Debian Bug report logs - #607781
pcsc-lite: buffer overflow

version graph

Package: pcsc-lite; Maintainer for pcsc-lite is Ludovic Rousseau <rousseau@debian.org>;

Reported by: Michael Gilbert <michael.s.gilbert@gmail.com>

Date: Wed, 22 Dec 2010 04:12:05 UTC

Severity: important

Tags: fixed-upstream, security

Found in versions 1.4.102-1+lenny3, 1.4.102-1

Fixed in versions pcsc-lite/1.5.5-4, pcsc-lite/1.4.102-1+lenny4

Done: Steve Kemp <skx@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Ludovic Rousseau <rousseau@debian.org>:
Bug#607781; Package pcsc-lite. (Wed, 22 Dec 2010 04:12:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to Ludovic Rousseau <rousseau@debian.org>. (Wed, 22 Dec 2010 04:12:08 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: submit@bugs.debian.org
Subject: pcsc-lite: buffer overflow
Date: Tue, 21 Dec 2010 18:10:06 -0500
package: pcsc-lite
version: 1.4.102-1+lenny3
severity: serious
tags: security

an advisory has been issued for pcsc-lite:
http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf

i have checked that the vulnerable code is present in both lenny and
sid.

mike




Bug Marked as found in versions 1.4.102-1. Request was from Michael Gilbert <michael.s.gilbert@gmail.com> to control@bugs.debian.org. (Wed, 22 Dec 2010 15:09:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Ludovic Rousseau <rousseau@debian.org>:
Bug#607781; Package pcsc-lite. (Wed, 22 Dec 2010 18:12:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to 607781@bugs.debian.org:
Extra info received and forwarded to list. Copy sent to Ludovic Rousseau <rousseau@debian.org>. (Wed, 22 Dec 2010 18:12:05 GMT) Full text and rfc822 format available.

Message #12 received at 607781@bugs.debian.org (full text, mbox):

From: Ludovic Rousseau <ludovic.rousseau@gmail.com>
To: Michael Gilbert <michael.s.gilbert@gmail.com>, 607781@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#607781: pcsc-lite: buffer overflow
Date: Wed, 22 Dec 2010 19:00:55 +0100
severity 607781 important
tags 607781 fixed-upstream
thank

Le 22/12/2010 00:10, Michael Gilbert a écrit :
> package: pcsc-lite
> version: 1.4.102-1+lenny3
> severity: serious
> tags: security
>
> an advisory has been issued for pcsc-lite:
> http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf
>
> i have checked that the vulnerable code is present in both lenny and
> sid.

The problem has been fixed upstream in version pcsc-lite 1.6.5.
pcsc-lite 1.6.6 is available in experimental ans will be uploaded to sid 
after squeeze is out.

The attacker needs to have a physical access to the computer and a 
specially crafter smart card. I don't plan to fix the problem in squeeze 
(so lowering the severity).

Thanks

-- 
 Ludovic




Severity set to 'important' from 'serious' Request was from Ludovic Rousseau <ludovic.rousseau@gmail.com> to control@bugs.debian.org. (Wed, 22 Dec 2010 18:12:06 GMT) Full text and rfc822 format available.

Added tag(s) fixed-upstream. Request was from Ludovic Rousseau <ludovic.rousseau@gmail.com> to control@bugs.debian.org. (Wed, 22 Dec 2010 18:12:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Ludovic Rousseau <rousseau@debian.org>:
Bug#607781; Package pcsc-lite. (Wed, 22 Dec 2010 19:45:14 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ludovic Rousseau <ludovic.rousseau@gmail.com>:
Extra info received and forwarded to list. Copy sent to Ludovic Rousseau <rousseau@debian.org>. (Wed, 22 Dec 2010 19:45:14 GMT) Full text and rfc822 format available.

