Debian Bug report logs - #572417
tdiary: CVE-2010-0726 code injection vulnerability

version graph

Package: tdiary; Maintainer for tdiary is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>; Source for tdiary is src:tdiary.

Reported by: Michael Gilbert <michael.s.gilbert@gmail.com>

Date: Thu, 4 Mar 2010 02:45:02 UTC

Severity: serious

Tags: patch, security

Merged with 572329

Found in version tdiary/2.2.1-1

Fixed in versions tdiary/2.2.1-1.1, tdiary/2.2.1-1+lenny1

Done: Steffen Joeris <white@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Daigo Moriwaki <daigo@debian.org>:
Bug#572417; Package tdiary. (Thu, 04 Mar 2010 02:45:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to Daigo Moriwaki <daigo@debian.org>. (Thu, 04 Mar 2010 02:45:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: submit@bugs.debian.org
Subject: tdiary: CVE-2010-0726 code injection vulnerability
Date: Wed, 3 Mar 2010 21:45:42 -0500
Package: tdiary
Version: 2.2.1-1
Severity: serious
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for tdiary.

CVE-2010-0726[0]:
| Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack
| transmission) plugin in tDiary 2.2.2 and earlier allows remote
| attackers to inject arbitrary web script or HTML via unknown vectors,
| possibly related to the (1) plugin_tb_url and (2) plugin_tb_excerpt
| parameters.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0726
    http://security-tracker.debian.org/tracker/CVE-2010-0726




Merged 572329 572417. Request was from Hideki Yamane <henrich@debian.or.jp> to control@bugs.debian.org. (Thu, 04 Mar 2010 14:24:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Daigo Moriwaki <daigo@debian.org>:
Bug#572417; Package tdiary. (Sun, 07 Mar 2010 08:12:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Extra info received and forwarded to list. Copy sent to Daigo Moriwaki <daigo@debian.org>. (Sun, 07 Mar 2010 08:12:03 GMT) Full text and rfc822 format available.

Message #12 received at 572417@bugs.debian.org (full text, mbox):

From: Steffen Joeris <steffen.joeris@skolelinux.de>
To: 572417@bugs.debian.org, "Hideki Yamane \(Debian-JP\)" <henrich@debian.or.jp>
Subject: tidary XSS
Date: Sun, 7 Mar 2010 19:10:12 +1100
[Message part 1 (text/plain, inline)]
Hi Hideki

Indeed this should be fixed via a DSA and for unstable as well.
I am still having slight problems understanding the XSS issue here.
Apparently, to_native() is converting it to another encoding, but shouldn't it 
do some escaping of certain characters to avoid having the usual html 
characters in there?
I also don't understand the text on tdiary.org, since it is in Japanese, could 
you maybe provide a translation?
I'm sure that I'm just missing something here, so once I understand it better, 
we can just proceed with DSA/NMU.

Cheers
Steffen
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Daigo Moriwaki <daigo@debian.org>:
Bug#572417; Package tdiary. (Sun, 07 Mar 2010 09:24:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Hideki Yamane <henrich@debian.or.jp>:
Extra info received and forwarded to list. Copy sent to Daigo Moriwaki <daigo@debian.org>. (Sun, 07 Mar 2010 09:24:03 GMT) Full text and rfc822 format available.

Message #17 received at 572417@bugs.debian.org (full text, mbox):

From: Hideki Yamane <henrich@debian.or.jp>
To: Steffen Joeris <steffen.joeris@skolelinux.de>
Cc: 572417@bugs.debian.org
Subject: Re: tidary XSS
Date: Sun, 7 Mar 2010 18:22:47 +0900
[Message part 1 (text/plain, inline)]
Hi Steffen,

On Sun, 7 Mar 2010 19:10:12 +1100
Steffen Joeris <steffen.joeris@skolelinux.de> wrote:
> Apparently, to_native() is converting it to another encoding, but shouldn't it 
> do some escaping of certain characters to avoid having the usual html 
> characters in there?

 I'm not sure that, I'll ask upstream author.
 IE has a strange behavior with auto-encoding pages without charset, it probably
 relates that.


> I also don't understand the text on tdiary.org, since it is in Japanese, could 
> you maybe provide a translation?

* Overview
 XSS vulnerability was found in tDiary, a communication-friendly weblog system.
 We think it is rare case but please deal with that as soon as possible if you  
 are using such system.

