Debian Bug report logs - #705274
curl: CVE-2013-1944: libcurl cookie domain tailmatch

version graph

Package: curl; Maintainer for curl is Alessandro Ghedini <ghedo@debian.org>; Source for curl is src:curl.

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Fri, 12 Apr 2013 11:33:02 UTC

Severity: grave

Tags: security

Found in versions curl/7.21.0-2, curl/7.21.0-1, curl/7.26.0-1+wheezy1, curl/7.29.0-2

Fixed in versions curl/7.29.0-2.1, curl/7.26.0-1+wheezy2

Done: Alessandro Ghedini <ghedo@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Alessandro Ghedini <ghedo@debian.org>:
Bug#705274; Package curl. (Fri, 12 Apr 2013 11:33:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to Alessandro Ghedini <ghedo@debian.org>. (Fri, 12 Apr 2013 11:33:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: submit@bugs.debian.org
Subject: curl: CVE-2013-1944: libcurl cookie domain tailmatch
Date: Fri, 12 Apr 2013 13:28:29 +0200
Package: curl
Severity: grave
Tags: security

Hi,
the following vulnerability was published for curl.

CVE-2013-1944[0]:
libcurl cookie domain tailmatch

For further information see:

[0] http://security-tracker.debian.org/tracker/CVE-2013-1944
[1] http://curl.haxx.se/docs/adv_20130412.html

Alessandro Ghedini was already aware of it and prepared debdiffs
stable and wheezy.

This is more to track the issue as bug in BTS.

Regards,
Salvatore



Marked as found in versions curl/7.21.0-2. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 12 Apr 2013 12:03:11 GMT) Full text and rfc822 format available.

Marked as found in versions curl/7.26.0-1+wheezy1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 12 Apr 2013 13:54:03 GMT) Full text and rfc822 format available.

Marked as found in versions curl/7.29.0-2. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 12 Apr 2013 13:54:04 GMT) Full text and rfc822 format available.

Marked as found in versions curl/7.21.0-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 12 Apr 2013 13:54:08 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sat, 13 Apr 2013 07:30:04 GMT) Full text and rfc822 format available.

Reply sent to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility. (Sat, 13 Apr 2013 08:51:12 GMT) Full text and rfc822 format available.

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Sat, 13 Apr 2013 08:51:12 GMT) Full text and rfc822 format available.

Message #20 received at 705274-close@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 705274-close@bugs.debian.org
Subject: Bug#705274: fixed in curl 7.29.0-2.1
Date: Sat, 13 Apr 2013 08:47:43 +0000
Source: curl
Source-Version: 7.29.0-2.1

