Debian Bug report logs - #496434
The possibility of attack with the help of symlinks in some Debian packages

version graph

Package: mgt; Maintainer for mgt is Steve M. Robbins <smr@debian.org>; Source for mgt is src:mgt.

Reported by: "Dmitry E. Oboukhov" <dimka@uvw.ru>

Date: Sun, 24 Aug 2008 18:12:19 UTC

Severity: normal

Fixed in version mgt/2.31-6

Done: smr@debian.org (Steve M. Robbins)

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, smr@debian.org (Steve M. Robbins):
Bug#496434; Package mgt. Full text and rfc822 format available.

Acknowledgement sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
New Bug report received and forwarded. Copy sent to smr@debian.org (Steve M. Robbins). Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Dmitry E. Oboukhov" <dimka@uvw.ru>
To: submit@bugs.debian.org
Cc: dimka@uvw.ru
Subject: The possibility of attack with the help of symlinks in some Debian packages
Date: Sun, 24 Aug 2008 22:05:28 +0400
Package: mgt
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
    http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
    file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
    file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
    file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
    file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
    file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
    file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
    file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
    file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
    file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
    file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
    file: /usr/share/dtc/admin/accesslog.php
    file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
    file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
    file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
    file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
    file: /usr/share/linuxtrade/bin/linuxtrade.wn
    file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
    file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
    file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
    file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
    file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
    file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
    file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
    file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
    file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
    file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
    file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
    file: /usr/bin/impose
Binary-package: mgt (2.31-5)
    file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
    file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
    file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
    file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
    file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
    file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
    file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
    file: /usr/lib/lmbench/scripts/rccs
    file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
    file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
    file: /usr/lib/ogle/ogle_audio_debug
    file: /usr/lib/ogle/ogle_cli_debug
    file: /usr/lib/ogle/ogle_ctrl_debug
    file: /usr/lib/ogle/ogle_gui_debug
    file: /usr/lib/ogle/ogle_mpeg_ps_debug
    file: /usr/lib/ogle/ogle_mpeg_vs_debug
    file: /usr/lib/ogle/ogle_nav_debug
    file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
    file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
    file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
    file: /usr/bin/optics2rad
    file: /usr/bin/pdelta
    file: /usr/bin/dayfact
    file: /usr/bin/raddepend
Binary-package: vdr-dbg (1.6.0-5)
    file: /usr/bin/vdrleaktest
Binary-package: ogle-mmx (0.9.2-5.2)
    file: /usr/lib/ogle/ogle_audio_debug
    file: /usr/lib/ogle/ogle_cli_debug
    file: /usr/lib/ogle/ogle_ctrl_debug
    file: /usr/lib/ogle/ogle_gui_debug
    file: /usr/lib/ogle/ogle_mpeg_ps_debug
    file: /usr/lib/ogle/ogle_mpeg_vs_debug
    file: /usr/lib/ogle/ogle_nav_debug
    file: /usr/lib/ogle/ogle_vout_debug
Binary-package: convirt (0.8.2-3)
    file: /usr/share/convirt/image_store/_template_/provision.sh
    file: /usr/share/convirt/image_store/Linux_CD_Install/provision.sh
    file: /usr/share/convirt/image_store/Fedora_PV_Install/provision.sh
    file: /usr/share/convirt/image_store/CentOS_PV_Install/provision.sh