 - This problem affects 
  * tDiary 2.2.2 or earlier (full set and plugins)
 
    And, if you meet _all_ condition below
  * tb-send.rb plugin is enabled
  * using Microsoft Internet Explorer 7 (IE7)
  * update diary via malicious crafted URL

 We confirmed this problem with update blog by using IE7 (maybe Old Internet 
 Explorer as well but we don't check with that) and it is not showed with Firefox, 
 Opera and Safari.

 And it exists with tDiary 2.2, not 2.3. 


* Impact
 An arbitrary script may be executed on some web browsers when blog owner 
 accesses blog update page via special crafted URL or web site by malicious 
 third-parties. 

 It does not affect people who browse blog since this vulnerability exists in 
 its update page only, and is accessible with administrator of that blog. 
 However, there's a danger publish malicious page by exploiting this vulnerability. 


* Solutions
 - disable tb-send.rb plugin
 - update product to 2.2.3


* Thanks to
 Project VEX of UBsecure, Inc.

-- 
Regards,

 Hideki Yamane     henrich @ debian.or.jp/iijmio-mail.jp
 http://wiki.debian.org/HidekiYamane
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Daigo Moriwaki <daigo@debian.org>:
Bug#572417; Package tdiary. (Sun, 07 Mar 2010 10:51:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Extra info received and forwarded to list. Copy sent to Daigo Moriwaki <daigo@debian.org>. (Sun, 07 Mar 2010 10:51:04 GMT) Full text and rfc822 format available.

Message #22 received at 572417@bugs.debian.org (full text, mbox):

From: Steffen Joeris <steffen.joeris@skolelinux.de>
To: Hideki Yamane <henrich@debian.or.jp>
Cc: 572417@bugs.debian.org
Subject: Re: tidary XSS
Date: Sun, 7 Mar 2010 21:47:53 +1100
Hi Hideki

Thanks for the information. Have you been able to reproduce the problem with 
IE and checked the patch?

Cheers
Steffen

> On Sun, 7 Mar 2010 19:10:12 +1100
> 
> Steffen Joeris <steffen.joeris@skolelinux.de> wrote:
> > Apparently, to_native() is converting it to another encoding, but
> > shouldn't it do some escaping of certain characters to avoid having the
> > usual html characters in there?
> 
>  I'm not sure that, I'll ask upstream author.
>  IE has a strange behavior with auto-encoding pages without charset, it
>  probably relates that.
> 
> > I also don't understand the text on tdiary.org, since it is in Japanese,
> > could you maybe provide a translation?
> 
> * Overview
>  XSS vulnerability was found in tDiary, a communication-friendly weblog
>  system. We think it is rare case but please deal with that as soon as
>  possible if you are using such system.
> 
>  - This problem affects
>   * tDiary 2.2.2 or earlier (full set and plugins)
> 
>     And, if you meet _all_ condition below
>   * tb-send.rb plugin is enabled
>   * using Microsoft Internet Explorer 7 (IE7)
>   * update diary via malicious crafted URL
> 
>  We confirmed this problem with update blog by using IE7 (maybe Old
>  Internet Explorer as well but we don't check with that) and it is not
>  showed with Firefox, Opera and Safari.
> 
>  And it exists with tDiary 2.2, not 2.3.
> 
> 
> * Impact
>  An arbitrary script may be executed on some web browsers when blog owner
>  accesses blog update page via special crafted URL or web site by malicious
>  third-parties.
> 
>  It does not affect people who browse blog since this vulnerability exists
>  in its update page only, and is accessible with administrator of that
>  blog. However, there's a danger publish malicious page by exploiting this
>  vulnerability.
> 
> 
> * Solutions
>  - disable tb-send.rb plugin
>  - update product to 2.2.3
> 
> 
> * Thanks to
>  Project VEX of UBsecure, Inc.
> 




Information forwarded to debian-bugs-dist@lists.debian.org, Daigo Moriwaki <daigo@debian.org>:
Bug#572417; Package tdiary. (Sun, 07 Mar 2010 16:06:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Hideki Yamane <henrich@debian.or.jp>:
Extra info received and forwarded to list. Copy sent to Daigo Moriwaki <daigo@debian.org>. (Sun, 07 Mar 2010 16:06:10 GMT) Full text and rfc822 format available.