Message #21 received at 607781@bugs.debian.org (full text, mbox):

From: Ludovic Rousseau <ludovic.rousseau@gmail.com>
To: Michael Gilbert <michael.s.gilbert@gmail.com>, 607781@bugs.debian.org
Subject: Re: Bug#607781: pcsc-lite: buffer overflow
Date: Wed, 22 Dec 2010 20:42:44 +0100
Le 22/12/2010 00:10, Michael Gilbert a écrit :
> an advisory has been issued for pcsc-lite:
> http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf

CVE request
http://www.openwall.com/lists/oss-security/2010/12/22/7

Date: Wed, 22 Dec 2010 13:55:08 +0100
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
CC: oss-security <oss-security@...ts.openwall.com>,
        Robert Relyea <rrelyea@...hat.com>
Subject: CVE Request -- 1, ccid -- int.overflow leading to array index error
 2, pcsc-lite stack-based buffer overflow in ATR decoder [was:
 CVE request: opensc buffer overflow ]

Hello Josh, Steve, vendors,

   Rafael Dominguez Vega of MWR InfoSecurity reported two more flaws 
related with smart cards:

   II), pcsc-lite: Stack-based buffer overflow in Answer-to-Reset (ATR) 
decoder

   Description:
   A stack-based buffer overflow flaw was found in the way
   PC/SC Lite smart card framework decoded certain attribute
   values of the Answer-to-Reset (ATR) message, received back
   from the card after connecting. A local attacker could
   use this flaw to execute arbitrary code with the privileges
   of the user running the pcscd daemon, via a malicious smart
   card inserted to the system USB port.

   References:
   [1] 
http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf
   [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607781
   [3] http://www.vupen.com/english/advisories/2010/3264
   [4] https://bugzilla.redhat.com/show_bug.cgi?id=664999

   Upstream changeset:
   [5] 
http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html

Could you allocate CVE ids for these two too?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team


-- 
 Dr. Ludovic Rousseau




Information forwarded to debian-bugs-dist@lists.debian.org, Ludovic Rousseau <rousseau@debian.org>:
Bug#607781; Package pcsc-lite. (Thu, 23 Dec 2010 17:18:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Ludovic Rousseau <rousseau@debian.org>. (Thu, 23 Dec 2010 17:18:05 GMT) Full text and rfc822 format available.

Message #26 received at 607781@bugs.debian.org (full text, mbox):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: 607780@bugs.debian.org, 607781@bugs.debian.org
Subject: Re: Bug#607780: ccid: buffer overflow
Date: Thu, 23 Dec 2010 12:14:15 -0500
On Wed, 22 Dec 2010 18:51:33 +0100, Ludovic Rousseau wrote:
> To trigger the bug the attacker needs to connect a serial reader to the 
> host. And then needs to have a physical access to the computer.
> 
> To enable the serial reader the attacker needs to edit the file 
> /etc/reader.conf and configure the use of the connected serial reader. 
> So the attacker must have root access to trigger the buffer overflow.

An administrator making use of a serial card reader is likely to have
done this prior to the attacker having access to the reader.

> I downgrade the severity to important. I don't think I will fix the bug 
> for squeeze.

I don't want to blow things out of proportion, but these bugs
completely violate the security model that is intended by card readers.
So even though the exploit is difficult and requires local access, it is
a real issue and really needs to be fixed.

I don't want to play bts ping pong, but this really should be fixed for
squeeze (making it RC).  I suggest re-raising severity, and I will apply
the patches myself (since they're rather modest) if you aren't willing
to do so yourself. I'll also do an SPU for lenny.

Best wishes,
Mike




Information forwarded to debian-bugs-dist@lists.debian.org, Ludovic Rousseau <rousseau@debian.org>:
Bug#607781; Package pcsc-lite. (Fri, 24 Dec 2010 10:06:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to 607781@bugs.debian.org:
Extra info received and forwarded to list. Copy sent to Ludovic Rousseau <rousseau@debian.org>. (Fri, 24 Dec 2010 10:06:03 GMT) Full text and rfc822 format available.

Message #31 received at 607781@bugs.debian.org (full text, mbox):

From: Ludovic Rousseau <ludovic.rousseau@gmail.com>
To: 607781@bugs.debian.org, Michael Gilbert <michael.s.gilbert@gmail.com>
Subject: Re: Bug#607781: pcsc-lite: buffer overflow
Date: Fri, 24 Dec 2010 11:06:02 +0100
Le 22/12/2010 19:00, Ludovic Rousseau a écrit :
> Le 22/12/2010 00:10, Michael Gilbert a écrit :
>> package: pcsc-lite
>> version: 1.4.102-1+lenny3
>> severity: serious
>> tags: security
>>
>> an advisory has been issued for pcsc-lite:
>> http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf
>>
>>
>> i have checked that the vulnerable code is present in both lenny and
>> sid.
>
> The problem has been fixed upstream in version pcsc-lite 1.6.5.
> pcsc-lite 1.6.6 is available in experimental ans will be uploaded to sid
> after squeeze is out.
>
> The attacker needs to have a physical access to the computer and a
> specially crafter smart card. I don't plan to fix the problem in squeeze
> (so lowering the severity).