    file: /usr/share/convirt/image_store/common/provision.sh
    file: /usr/share/convirt/image_store/example/provision.sh
    file: /usr/share/convirt/image_store/Windows_CD_Install/provision.sh
Binary-package: printfilters-ppd (2.13-9)
    file: /usr/lib/printfilters/master-filter
Binary-package: r-base-core (2.7.1-1)
    file: /usr/lib/R/bin/javareconf
    file: /usr/lib/R/bin/javareconf.orig
Binary-package: xmcd (2.6-19.3)
    file: /usr/share/xmcd/scripts/ncsarmt
    file: /usr/share/xmcd/scripts/ncsawrap
Binary-package: tiger (1:3.2.2-3.1)
    file: /usr/lib/tiger/util/genmsgidx
Binary-package: scilab-bin (4.1.2-5)
    file: /usr/lib/scilab-4.1.2/bin/scilink
    file: /usr/lib/scilab-4.1.2/util/scidoc
    file: /usr/lib/scilab-4.1.2/util/scidem
Binary-package: dpkg-cross (2.3.0)
    file: /usr/share/dpkg-cross/bin/gccross
Binary-package: ltp-network-test (20060918-2.1)
    file: /usr/lib/debian-test/tests/linux/testcases/bin/ftp_setup_vsftp_conf
    file: /usr/lib/debian-test/tests/linux/testcases/bin/nfs_fsstress.sh
Binary-package: cman (2.20080629-1)
    file: /usr/sbin/fence_egenera
Binary-package: scratchbox2 (1.99.0.24-1)
    file: /usr/share/scratchbox2/scripts/dpkg-checkbuilddeps
    file: /usr/share/scratchbox2/scripts/sb2-check-pkg-mappings
Binary-package: sendmail-base (8.14.3-5)
    file: /usr/sbin/checksendmail
    file: /usr/bin/expn
Binary-package: fwbuilder (2.1.19-3)
    file: /usr/bin/fwb_install
Binary-package: sng (1.0.2-5)
    file: /usr/bin/sng_regress
Binary-package: dist (1:3.5-17-1)
    file: /usr/bin/patcil
    file: /usr/bin/patdiff
Binary-package: sympa (5.3.4-5)
    file: /usr/lib/cgi-bin/sympa/wwsympa.fcgi
    file: /usr/lib/sympa/bin/sympa.pl
Binary-package: postfix (2.5.2-2)
    file: /usr/lib/postfix_groups.pl
Binary-package: caudium (3:1.4.12-11)
    file: /usr/share/caudium/configvar
Binary-package: mgetty-fax (1.1.36-1.2)
    file: /usr/bin/faxspool
Binary-package: aegis (4.24-3)
    file: /usr/share/doc/aegis/examples/remind/bng_dvlpd.sh
    file: /usr/share/doc/aegis/examples/remind/bng_rvwd.sh
    file: /usr/share/doc/aegis/examples/remind/awt_dvlp.sh
    file: /usr/share/doc/aegis/examples/remind/awt_intgrtn.sh
Binary-package: aegis-web (4.24-3)
    file: /usr/lib/cgi-bin/aegis.cgi
Binary-package: digitaldj (0.7.5-6+b1)
    file: /usr/share/digitaldj/fest.pl
Binary-package: mon (0.99.2-12)
    file: /usr/lib/mon/alert.d/test.alert
Binary-package: feta (1.4.16)
    file: /usr/share/feta/plugins/to-upgrade
Binary-package: arb-common (0.0.20071207.1-4)
    file: /usr/lib/arb/SH/arb_fastdnaml
    file: /usr/lib/arb/SH/dszmconnect.pl
Binary-package: qemu (0.9.1-5)
    file: /usr/sbin/qemu-make-debian-root
Binary-package: apertium (3.0.7+1-1+b1)
    file: /usr/bin/apertium-gen-deformat
    file: /usr/bin/apertium-gen-reformat
    file: /usr/bin/apertium
Binary-package: xcal (4.1-18.3)
    file: /usr/bin/pscal
Binary-package: myspell-tools (1:3.1-20)
    file: /usr/bin/i2myspell
Binary-package: gccxml (0.9.0+cvs20080525-1)
    file: /usr/share/gccxml-0.9/MIPSpro/find_flags
Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4)
    file: /usr/share/freeradius-dialupadmin/bin/backup_radacct
    file: /usr/share/freeradius-dialupadmin/bin/clean_radacct
    file: /usr/share/freeradius-dialupadmin/bin/monthly_tot_stats
    file: /usr/share/freeradius-dialupadmin/bin/tot_stats
    file: /usr/share/freeradius-dialupadmin/bin/truncate_radacct
Binary-package: dhis-server (5.3-1)
    file: /usr/lib/dhis-server/dhis-dummy-log-engine
Binary-package: wims (3.62-13)
    file: /var/lib/wims/public_html/bin/coqweb
    file: /var/lib/wims/bin/account.sh
Binary-package: initramfs-tools (0.92f)
    file: /usr/share/initramfs-tools/init
Binary-package: realtimebattle-common (1.0.8-7)
    file: /usr/lib/realtimebattle/Robots/perl.robot
Binary-package: netmrg (0.20-1)
    file: /usr/bin/rrdedit
Binary-package: bulmages-servers (0.11.1-2)
    file: /usr/share/bulmages/examples/scripts/actualizabulmacont
    file: /usr/share/bulmages/examples/scripts/installbulmages-db
    file: /usr/share/bulmages/examples/scripts/creabulmafact
    file: /usr/share/bulmages/examples/scripts/creabulmacont
    file: /usr/share/bulmages/examples/scripts/actualizabulmafact
Binary-package: xastir (1.9.2-1)
    file: /usr/lib/xastir/get-maptools.sh
    file: /usr/lib/xastir/get_shapelib.sh
Binary-package: plait (1.5.2-1)
    file: /usr/bin/plaiter
    file: /usr/bin/plait
Binary-package: cdrw-taper (0.4-2)
    file: /usr/sbin/amlabel-cdrw
Binary-package: konwert-filters (1.8-11.1)
    file: /usr/share/konwert/filters/any-UTF8
Binary-package: gdrae (0.1-1)
    file: /usr/bin/gdrae
Binary-package: lazarus-src (0.9.24-0-9)
    file: /usr/lib/lazarus/tools/install/create_lazarus_export_tgz.sh