Message #27 received at 572417@bugs.debian.org (full text, mbox):

From: Hideki Yamane <henrich@debian.or.jp>
To: Steffen Joeris <steffen.joeris@skolelinux.de>
Cc: 572417@bugs.debian.org
Subject: Re: tdiary XSS
Date: Mon, 8 Mar 2010 01:01:39 +0900
[Message part 1 (text/plain, inline)]
Hi Steffen,

On Sun, 7 Mar 2010 21:47:53 +1100
Steffen Joeris <steffen.joeris@skolelinux.de> wrote:
> Thanks for the information. Have you been able to reproduce the problem with 
> IE and checked the patch?

 with IE6 and IE8, I cannot reproduce its problem.
 I'll test IE7 tomorrow.

 BTW, I get reply from usptream author for exploitable URI.
 Where should I send that, to Steffen or someone else?


-- 
Regards,

 Hideki Yamane     henrich @ debian.or.jp/iijmio-mail.jp
 http://wiki.debian.org/HidekiYamane
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Daigo Moriwaki <daigo@debian.org>:
Bug#572417; Package tdiary. (Mon, 08 Mar 2010 04:03:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Extra info received and forwarded to list. Copy sent to Daigo Moriwaki <daigo@debian.org>. (Mon, 08 Mar 2010 04:03:03 GMT) Full text and rfc822 format available.

Message #32 received at 572417@bugs.debian.org (full text, mbox):

From: Steffen Joeris <steffen.joeris@skolelinux.de>
To: Hideki Yamane <henrich@debian.or.jp>
Cc: 572417@bugs.debian.org
Subject: Re: tdiary XSS
Date: Mon, 8 Mar 2010 15:00:25 +1100
On Mon, 8 Mar 2010 03:01:39 am Hideki Yamane wrote:
> Hi Steffen,
> 
> On Sun, 7 Mar 2010 21:47:53 +1100
> 
> Steffen Joeris <steffen.joeris@skolelinux.de> wrote:
> > Thanks for the information. Have you been able to reproduce the problem
> > with IE and checked the patch?
> 
>  with IE6 and IE8, I cannot reproduce its problem.
>  I'll test IE7 tomorrow.
Ok, because it would be good if you could reproduce the issue and then test 
whether the patch really fixes it for you.

>  BTW, I get reply from usptream author for exploitable URI.
>  Where should I send that, to Steffen or someone else?
Please send it to me in private.

Cheers
Steffen




Information forwarded to debian-bugs-dist@lists.debian.org, Daigo Moriwaki <daigo@debian.org>:
Bug#572417; Package tdiary. (Mon, 08 Mar 2010 07:51:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Hideki Yamane <henrich@debian.or.jp>:
Extra info received and forwarded to list. Copy sent to Daigo Moriwaki <daigo@debian.org>. (Mon, 08 Mar 2010 07:51:04 GMT) Full text and rfc822 format available.

Message #37 received at 572417@bugs.debian.org (full text, mbox):

From: Hideki Yamane <henrich@debian.or.jp>
To: Steffen Joeris <steffen.joeris@skolelinux.de>
Cc: 572417@bugs.debian.org
Subject: Re: tdiary XSS
Date: Mon, 8 Mar 2010 16:49:43 +0900
[Message part 1 (text/plain, inline)]
Hi Steffen,

On Sun, 7 Mar 2010 21:47:53 +1100
Steffen Joeris <steffen.joeris@skolelinux.de> wrote:
> Thanks for the information. Have you been able to reproduce the problem with 
> IE and checked the patch?

 Yes, I got answer from tDiry upstream author, TADA Tadashi and I confirmed 
 problem with IE7, can reproduce it (and patched one prevents XSS). 
 However, IE6 and IE8 seem to be not vulnerable.
 
 Should I report exploit as well? If so, security@d.o is suitable for that?


-- 
Regards,

 Hideki Yamane     henrich @ debian.or.jp/iijmio-mail.jp
 http://wiki.debian.org/HidekiYamane
[Message part 2 (application/pgp-signature, inline)]

Reply sent to Steffen Joeris <white@debian.org>:
You have taken responsibility. (Tue, 09 Mar 2010 10:45:06 GMT) Full text and rfc822 format available.

Notification sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Tue, 09 Mar 2010 10:45:07 GMT) Full text and rfc822 format available.