We believe that the bug you reported is fixed in the latest version of
curl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 705274@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated curl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 12 Apr 2013 13:55:34 +0200
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg
Architecture: source amd64
Version: 7.29.0-2.1
Distribution: unstable
Urgency: high
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Closes: 704093 705274
Changes: 
 curl (7.29.0-2.1) unstable; urgency=high
 .
   * Non-maintainer upload.
 .
   [ Alessandro Ghedini ]
   * Do not compress *.pdf files (Closes: #704093)
 .
   [ Salvatore Bonaccorso ]
   * Add 09_CVE-213-1944.patch.
     Fix CVE-2013-1944: fix tailmatching to prevent cross-domain leakage.
     Cookies set for 'example.com' could accidentaly also be sent by libcurl
     to the 'bexample.com' (ie with a prefix to the first domain name).
     (Closes: #705274)
   * Add testcase for CVE-2013-1944.
Checksums-Sha1: 
 b1bfaa541a1b186daf14343d257428f588a21b6d 2517 curl_7.29.0-2.1.dsc
 1fbc32fee63d62bd363703305e0ccde10d00b2eb 30867 curl_7.29.0-2.1.debian.tar.gz
 94ec41ef3d8c7407eefefa44709cb41b9dae8b5c 282462 curl_7.29.0-2.1_amd64.deb
 b4418019002a4c2e2fd578e4e968a9e2b116586e 333984 libcurl3_7.29.0-2.1_amd64.deb
 0dae1597b4f10c8d0362d87dc7532528caf51a81 325506 libcurl3-gnutls_7.29.0-2.1_amd64.deb
 f3db6731469edf18a1ea6b2abc7155752efccf16 331740 libcurl3-nss_7.29.0-2.1_amd64.deb
 d7d339eac4ef23274587109874dcc085cac1f279 1318218 libcurl4-openssl-dev_7.29.0-2.1_amd64.deb
 efce9cb44ddca788289833fbe13bc3f680d2584e 1307654 libcurl4-gnutls-dev_7.29.0-2.1_amd64.deb
 3bf2a8d84ed5a750dc30ff82eaeb2037d5eca20c 1314316 libcurl4-nss-dev_7.29.0-2.1_amd64.deb
 429be12d0e049719b3f5376a288bbda3ecde56d5 3463610 libcurl3-dbg_7.29.0-2.1_amd64.deb
Checksums-Sha256: 
 865729790b95a077928ea3ab8d713b59112bcb4a79a6bc539e1b01d6b22a6a68 2517 curl_7.29.0-2.1.dsc
 2dba5084e6db0479d7d37323765b24a4dcb8b18b36ed1cbaf594e3f0e6a6fd81 30867 curl_7.29.0-2.1.debian.tar.gz
 c2b2f8faf5fac4daa298b4e54767e041091e2d1b0983228c6534a42cc9c0302a 282462 curl_7.29.0-2.1_amd64.deb
 9e146676be96308f1712c7a87101b18969f676bba981baa146763ae9c32fbf8c 333984 libcurl3_7.29.0-2.1_amd64.deb
 17803a04fa2c34efad9308cdc867ad5f1be2ab1f9bcf7d9fc20b2d86f3aeb31a 325506 libcurl3-gnutls_7.29.0-2.1_amd64.deb
 31d47a09a1eda3b34b005e62870a1dfa4c92127c44b02a795d00eff18f6cd205 331740 libcurl3-nss_7.29.0-2.1_amd64.deb