Information forwarded to debian-bugs-dist@lists.debian.org, smr@debian.org (Steve M. Robbins):
Bug#496434; Package mgt. Full text and rfc822 format available.

Acknowledgement sent to "Steve M. Robbins" <steve@sumost.ca>:
Extra info received and forwarded to list. Copy sent to smr@debian.org (Steve M. Robbins). Full text and rfc822 format available.

Message #10 received at 496434@bugs.debian.org (full text, mbox):

From: "Steve M. Robbins" <steve@sumost.ca>
To: "Dmitry E. Oboukhov" <dimka@uvw.ru>, 496434@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#496434: The possibility of attack with the help of symlinks in some Debian packages
Date: Sun, 24 Aug 2008 14:37:15 -0500
[Message part 1 (text/plain, inline)]
severity 496434 normal
thanks

On Sun, Aug 24, 2008 at 10:05:28PM +0400, Dmitry E. Oboukhov wrote:

> In some packages I've discovered scripts with errors which may be used
> by a user for damaging important system files or user's files.

> Binary-package: mgt (2.31-5)
>     file: /usr/games/mailgo

You give no indication of the problem lines in the script.  

I guess you are concerned about "cat >/tmp/mailgo$$".  If an attacker
did guess the pid, you will only be able to overwrite any file that
the user of "mailgo" can access.  I'm resetting the priority under the
assumption that no reasonable person runs "mailgo" with a privileged
account.

-Steve

[signature.asc (application/pgp-signature, inline)]

Severity set to `normal' from `grave' Request was from "Steve M. Robbins" <steve@sumost.ca> to control@bugs.debian.org. (Sun, 24 Aug 2008 19:39:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, smr@debian.org (Steve M. Robbins):
Bug#496434; Package mgt. Full text and rfc822 format available.

Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to smr@debian.org (Steve M. Robbins). Full text and rfc822 format available.

Message #17 received at 496434@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 496434@bugs.debian.org
Subject: please fix this for lenny
Date: Mon, 25 Aug 2008 13:38:20 +0200
[Message part 1 (text/plain, inline)]
severity 496434 important
tags 496434 patch security confirmed
thanks

Hi Steve,

While the program is not run as a privileged user, can you still please ensure 
that this issue is fixed in lenny? Smaller-scale attacks are still possible, 
plus, people are all to eager to copy pieces of code around so proliferation 
of bad examples like these is very undesirable.

I'm upgrading it to important as I believe this is something that "really 
should be fixed" before the release. The attached patch should fix it and is 
very non-invasive. Can you upload it?


thanks,
Thijs
[496434.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, smr@debian.org (Steve M. Robbins):
Bug#496434; Package mgt. Full text and rfc822 format available.

Acknowledgement sent to "Steve M. Robbins" <steve@sumost.ca>:
Extra info received and forwarded to list. Copy sent to smr@debian.org (Steve M. Robbins). Full text and rfc822 format available.

Message #22 received at 496434@bugs.debian.org (full text, mbox):

From: "Steve M. Robbins" <steve@sumost.ca>
To: Thijs Kinkhorst <thijs@debian.org>, 496434@bugs.debian.org
Subject: Re: Bug#496434: please fix this for lenny
Date: Mon, 25 Aug 2008 20:34:53 -0500
[Message part 1 (text/plain, inline)]
Hi Thijs,


On Mon, Aug 25, 2008 at 01:38:20PM +0200, Thijs Kinkhorst wrote:

> Hi Steve,
> 
> While the program is not run as a privileged user, can you still please ensure 
> that this issue is fixed in lenny?

You patch is very persuasive.  :-)
I'm preparing the upload now.


> Smaller-scale attacks are still possible, 
> plus, people are all to eager to copy pieces of code around so proliferation 
> of bad examples like these is very undesirable.

I accept your second point.  Could you expand on the first -- what do
you mean by "smaller-scale attack"?

Regards,
-Steve
[signature.asc (application/pgp-signature, inline)]

Reply sent to smr@debian.org (Steve M. Robbins):
You have taken responsibility. Full text and rfc822 format available.