Message #42 received at 572417-close@bugs.debian.org (full text, mbox):

From: Steffen Joeris <white@debian.org>
To: 572417-close@bugs.debian.org
Subject: Bug#572417: fixed in tdiary 2.2.1-1.1
Date: Tue, 09 Mar 2010 10:43:29 +0000
Source: tdiary
Source-Version: 2.2.1-1.1

We believe that the bug you reported is fixed in the latest version of
tdiary, which is due to be installed in the Debian FTP archive:

tdiary-contrib_2.2.1-1.1_all.deb
  to main/t/tdiary/tdiary-contrib_2.2.1-1.1_all.deb
tdiary-mode_2.2.1-1.1_all.deb
  to main/t/tdiary/tdiary-mode_2.2.1-1.1_all.deb
tdiary-plugin_2.2.1-1.1_all.deb
  to main/t/tdiary/tdiary-plugin_2.2.1-1.1_all.deb
tdiary-theme_2.2.1-1.1_all.deb
  to main/t/tdiary/tdiary-theme_2.2.1-1.1_all.deb
tdiary_2.2.1-1.1.diff.gz
  to main/t/tdiary/tdiary_2.2.1-1.1.diff.gz
tdiary_2.2.1-1.1.dsc
  to main/t/tdiary/tdiary_2.2.1-1.1.dsc
tdiary_2.2.1-1.1_all.deb
  to main/t/tdiary/tdiary_2.2.1-1.1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 572417@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steffen Joeris <white@debian.org> (supplier of updated tdiary package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 09 Mar 2010 18:54:19 +1100
Source: tdiary
Binary: tdiary tdiary-theme tdiary-plugin tdiary-mode tdiary-contrib
Architecture: source all
Version: 2.2.1-1.1
Distribution: unstable
Urgency: high
Maintainer: Daigo Moriwaki <daigo@debian.org>
Changed-By: Steffen Joeris <white@debian.org>
Description: 
 tdiary     - a communication-friendly weblog system
 tdiary-contrib - Plugins of tDiary to add functionalities
 tdiary-mode - tDiary editing mode for Emacsen
 tdiary-plugin - Plugins of tDiary to add functionalities
 tdiary-theme - Themes of tDiary to change the design
Closes: 572417
Changes: 
 tdiary (2.2.1-1.1) unstable; urgency=high
 .
   * Non-maintainer upload by the security team
   * Fix XSS issue in tb-send.rb (Closes: #572417)
     Fixes: CVE-2010-0726
     Thanks to Hideki Yamane
Checksums-Sha1: 
 0fe8572de7a343f27ff684881e1a614f94c07d03 1063 tdiary_2.2.1-1.1.dsc
 c6b110e799945d32382a0cf9aa7a468b764ac869 28836 tdiary_2.2.1-1.1.diff.gz
 3fda506f11c8a75bbb121d8e029e7f9e96efb474 201712 tdiary_2.2.1-1.1_all.deb
 175a253320d3b5b461adfa4b59a866524c7c4082 3671572 tdiary-theme_2.2.1-1.1_all.deb
 db100491781b4a7b8a9556a1af15735507335ac7 270074 tdiary-plugin_2.2.1-1.1_all.deb
 86f66b574a7a5364e82d4cda97f06870fd51ecb7 36904 tdiary-mode_2.2.1-1.1_all.deb
 51e4faf0bdc37ae1cb9c82e6994fba431ccad1f7 209252 tdiary-contrib_2.2.1-1.1_all.deb
Checksums-Sha256: 
 cc302c8e69ac85220c212a7bfb0d9f75ef4ab91ad838c08bf9f6a37dc09645f2 1063 tdiary_2.2.1-1.1.dsc
 c2a537bd005743d6324d8904cae8adafa1f692b943786765667c79dfd8f43af6 28836 tdiary_2.2.1-1.1.diff.gz
 034e681cc4d58b0e86af9f0afa375d13c2bf55bf73a75ede1784fb67e7811054 201712 tdiary_2.2.1-1.1_all.deb
 e0b0e0182411cbbc55d5051af30a9d668ab8c0f07a3fbd96b3fe3d286364a99d 3671572 tdiary-theme_2.2.1-1.1_all.deb
 7989219d059b8d100a1961e1dc4d0afbad75fcf0d7e3221b8e278419ec49566e 270074 tdiary-plugin_2.2.1-1.1_all.deb
 3ecde24bd4d0f0e10fc9115599da2ceb9cb2754d500d6eee22450c4a566b2f18 36904 tdiary-mode_2.2.1-1.1_all.deb
 2fe2a24c1eabd1cf9e1e6654d0bb0bba2afa4dcb8fa09df374542ba89f90f744 209252 tdiary-contrib_2.2.1-1.1_all.deb
Files: 
 bd63579483d6206a9b5db8a059be2cc3 1063 web optional tdiary_2.2.1-1.1.dsc
 25d81b1be26bf4840ec5f22134e19dc3 28836 web optional tdiary_2.2.1-1.1.diff.gz
 bd9a7852d0dd843e5bb577824fe4c817 201712 web optional tdiary_2.2.1-1.1_all.deb
 a5f31190766e3008b4574ef2b04d8dc4 3671572 web optional tdiary-theme_2.2.1-1.1_all.deb
 f315a9a0c5896be76e81b06c90ad6708 270074 web optional tdiary-plugin_2.2.1-1.1_all.deb
 9aa4f71d05730793b378f41e20a94f70 36904 web optional tdiary-mode_2.2.1-1.1_all.deb
 b295182815de1eee0586006f94f78dec 209252 web optional tdiary-contrib_2.2.1-1.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkuWG+MACgkQ62zWxYk/rQcF7gCffMkTUYombFEeKRTjMGjeELm4
1wcAnjr02pA/1D/SMAV0ZHTEyX/fzfVL
=4In4
-----END PGP SIGNATURE-----