 4834476ddd0cebc4d8e446d3ea8c9129ed9833570d5a78149c72e48e39b8e81f 1318218 libcurl4-openssl-dev_7.29.0-2.1_amd64.deb
 eeeeb552f8ceacafaa35cb96fe3bda279d5f367daa4333dcf3daa9af2e295470 1307654 libcurl4-gnutls-dev_7.29.0-2.1_amd64.deb
 b5d43f7c4e5b941c93972409f3190162c78f7701595d55ae021b0c9d6f8512bb 1314316 libcurl4-nss-dev_7.29.0-2.1_amd64.deb
 2c621a0e6cd0d56d4424a6ec19d6530ddd124464a1b60c4b078ffadddc5ca44e 3463610 libcurl3-dbg_7.29.0-2.1_amd64.deb
Files: 
 c6ad3f5578941c7a2f665b73908eb204 2517 web optional curl_7.29.0-2.1.dsc
 5f06308c4f7d640f282186c08615fa9e 30867 web optional curl_7.29.0-2.1.debian.tar.gz
 67c4ad4d680e628e9ef13f51a1ea50c6 282462 web optional curl_7.29.0-2.1_amd64.deb
 92b7a77c2c325c7834f28496d39c0cbf 333984 libs optional libcurl3_7.29.0-2.1_amd64.deb
 0285629a654b56e90e1479a2542c64f2 325506 libs optional libcurl3-gnutls_7.29.0-2.1_amd64.deb
 2a4ae0f80367dfc88c0fed0bd22b38cf 331740 libs optional libcurl3-nss_7.29.0-2.1_amd64.deb
 53d791eea85070465e377328efdb4f1a 1318218 libdevel optional libcurl4-openssl-dev_7.29.0-2.1_amd64.deb
 815c25043f20d27b20597cc6b7874b24 1307654 libdevel optional libcurl4-gnutls-dev_7.29.0-2.1_amd64.deb
 5743fb230708e234e1c9c939d20c02f2 1314316 libdevel optional libcurl4-nss-dev_7.29.0-2.1_amd64.deb
 2cca6d36e4f8d9ecb64cc9149d6c8b04 3463610 debug extra libcurl3-dbg_7.29.0-2.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJRaRqUAAoJEHidbwV/2GP+4SMQAIP21HUBb+mE+w4hHn/wmWEP
g93dCVF78BQIInCkFpL7C7zIKM3g9kSZxY/mtiiRWitRtlCExv6taaIMIA5AeSdj
X0Fs5IkUwLB8Zn9h13+4opKstxU5mo3zA0Fckif/H/SX18j8p0Oe2rhDzBbOCdLk
aHgJlorLxukhcjwpo0QvgK8I8wyDk0miVyhjAp6ntIGzueNlG5U6WPQ0in4VrnN7
siOD/ZC8mo2MR50d5avyEo4vNOjU5U32x4fd3U3KNnXelkUa4uxdfZ5mGP44ODQa
yDAXKt6pMxSZJz4Pr3cq923y46DNcPc52LZ9EwGtaKilzYxZML5V+NN4z5W/aVW4
OrIB4adB916cJNMqbSjfjKKMAk5dg/wpNJ2qxX8xnHZlGbofqBoQKSW/dGSexhOI
LCkwBTJ5h8i592IWxxHcd9DUtthEzyGgQVJzne4X2imkrCDzswP2Jf1f187i44a1
yZNkJthnPzn5YCLijqt00a/SdkSyAQgiZ1kwAaDytCO2OFNbbzD/a2lbmz94B0Xw
9hjYVXzxeou0Pgoe7CLrpP8LADkorD26GYC9CpMRczvEuPwPzavCzDI+XQsvSsHv
uGkAhYmmnh6r+9tIi8uad16s8zzL9vAeZXOEUkmzYQZo4nSBgSCaIGahQI/zUP91
osnIonwpXL9dLQtvNJ3a
=ipQt
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Alessandro Ghedini <ghedo@debian.org>:
Bug#705274; Package curl. (Sat, 13 Apr 2013 09:21:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Alessandro Ghedini <ghedo@debian.org>. (Sat, 13 Apr 2013 09:21:04 GMT) Full text and rfc822 format available.

