issue can be addressed.

By the way, you are aware that you're using NMU-style versioning for your 
package while making maintainer uploads?


cheers,
Thijs


--- pscal/pscal.script  2008-08-24 21:06:51.000000000 +0000
+++ pscal/pscal.script.orig     2008-08-24 21:05:08.000000000 +0000
@@ -161,7 +161,6 @@
        xc\*$MONTHNAME$YEAR)
                        ;;
        *)
-               PSCAL_TEMPFILE=$(mktemp -t pscal.XXXXXXXXXX)
                for file in $list
                do
                        day=`expr $file : 'xc\([0-9]*\)'`
@@ -172,9 +171,9 @@
                                        s/^/$day ( /
                                        s/\$/ )/
                                        p"
-               done > ${PSCAL_TEMPFILE}
-               holidays=`cat ${PSCAL_TEMPFILE}`
-               rm -f ${PSCAL_TEMPFILE}
+               done > /tmp/pscal$$
+               holidays=`cat /tmp/pscal$$`
+               rm -f /tmp/pscal$$
        esac
 fi

[Message part 2 (application/pgp-signature, inline)]

Bug reopened, originator not changed. Request was from Thijs Kinkhorst <thijs@debian.org> to control@bugs.debian.org. (Mon, 25 Aug 2008 07:45:08 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#496393; Package xcal. Full text and rfc822 format available.

Acknowledgement sent to Lars Bahner <bahner@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #22 received at 496393@bugs.debian.org (full text, mbox):

From: Lars Bahner <bahner@debian.org>
To: Thijs Kinkhorst <thijs@debian.org>, 496393@bugs.debian.org
Subject: Re: Bug#496393: this bug is not fixed
Date: Mon, 25 Aug 2008 12:03:41 +0200
On Mon, Aug 25, 2008 at 09:44:03AM +0200, Thijs Kinkhorst wrote:
> reopen 496393
> thanks
> 
> Hi,
> 
> Maybe I'm completely missing something, but the patch you added just seems to 
> make matters much worse. Perhaps I don't understand it, but you remove use of 
> the safe "mktemp" function and replace it with tempfiles based on PID? It 
> looks to me like this change just introduced a new tempfile vulnerability.
> 
> And perhaps Dmytri can tell us what the original bug was that he found in his 
> file, so the real issue can be addressed.

I inadvertently mixed up my two source directories and sent off a build
from the wrong directory thus reversing my patch :P

> By the way, you are aware that you're using NMU-style versioning for your 
> package while making maintainer uploads?

because I forgot, duh!


Thanks for noticing, Thijs. The correct patch is being built as I write.




Reply sent to Lars Bahner <bahner@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #27 received at 496393-close@bugs.debian.org (full text, mbox):

From: Lars Bahner <bahner@debian.org>
To: 496393-close@bugs.debian.org
Subject: Bug#496393: fixed in xcal 4.1-19
Date: Mon, 25 Aug 2008 10:32:05 +0000
Source: xcal
Source-Version: 4.1-19

We believe that the bug you reported is fixed in the latest version of
xcal, which is due to be installed in the Debian FTP archive:

xcal_4.1-19.diff.gz
  to pool/main/x/xcal/xcal_4.1-19.diff.gz
xcal_4.1-19.dsc
  to pool/main/x/xcal/xcal_4.1-19.dsc
xcal_4.1-19_i386.deb
  to pool/main/x/xcal/xcal_4.1-19_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 496393@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Lars Bahner <bahner@debian.org> (supplier of updated xcal package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 25 Aug 2008 11:54:26 +0200
Source: xcal
Binary: xcal
Architecture: source i386
Version: 4.1-19
Distribution: unstable
Urgency: low
Maintainer: Lars Bahner <bahner@debian.org>
Changed-By: Lars Bahner <bahner@debian.org>
Description: 
 xcal       - a graphical calendar with memos and reminder alarms
Closes: 496393
Changes: 
 xcal (4.1-19) unstable; urgency=low
 .
   * Applied the patch to correct #496393 instead of reverting it :(
     (closes: #496393). Thanks to Thijs Kinkhorst for noticing.
Checksums-Sha1: 
 30251af49e19ec6b68512a1666a6031e4bdfcd9b 945 xcal_4.1-19.dsc
 4cbeaa0f710f2f23cdaf05a2b590709bc6a3424d 45124 xcal_4.1-19.diff.gz
 665c8df2a12abba967252164935e6fb325747905 75942 xcal_4.1-19_i386.deb
Checksums-Sha256: 
 6343abfb64dafc6b46804caf294acab42fcd450771cd44af7705c9701b2f240a 945 xcal_4.1-19.dsc
 18a64d01baba19c47b0cf20c0d210f56f721ae4c85fc77fafd8fa7a9c8564162 45124 xcal_4.1-19.diff.gz
 afcf9e3001a370db50046be3f3bbc925bb4437cecefa48c7e2cc9f9b87f9eacd 75942 xcal_4.1-19_i386.deb
Files: 
 3db84202b8218f91b436a593d2a6d13c 945 misc optional xcal_4.1-19.dsc
 0089ea1788acf4e42e547745c55c5563 45124 misc optional xcal_4.1-19.diff.gz
 d2b4de62810bd76b752e70a749e7c1e2 75942 misc optional xcal_4.1-19_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkiyhvUACgkQmXJ8FFTsuK97swCgwDxPqUyR1M3ZUMArJMDG7sMY
s/UAn25Rgjw6SniV916HM0QNqcCvkKdq
=Em2e
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 16 Mar 2009 10:35:00 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 21:37:34 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.