Reply sent to Steffen Joeris <white@debian.org>:
You have taken responsibility. (Tue, 09 Mar 2010 10:45:08 GMT) Full text and rfc822 format available.

Notification sent to "Hideki Yamane \(Debian-JP\)" <henrich@debian.or.jp>:
Bug acknowledged by developer. (Tue, 09 Mar 2010 10:45:08 GMT) Full text and rfc822 format available.

Reply sent to Steffen Joeris <white@debian.org>:
You have taken responsibility. (Wed, 10 Mar 2010 01:54:04 GMT) Full text and rfc822 format available.

Notification sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Wed, 10 Mar 2010 01:54:04 GMT) Full text and rfc822 format available.

Message #52 received at 572417-close@bugs.debian.org (full text, mbox):

From: Steffen Joeris <white@debian.org>
To: 572417-close@bugs.debian.org
Subject: Bug#572417: fixed in tdiary 2.2.1-1+lenny1
Date: Wed, 10 Mar 2010 01:52:41 +0000
Source: tdiary
Source-Version: 2.2.1-1+lenny1

We believe that the bug you reported is fixed in the latest version of
tdiary, which is due to be installed in the Debian FTP archive:

tdiary-contrib_2.2.1-1+lenny1_all.deb
  to main/t/tdiary/tdiary-contrib_2.2.1-1+lenny1_all.deb
tdiary-mode_2.2.1-1+lenny1_all.deb
  to main/t/tdiary/tdiary-mode_2.2.1-1+lenny1_all.deb
tdiary-plugin_2.2.1-1+lenny1_all.deb
  to main/t/tdiary/tdiary-plugin_2.2.1-1+lenny1_all.deb
tdiary-theme_2.2.1-1+lenny1_all.deb
  to main/t/tdiary/tdiary-theme_2.2.1-1+lenny1_all.deb
tdiary_2.2.1-1+lenny1.diff.gz
  to main/t/tdiary/tdiary_2.2.1-1+lenny1.diff.gz
tdiary_2.2.1-1+lenny1.dsc
  to main/t/tdiary/tdiary_2.2.1-1+lenny1.dsc
tdiary_2.2.1-1+lenny1_all.deb
  to main/t/tdiary/tdiary_2.2.1-1+lenny1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 572417@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steffen Joeris <white@debian.org> (supplier of updated tdiary package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 09 Mar 2010 18:54:19 +1100
Source: tdiary
Binary: tdiary tdiary-theme tdiary-plugin tdiary-mode tdiary-contrib
Architecture: source all
Version: 2.2.1-1+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Daigo Moriwaki <daigo@debian.org>
Changed-By: Steffen Joeris <white@debian.org>
Description: 
 tdiary     - a communication-friendly weblog system
 tdiary-contrib - Plugins of tDiary to add functionalities
 tdiary-mode - tDiary editing mode for Emacsen
 tdiary-plugin - Plugins of tDiary to add functionalities
 tdiary-theme - Themes of tDiary to change the design
Closes: 572417
Changes: 
 tdiary (2.2.1-1+lenny1) stable-security; urgency=high
 .
   * Non-maintainer upload by the security team
   * Fix XSS issue in tb-send.rb (Closes: #572417)
     Fixes: CVE-2010-0726
     Thanks to Hideki Yamane
Checksums-Sha1: 
 68796d22fab92b0b656b4e3eb9721890da900b01 1083 tdiary_2.2.1-1+lenny1.dsc