Michael, go for the RC severity and NMU. I can't do the upload now myself.

The upstream corrective patche is in SVN revision 5370.

http://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2010-November/004923.html

Thanks

-- 
 Dr. Ludovic Rousseau




Information forwarded to debian-bugs-dist@lists.debian.org, Ludovic Rousseau <rousseau@debian.org>:
Bug#607781; Package pcsc-lite. (Wed, 19 Jan 2011 16:39:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to 607781@bugs.debian.org:
Extra info received and forwarded to list. Copy sent to Ludovic Rousseau <rousseau@debian.org>. (Wed, 19 Jan 2011 16:39:03 GMT) Full text and rfc822 format available.

Message #36 received at 607781@bugs.debian.org (full text, mbox):

From: Ludovic Rousseau <ludovic.rousseau@gmail.com>
To: 607781@bugs.debian.org
Cc: Michael Gilbert <michael.s.gilbert@gmail.com>
Subject: Re: Bug#607781: pcsc-lite: buffer overflow
Date: Wed, 19 Jan 2011 17:35:24 +0100
Le 22/12/10 20:42, Ludovic Rousseau a écrit :
> Le 22/12/2010 00:10, Michael Gilbert a écrit :
>> an advisory has been issued for pcsc-lite:
>> http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf
>>
>
> CVE request
> http://www.openwall.com/lists/oss-security/2010/12/22/7

This security issue got number CVE-2010-4531

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4531

I will try to provide an update for pcsc-lite 1.4.102-1+lenny3 present 
in lenny/stable.

-- 
 Dr. Ludovic Rousseau




Reply sent to Ludovic Rousseau <rousseau@debian.org>:
You have taken responsibility. (Sat, 22 Jan 2011 11:21:15 GMT) Full text and rfc822 format available.

Notification sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Sat, 22 Jan 2011 11:21:15 GMT) Full text and rfc822 format available.

Message #41 received at 607781-close@bugs.debian.org (full text, mbox):

From: Ludovic Rousseau <rousseau@debian.org>
To: 607781-close@bugs.debian.org
Subject: Bug#607781: fixed in pcsc-lite 1.5.5-4
Date: Sat, 22 Jan 2011 11:17:15 +0000
Source: pcsc-lite
Source-Version: 1.5.5-4

We believe that the bug you reported is fixed in the latest version of
pcsc-lite, which is due to be installed in the Debian FTP archive:

libpcsclite-dev_1.5.5-4_amd64.deb
  to main/p/pcsc-lite/libpcsclite-dev_1.5.5-4_amd64.deb
libpcsclite1_1.5.5-4_amd64.deb
  to main/p/pcsc-lite/libpcsclite1_1.5.5-4_amd64.deb
pcsc-lite_1.5.5-4.diff.gz
  to main/p/pcsc-lite/pcsc-lite_1.5.5-4.diff.gz
pcsc-lite_1.5.5-4.dsc
  to main/p/pcsc-lite/pcsc-lite_1.5.5-4.dsc
pcscd_1.5.5-4_amd64.deb
  to main/p/pcsc-lite/pcscd_1.5.5-4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 607781@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ludovic Rousseau <rousseau@debian.org> (supplier of updated pcsc-lite package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 22 Jan 2011 11:57:15 +0100
Source: pcsc-lite
Binary: pcscd libpcsclite-dev libpcsclite1
Architecture: source amd64
Version: 1.5.5-4
Distribution: unstable
Urgency: high
Maintainer: Ludovic Rousseau <rousseau@debian.org>
Changed-By: Ludovic Rousseau <rousseau@debian.org>
Description: 
 libpcsclite-dev - Middleware to access a smart card using PC/SC (development files)
 libpcsclite1 - Middleware to access a smart card using PC/SC (library)
 pcscd      - Middleware to access a smart card using PC/SC (daemon side)
Closes: 607781
Changes: 
 pcsc-lite (1.5.5-4) unstable; urgency=high
 .
   * Fix CVE-2010-4531: buffer overflow in the ATRDecodeAtr function in the
     Answer-to-Reset (ATR) Handler (atrhandler.c)
   * Closes: #607781 "pcsc-lite: buffer overflow"
Checksums-Sha1: 
 bf5d71d056fdc00b5b7466195be283c60d534276 1227 pcsc-lite_1.5.5-4.dsc
 51088cb8d0bf4cb8c26afe26a58681a8fc3485f6 14478 pcsc-lite_1.5.5-4.diff.gz
 bc070f61397aabcd1a1fe08eb5db4577b20d39f2 84356 pcscd_1.5.5-4_amd64.deb
 57cd24cb46e8c176f9496bebe63c741984d3f94a 65932 libpcsclite-dev_1.5.5-4_amd64.deb
 f49baa445ecd3512093b0385dc5ff01bf5a06b30 48432 libpcsclite1_1.5.5-4_amd64.deb
Checksums-Sha256: 
 a2936e5d6e11e1701ab93cdef2c98098ae9f40eff68b273217c30f792a4f9f3c 1227 pcsc-lite_1.5.5-4.dsc
 80d9bad8f463e6ebb52d99f2bf38685f5e5c6e3ab93c77118d28eab5e37d923a 14478 pcsc-lite_1.5.5-4.diff.gz
 ed090050049440f53cdb4ef52b3aeb65327e012538465955821960b2baa2c854 84356 pcscd_1.5.5-4_amd64.deb
 0bb1156ce945ccae03ba20848ebdf69362cb314fa20b845510e3bad144adbb17 65932 libpcsclite-dev_1.5.5-4_amd64.deb
 82a6dd4d6e7cdb712b911b872bb5a6a56cece14fa6d47fb0d1f6db93d3925e3f 48432 libpcsclite1_1.5.5-4_amd64.deb
Files: 
 95ee2c6321c0e28d496a19edf8a585e3 1227 misc extra pcsc-lite_1.5.5-4.dsc
 c39cc5c1929c03477abc69c45b385e9e 14478 misc extra pcsc-lite_1.5.5-4.diff.gz
 d0a71cdda75a66a9aee5a3ebab9990a6 84356 misc extra pcscd_1.5.5-4_amd64.deb
 51e6135e2250b7a7923636912c3d0f09 65932 libdevel optional libpcsclite-dev_1.5.5-4_amd64.deb
 394fe50bf6240be2a7c78834f4763aeb 48432 libs optional libpcsclite1_1.5.5-4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk06uQ0ACgkQP0qKj+B/HPlrIQCeMKQmd1zW7DmgkW/8nR+0mz4Q
DRYAn3Om+Xy7reVRjlGCGf+Y77dRzjLt
=iPw1
-----END PGP SIGNATURE-----





Reply sent to Steve Kemp <skx@debian.org>:
You have taken responsibility. (Thu, 03 Feb 2011 01:58:36 GMT) Full text and rfc822 format available.

Notification sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Thu, 03 Feb 2011 01:58:37 GMT) Full text and rfc822 format available.

Message #46 received at 607781-close@bugs.debian.org (full text, mbox):

From: Steve Kemp <skx@debian.org>
To: 607781-close@bugs.debian.org
Subject: Bug#607781: fixed in pcsc-lite 1.4.102-1+lenny4
Date: Thu, 03 Feb 2011 01:55:52 +0000
Source: pcsc-lite
Source-Version: 1.4.102-1+lenny4

We believe that the bug you reported is fixed in the latest version of
pcsc-lite, which is due to be installed in the Debian FTP archive:

libpcsclite-dev_1.4.102-1+lenny4_i386.deb
  to main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny4_i386.deb
libpcsclite1_1.4.102-1+lenny4_i386.deb
  to main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny4_i386.deb
pcsc-lite_1.4.102-1+lenny4.diff.gz
  to main/p/pcsc-lite/pcsc-lite_1.4.102-1+lenny4.diff.gz
pcsc-lite_1.4.102-1+lenny4.dsc
  to main/p/pcsc-lite/pcsc-lite_1.4.102-1+lenny4.dsc
pcscd_1.4.102-1+lenny4_i386.deb
  to main/p/pcsc-lite/pcscd_1.4.102-1+lenny4_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 607781@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Steve Kemp <skx@debian.org> (supplier of updated pcsc-lite package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 22 Jan 2011 17:18:19 +0000
Source: pcsc-lite
Binary: pcscd libpcsclite-dev libpcsclite1
Architecture: source i386
Version: 1.4.102-1+lenny4
Distribution: stable-security
Urgency: high
Maintainer: Ludovic Rousseau <rousseau@debian.org>
Changed-By: Steve Kemp <skx@debian.org>
Description: 
 libpcsclite-dev - Middleware to access a smart card using PC/SC (development files)
 libpcsclite1 - Middleware to access a smart card using PC/SC (library)
 pcscd      - Middleware to access a smart card using PC/SC (daemon side)
Closes: 607781
Changes: 
 pcsc-lite (1.4.102-1+lenny4) stable-security; urgency=high
 .
   * Fix CVE-2010-4531: buffer overflow in the ATRDecodeAtr
     function in the Answer-to-Reset (ATR) Handler (atrhandler.c)
   * Closes: #607781 "pcsc-lite: buffer overflow"
Checksums-Sha1: 
 e121272ce3d55a63f7ed016ad4685bfd4ed8ce5b 1269 pcsc-lite_1.4.102-1+lenny4.dsc
 2218c2cc164eb8cb4291439b2262afe93ddf22f3 643165 pcsc-lite_1.4.102.orig.tar.gz
 ccdd9a2b2c96dd769aed0b446ba12196a980e6e2 14048 pcsc-lite_1.4.102-1+lenny4.diff.gz
 3d6143b3943cd6fe1c493add6310ac92801d995f 73472 pcscd_1.4.102-1+lenny4_i386.deb
 89937f09fc1ae32f06725015057faf7f25581315 55940 libpcsclite-dev_1.4.102-1+lenny4_i386.deb
 e5aba9bad9642dbdc564b8ff3a4a1216653a81f7 42218 libpcsclite1_1.4.102-1+lenny4_i386.deb
Checksums-Sha256: 
 19adc006593d2bd2c4d03b316a1946c0d085a0c07b309cd51e124cb97790ecc6 1269 pcsc-lite_1.4.102-1+lenny4.dsc
 4f9ed23bf9492a6eb24bafda4889ba27ae63eb4242b5da6643309a7f6a499bcf 643165 pcsc-lite_1.4.102.orig.tar.gz
 017f66c9b39903dc96b147ce54ca6135f587a6197ad61f808bd203f2e437cd84 14048 pcsc-lite_1.4.102-1+lenny4.diff.gz
 9b6297d4f3a0cd81d155b37105fb708c3bf261f2ecbc49196bf92c3d26e2f8f1 73472 pcscd_1.4.102-1+lenny4_i386.deb
 1dc160e260d68037560d435947346e034049b415545e51071d0486487feedda0 55940 libpcsclite-dev_1.4.102-1+lenny4_i386.deb
 735ad05cd093d0bec0f7e1ebb77c5acafd07a8a6306406e1e492fd5e33a7358f 42218 libpcsclite1_1.4.102-1+lenny4_i386.deb
Files: 
 51cbcba6a8c68c94d54bcd6f899f3d0b 1269 misc extra pcsc-lite_1.4.102-1+lenny4.dsc
 bcfa5dd5d76b3020f94b029da764d288 643165 misc extra pcsc-lite_1.4.102.orig.tar.gz
 011e298b7d72799badc6d171ebe809ad 14048 misc extra pcsc-lite_1.4.102-1+lenny4.diff.gz
 683fe74ca9e1ac42d89f479d2ac89954 73472 misc extra pcscd_1.4.102-1+lenny4_i386.deb
 7eb2f9469cb21874497edc2877ede8da 55940 libdevel optional libpcsclite-dev_1.4.102-1+lenny4_i386.deb
 debefaf054cb17a53c19fecfbe530ef9 42218 libs optional libpcsclite1_1.4.102-1+lenny4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk07GksACgkQwM/Gs81MDZ333gCaAltAU0p8Dn/CJ+8Sf8PFMCO0
3ZoAn1NAgR1jWB8tYo3QOCWb6T80QEvx
=NoA5
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 20 Mar 2011 07:48:36 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 05:49:26 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.