Notification sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #27 received at 496434-close@bugs.debian.org (full text, mbox):

From: smr@debian.org (Steve M. Robbins)
To: 496434-close@bugs.debian.org
Subject: Bug#496434: fixed in mgt 2.31-6
Date: Tue, 26 Aug 2008 02:32:03 +0000
Source: mgt
Source-Version: 2.31-6

We believe that the bug you reported is fixed in the latest version of
mgt, which is due to be installed in the Debian FTP archive:

mgt_2.31-6.diff.gz
  to pool/main/m/mgt/mgt_2.31-6.diff.gz
mgt_2.31-6.dsc
  to pool/main/m/mgt/mgt_2.31-6.dsc
mgt_2.31-6_i386.deb
  to pool/main/m/mgt/mgt_2.31-6_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 496434@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve M. Robbins <smr@debian.org> (supplier of updated mgt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 25 Aug 2008 21:06:47 -0500
Source: mgt
Binary: mgt
Architecture: source i386
Version: 2.31-6
Distribution: unstable
Urgency: low
Maintainer: Steve M. Robbins <smr@debian.org>
Changed-By: Steve M. Robbins <smr@debian.org>
Description: 
 mgt        - a game record display/editor for the oriental game of go
Closes: 496434
Changes: 
 mgt (2.31-6) unstable; urgency=low
 .
   * debian/rules: include patchsys-quilt.mk.
   * debian/control: build-depend on quilt.
 .
   * debian/patches/cdbs-prep.patch: New.  Move the 2007-08-18 changes from
     the diff.gz to here.
 .
   * debian/patches/modernize-code.patch: New.  Move the remaining debian
     diff changes here.
 .
   * debian/patches/manpages.patch: New. Fix bugs in mgt.6 and mailgo.6.
 .
   * debian/patches/secure-tmpfile-creation.patch: New.  Use "mktemp" to
     securely create a temp file.  Thanks to Thijs Kinkhorst for the patch.
     Closes: #496434.
 .
   * debian/control: Set Standards-Version to 3.8.0.0; no changes.
Checksums-Sha1: 
 6cbb31e0564c836d03d1c9603e9776061cf07bbc 923 mgt_2.31-6.dsc
 90f5059e3cefb26b029b900de34f5d03a8d962e5 3934 mgt_2.31-6.diff.gz
 747a5aa90a0eecf4037d5c765d7fcee916ed5682 63138 mgt_2.31-6_i386.deb
Checksums-Sha256: 
 598141ce4f7efaba17026c9fd30fff87674af28a09844506d414ebd20ac1c675 923 mgt_2.31-6.dsc
 6dc0a2627a95380888fbd68cd591406a7db7a47fa27f3badc38290c691df0f9e 3934 mgt_2.31-6.diff.gz
 a9dff99e4089be3202488818029ff51951927c7b2f858a33b5c318babb437a33 63138 mgt_2.31-6_i386.deb
Files: 
 681a1dc345a8dd2d4e9bfa7bf892574e 923 games optional mgt_2.31-6.dsc
 28fcdd8f1c7d58e10e6493c9cac4c2f9 3934 games optional mgt_2.31-6.diff.gz
 07d9afab0c8218ea8572dc4193d17b46 63138 games optional mgt_2.31-6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIs2kj0i2bPSHbMcURAnoDAJ4xj3q69/bwTT1zwjA61m9S7IfRTgCfSoFF
C8q9jR3xTyqQHNwwjVsEw3E=
=PW2B
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, smr@debian.org (Steve M. Robbins):
Bug#496434; Package mgt. Full text and rfc822 format available.

Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to smr@debian.org (Steve M. Robbins). Full text and rfc822 format available.

Message #32 received at 496434@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: "Steve M. Robbins" <steve@sumost.ca>
Cc: 496434@bugs.debian.org
Subject: Re: Bug#496434: please fix this for lenny
Date: Tue, 26 Aug 2008 12:15:54 +0200
[Message part 1 (text/plain, inline)]
On Tuesday 26 August 2008 03:34, Steve M. Robbins wrote:
> > Smaller-scale attacks are still possible,
> > plus, people are all to eager to copy pieces of code around so
> > proliferation of bad examples like these is very undesirable.
>
> I accept your second point.  Could you expand on the first -- what do
> you mean by "smaller-scale attack"?

You can still trash the files owned by the user running the program, so it 
probably won't bring the system down but it does allow for vandalism. As 
said, that's considerably smaller scale but undesirable, still.


cheers,
Thijs
[Message part 2 (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 04 Oct 2008 07:28:18 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 19:54:39 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.