 cdd6d062dc5d9e4ed5eb512864e73052063c017c 4207143 tdiary_2.2.1.orig.tar.gz
 ec36a3977f8cad1547e1ab29a79f9e22a697fd9f 28848 tdiary_2.2.1-1+lenny1.diff.gz
 f45a409b5071808bac5bd923997a4d1e17efd2cc 201722 tdiary_2.2.1-1+lenny1_all.deb
 b078de97b10b61925639d35bb85fae9cd4bae555 3671582 tdiary-theme_2.2.1-1+lenny1_all.deb
 c747010dda526291b520686faf0667b8fee3a5c7 270084 tdiary-plugin_2.2.1-1+lenny1_all.deb
 64614f069bdfdb4bb181284f825e9e0735327f19 36916 tdiary-mode_2.2.1-1+lenny1_all.deb
 901a1b0f0522c1b6d4c85f3df780ff455256332a 209268 tdiary-contrib_2.2.1-1+lenny1_all.deb
Checksums-Sha256: 
 20adca00c4a42c454db08ef27a1b8395a13e3ec65260fe2f513def524aa1f1a9 1083 tdiary_2.2.1-1+lenny1.dsc
 897a593b0323d85e1bfa4bff6309d5e700e6203db0bf3bb4d8957888b7256bb2 4207143 tdiary_2.2.1.orig.tar.gz
 3e8ed68a0c939f2674401d7d77cf528654595b6fc4dd9be0aea6f93e957f3f3d 28848 tdiary_2.2.1-1+lenny1.diff.gz
 2cd2b50dbf8350d53e7e242572bb3c62e8b5685770eef99e59cf79f59076bcba 201722 tdiary_2.2.1-1+lenny1_all.deb
 ab6d46f9ca5d52596bba26423674bfe68e59a1fa4f505c53aba3854b47be0dd1 3671582 tdiary-theme_2.2.1-1+lenny1_all.deb
 8c5d2a3bedd95ee90bbb5261ab0fe5a3fd6748e701857cc8f5df98a0e18dd7b8 270084 tdiary-plugin_2.2.1-1+lenny1_all.deb
 34df1285f2b82af82092f06269aac0c9211817288aece3ec1b152bf1dd9acec8 36916 tdiary-mode_2.2.1-1+lenny1_all.deb
 390277094cf8ffdef7c09aad473cb21072bc84e7c1afeec553d7a0f64aa8eefb 209268 tdiary-contrib_2.2.1-1+lenny1_all.deb
Files: 
 3256337487cc7177ac6a20a5815c2e5e 1083 web optional tdiary_2.2.1-1+lenny1.dsc
 41bd634fc4a8a6ffe93f70d33c826865 4207143 web optional tdiary_2.2.1.orig.tar.gz
 47109a3e807f5595fb580a3eed3ce2a6 28848 web optional tdiary_2.2.1-1+lenny1.diff.gz
 cf6df3658938bc5df5839f29cd51d34e 201722 web optional tdiary_2.2.1-1+lenny1_all.deb
 e23890cfcdbd50cf8edd68dea769f8ec 3671582 web optional tdiary-theme_2.2.1-1+lenny1_all.deb
 c27fa1b2a89f4bc7edb08332aa0270ab 270084 web optional tdiary-plugin_2.2.1-1+lenny1_all.deb
 9fee97c0332c554040f646660c22b54d 36916 web optional tdiary-mode_2.2.1-1+lenny1_all.deb
 4425e9c291d09015b1d89eba2d345155 209268 web optional tdiary-contrib_2.2.1-1+lenny1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkuWBTkACgkQ62zWxYk/rQevKwCeLfl0Ez9CkfQUaCMKh6a+Qppd
gosAn347uYI1dupxPFTaWD/g/GqcukPV
=41jh
-----END PGP SIGNATURE-----





Reply sent to Steffen Joeris <white@debian.org>:
You have taken responsibility. (Wed, 10 Mar 2010 01:54:05 GMT) Full text and rfc822 format available.

Notification sent to "Hideki Yamane \(Debian-JP\)" <henrich@debian.or.jp>:
Bug acknowledged by developer. (Wed, 10 Mar 2010 01:54:05 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 27 Jun 2010 07:33:24 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 16:10:40 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.