Message #25 received at 705274@bugs.debian.org (full text, mbox):

From: Salvatore Bonaccorso <carnil@debian.org>
To: 705274@bugs.debian.org
Subject: Re: Bug#705274: curl: CVE-2013-1944: libcurl cookie domain tailmatch
Date: Sat, 13 Apr 2013 11:17:06 +0200
Hi

In case somebody wondered why this was not uploaded as recommended by
the dev-ref for NMU to a delayed queue: Alessandro asked if somone
else can handle the uploads for CVE-213-1944.

Regards,
Salvatore



Reply sent to Alessandro Ghedini <ghedo@debian.org>:
You have taken responsibility. (Sat, 13 Apr 2013 13:06:04 GMT) Full text and rfc822 format available.

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Sat, 13 Apr 2013 13:06:04 GMT) Full text and rfc822 format available.

Message #30 received at 705274-close@bugs.debian.org (full text, mbox):

From: Alessandro Ghedini <ghedo@debian.org>
To: 705274-close@bugs.debian.org
Subject: Bug#705274: fixed in curl 7.26.0-1+wheezy2
Date: Sat, 13 Apr 2013 13:02:33 +0000
Source: curl
Source-Version: 7.26.0-1+wheezy2

We believe that the bug you reported is fixed in the latest version of
curl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 705274@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alessandro Ghedini <ghedo@debian.org> (supplier of updated curl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 10 Apr 2013 22:56:48 +0200
Source: curl
Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg
Architecture: source amd64
Version: 7.26.0-1+wheezy2
Distribution: wheezy-proposed-updates
Urgency: high
Maintainer: Alessandro Ghedini <ghedo@debian.org>
Changed-By: Alessandro Ghedini <ghedo@debian.org>
Description: 
 curl       - command line tool for transferring data with URL syntax
 libcurl3   - easy-to-use client-side URL transfer library (OpenSSL flavour)
 libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours)
 libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour)
 libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour)
 libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour)
 libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour)
 libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour)
Closes: 705274
Changes: 
 curl (7.26.0-1+wheezy2) wheezy-proposed-updates; urgency=high
 .
   [ Alessandro Ghedini ]
   * Fix cookie domain tailmatch as per CVE-2013-1944
     http://curl.haxx.se/docs/adv_20130412.html (Closes: #705274)
   * Set urgency=high accordingly
 .
   [ Salvatore Bonaccorso ]
   * Add testcase for CVE-2013-1944
Checksums-Sha1: 
 7655ce20a222f4a558004d75037b9bad8fdc37bc 2533 curl_7.26.0-1+wheezy2.dsc
 78efa2454eba30f6cc865eb368459bf789876ccf 32625 curl_7.26.0-1+wheezy2.debian.tar.gz
 c6b3ec189061085fb96777d2d715cf9c86147012 270112 curl_7.26.0-1+wheezy2_amd64.deb
 7bf62c6cd62b5458910f324c50575225f10d178b 330832 libcurl3_7.26.0-1+wheezy2_amd64.deb
 7e5e7c14c173a57f59542fb3a2060267574c232a 321646 libcurl3-gnutls_7.26.0-1+wheezy2_amd64.deb
 99c6c8c5efc0e8c8aebc4c8218ace639e27c8ee6 328336 libcurl3-nss_7.26.0-1+wheezy2_amd64.deb
 f69218c821432e09ff9beb1fd0de47f9fe89066c 1268822 libcurl4-openssl-dev_7.26.0-1+wheezy2_amd64.deb
 132b54a845db52cdd15b8c6f2c4f1c9480dab581 1257724 libcurl4-gnutls-dev_7.26.0-1+wheezy2_amd64.deb
 34a611b9ea24c5ad1084fd5f9ba5e6028a9a8a49 1265038 libcurl4-nss-dev_7.26.0-1+wheezy2_amd64.deb
 e4ae2129348e5b49e4e4f4ac60a7538da2fa9a79 3295660 libcurl3-dbg_7.26.0-1+wheezy2_amd64.deb
Checksums-Sha256: 
 354b7095b8f764e839a76646a348fa7a1248e4ea563bc4839ce8746408e1ff43 2533 curl_7.26.0-1+wheezy2.dsc
 f34cde20bd32671a38612d70d1b5b1f676164f8d0d87dad5db58f31b1abd7451 32625 curl_7.26.0-1+wheezy2.debian.tar.gz
 9fd60fc1009438542547bf180c9b83fb94210c8c44b853a18267301fdc8c7087 270112 curl_7.26.0-1+wheezy2_amd64.deb
 4b8306b98bfcc72638f732edcb134a0b3d7efddaf23961541910c394e92b5eca 330832 libcurl3_7.26.0-1+wheezy2_amd64.deb
 c411dd95657e98dd6d5f58573d55b4d811b07a66887aaa215a8910c479aa165d 321646 libcurl3-gnutls_7.26.0-1+wheezy2_amd64.deb
 766cd88310903fb62a74d1f2d7f5b98f177b4d7121a1d8a98fbcc06c21e86309 328336 libcurl3-nss_7.26.0-1+wheezy2_amd64.deb
 9588452bc6a5c7990151b4278801238a3ed2c529a1af45adb0051cfd431ecee9 1268822 libcurl4-openssl-dev_7.26.0-1+wheezy2_amd64.deb
 fb10fdc0d59f897a687ee7e04a231fa86448bbd9100c4e2c21fe92cdbbfa022b 1257724 libcurl4-gnutls-dev_7.26.0-1+wheezy2_amd64.deb
 dcdf4e6bee8864553491fc39dce52d81c9308f14a79f340b7486485823e4744b 1265038 libcurl4-nss-dev_7.26.0-1+wheezy2_amd64.deb
 b9e97f3908939e9596135003211547eb1fcffa4f74d2235b87aeee8111ff2a55 3295660 libcurl3-dbg_7.26.0-1+wheezy2_amd64.deb
Files: 
 98bfa72048fc06ee613fe7992db6c3ca 2533 web optional curl_7.26.0-1+wheezy2.dsc
 a30f07f6c1493aebf0f091bfcdf5a57d 32625 web optional curl_7.26.0-1+wheezy2.debian.tar.gz
 7ddf93bc83794e001b7bb6ff54d3609b 270112 web optional curl_7.26.0-1+wheezy2_amd64.deb
 91135eecc0b6bacd8126b62bc4173564 330832 libs optional libcurl3_7.26.0-1+wheezy2_amd64.deb
 367cbba9f3215c0ff2a27c881c46762e 321646 libs optional libcurl3-gnutls_7.26.0-1+wheezy2_amd64.deb
 dae2efe0d4be490ef68e134cdc721783 328336 libs optional libcurl3-nss_7.26.0-1+wheezy2_amd64.deb
 c33d300971b79b81c5467a389cfdbeac 1268822 libdevel optional libcurl4-openssl-dev_7.26.0-1+wheezy2_amd64.deb
 8d547370a3a0c1f6f9814f25f9cf24ca 1257724 libdevel optional libcurl4-gnutls-dev_7.26.0-1+wheezy2_amd64.deb
 10063d2f2748d6abfac55284bbb8f112 1265038 libdevel optional libcurl4-nss-dev_7.26.0-1+wheezy2_amd64.deb
 c1f848c62d55ca1bc2559dff76713a41 3295660 debug extra libcurl3-dbg_7.26.0-1+wheezy2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJRaVWIAAoJEHidbwV/2GP+VwcQAKiFM6zb6+mO8mWxKSV/0Xmq
AOK0xP8IVLt/KxrRinZhFAJvsv5FnfUKllmhl0gFhXgq6GsDdPRKSI3zoWOOubjp
S139zeLpSZsr+VpkAD/wwxFCnwrTDv5Cs/nbwudtPi4Uta1XWRctZY9PqR6eqzK3
hDc/GqEceCRyw4pRLmI7mYd8U+5793oz2n6X8HgLUepS6aHWjo1VQPB2Bc6rdTNs
BmndHSxEggNgoS1WhIcXu/A7A76Gwp6UQ3d2OZK383N6fzDBbsKVh0q3cZMFvKmT
2k3wH6Djvp1nfEYK7sWTYqWfIkbKDKLSAn6z/T7bk/gJmlolHhLLf5w0h/QHbsL3
xGYxwj0+1wLM3nODd07j3GBnPfXD7mW1QwoGCEg208h1y6MU9sS3p6hIsrkfj2If
bIL8ePA7nYpE2OtOLv15Uzk5GmK1jylVyHzoIAfUst04GQXUScVPob6aZsKOGMn5
sobWGwbSV4cgiCdg2Y6Hq2TRjtTd6tW36rrCgRONgUpTYapk9s4FGrqa52kpYfaS
0i1ZjF/LTO45vXm3Nt4doPT7Yzw6+Zvrx/+m+crmahH9++mDTjq0j22aka1IGKbV
IrgYwWu9FBY4npIMOFC3/J2ihzcnKbeME7uHA5gT7ozmQukTvPRLhe9IRC247H4F
+M73QhB5N10Nta7QuQSG
=364y
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#705274; Package curl. (Tue, 16 Apr 2013 18:51:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Alessandro Ghedini <ghedo@debian.org>:
Extra info received and forwarded to list. (Tue, 16 Apr 2013 18:51:10 GMT) Full text and rfc822 format available.

Message #35 received at 705274@bugs.debian.org (full text, mbox):

From: Alessandro Ghedini <ghedo@debian.org>
To: Salvatore Bonaccorso <carnil@debian.org>, 705274@bugs.debian.org
Subject: Re: Bug#705274: curl: CVE-2013-1944: libcurl cookie domain tailmatch
Date: Tue, 16 Apr 2013 20:48:58 +0200
[Message part 1 (text/plain, inline)]
On sab, apr 13, 2013 at 11:17:06 +0200, Salvatore Bonaccorso wrote:
> Hi
> 
> In case somebody wondered why this was not uploaded as recommended by
> the dev-ref for NMU to a delayed queue: Alessandro asked if somone
> else can handle the uploads for CVE-213-1944.

Hi Salvatore,

thank you very much for handling this in my absence.

Cheers

-- 
perl -E '$_=q;$/= @{[@_]};and s;\S+;<inidehG ordnasselA>;eg;say~~reverse'
[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 15 May 2013 07:31:22 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 16:39:18 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.