Debian Bug report logs - #870725
CVE-2017-11721: read buffer overflow in MSG_ReadBits

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2017-11721

Date: Fri, 04 Aug 2017 16:30:46 +0200

Source: ioquake3
Severity: grave
Tags: security

Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11721

Cheers,
        Moritz

Message #12 received at 870725-close@bugs.debian.org (full text, mbox, reply):

From: Simon McVittie <smcv@debian.org>

To: 870725-close@bugs.debian.org

Subject: Bug#870725: fixed in ioquake3 1.36+u20170803+dfsg1-1

Date: Fri, 04 Aug 2017 21:05:14 +0000

Source: ioquake3
Source-Version: 1.36+u20170803+dfsg1-1

We believe that the bug you reported is fixed in the latest version of
ioquake3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 870725@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon McVittie <smcv@debian.org> (supplier of updated ioquake3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 04 Aug 2017 18:34:40 +0100
Source: ioquake3
Binary: ioquake3 ioquake3-server
Architecture: source
Version: 1.36+u20170803+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Games Team <pkg-games-devel@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Closes: 870725
Description: 
 ioquake3   - Game engine for 3D first person shooter games
 ioquake3-server - Engine for 3D first person shooter games - server and common file
Changes:
 ioquake3 (1.36+u20170803+dfsg1-1) unstable; urgency=medium
 .
   * New upstream snapshot
     - Fix read buffer overflow in MSG_ReadBits
       (CVE-2017-11721) (Closes: #870725)
     - Check buffer boundary exactly in MSG_WriteBits, instead of
       potentially failing with a few bytes still available
Checksums-Sha1: 
 c0563a648b19b81ab125f48e0b61cab31050e508 2282 ioquake3_1.36+u20170803+dfsg1-1.dsc
 287ad60bfb5b04238f14593a15a67f2884600fc4 1905260 ioquake3_1.36+u20170803+dfsg1.orig.tar.xz
 1b56a93b3584660bf9c71e2078179a5ffa53a032 22224 ioquake3_1.36+u20170803+dfsg1-1.debian.tar.xz
Checksums-Sha256: 
 64aa514975fd1cdd7ff23fe3e8472453dfe570a3b4c0c9d9da84d9afe6b93292 2282 ioquake3_1.36+u20170803+dfsg1-1.dsc
 9d8283fe131b0fc5363cb6bb0896b63a410d51daf4df036b3aaf5ca33c5c4da1 1905260 ioquake3_1.36+u20170803+dfsg1.orig.tar.xz
 0dcab0480a605a55cf1651b0510f88eadac6824f0ace8678f7bb4dad2132b570 22224 ioquake3_1.36+u20170803+dfsg1-1.debian.tar.xz
Files: 
 7daf0055f20249c5c78c2f89e722abbb 2282 games optional ioquake3_1.36+u20170803+dfsg1-1.dsc
 7de062ce2c05d41a1f4c3101e226fe61 1905260 games optional ioquake3_1.36+u20170803+dfsg1.orig.tar.xz
 f87c2827023bd87fcc8f03bea1b30755 22224 games optional ioquake3_1.36+u20170803+dfsg1-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE2pjyXAhxxJpZ6v8sTej/KmPHzJAFAlmE2y8ACgkQTej/KmPH
zJCxdQ/+N0wddLdzuef9949bd9OOD/JzpZvbdkzhrV6WKFyW3LzCILvLKJYlMuPe
GqW1tf41yl0BI9+OnXNZ2xO5Jxxc2c1mpcCsj5dQegYiLcXkUQ9PFnNesBnucvCF
iB8ITk6J+UG/hPvrJvN/JZWJOd2+YYnFVKPefXZ0GWJqGQNhmG+IX9em+U8z8oBQ
eTdnXi84fhSgYYcr5dOmpjp3vMmoHkHWEdBPKh7T3KHY8nhW54yFL52R81pgwhyA
8cF7SxBrREnNcTa7G0rlQQeUUuDSDM1Ej6cP2GVKYJwLU7WVdxipudJo1DSMwe0s
LN69qjKwEGENmFcjOMff88LerEgMxw/fbX7XFLtmZB3f8jsiqiDl68xjNYCa4rCS
b+4WuxJgWxAtuaYXe1LvUMabuBUlvqxHGDA+87Swv9qJhXL4c6B87jXjqV6pgfk+
P3aPKCor4MBmopfmrZDHo/eEkigGDjbUSRoCZmdH3ugHoWWQPyP8bpX9b0gRjjhP
8C55Mkj2D3yGzFD0dIkzkR9x67W6CmYjd3V7FCCPi4eVcZTKElNQfAbbto46TRRI
4FgyDwdZ6AXbLNjRl0Vn4gxbMqQ8u2HGDTpPxTR/pxt1mxifLWTwQgUF1wCWgUru
K5SWRzRW+kmZVOfooa8EMEVSV9SalV30n/X8cXM9OZCLSHuDF0o=
=2SzJ
-----END PGP SIGNATURE-----

Message #17 received at 870725@bugs.debian.org (full text, mbox, reply):

From: Simon McVittie <smcv@debian.org>

To: Moritz Muehlenhoff <jmm@debian.org>, 870725@bugs.debian.org, Salvatore Bonaccorso <carnil@debian.org>

Subject: Re: Bug#870725: CVE-2017-11721: read buffer overflow in MSG_ReadBits

Date: Sat, 5 Aug 2017 11:47:23 +0100

Control: retitle -1 CVE-2017-11721: read buffer overflow in MSG_ReadBits
Control: tags -1 + upstream fixed-upstream patch
Control: forwarded -1 https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1

On Fri, 04 Aug 2017 at 16:30:46 +0200, Moritz Muehlenhoff wrote:
> Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11721

I have fixed this in unstable with a newer upstream snapshot. I suspect
that the bug is also present in all older suites, but I have not had
time to research that. Any suite where the upstream commit cherry-picks
successfully is probably vulnerable.

I am travelling (to Debconf) and finishing writing a talk, so I will
be unable to address this in older suites for now. If someone from the
security or games team wants to prepare and upload a backport of the
commit referenced by MITRE, please go ahead. From the commit message
and a quick read through the code, my understanding is that only the
MSG_ReadBits side is security-sensitive, with the MSG_WriteBits side
being merely for correctness (the buffer overflow check is too
pessimistic and will sometimes report an overflow when there are in
fact a few bytes left); but I could be wrong, and taking the entire
commit is probably the safer option.

The debian/stretch and debian/jessie branches in
https://anonscm.debian.org/git/pkg-games/ioquake3.git should be up to
date, and that git repository also contains the upstream commit
d2b1d124d4055c2fcbe5126863487c52fd58cca1.

Otherwise, I'll come back to this after I've given my my talk at Debconf,
assuming I can recruit someone running stable to smoke-test the new
version.

Thanks,
    S

Message #28 received at 870725@bugs.debian.org (full text, mbox, reply):

From: Simon McVittie <smcv@debian.org>

To: Moritz Muehlenhoff <jmm@debian.org>, 870725@bugs.debian.org, Salvatore Bonaccorso <carnil@debian.org>

Subject: Re: Bug#870725: CVE-2017-11721: read buffer overflow in MSG_ReadBits

Date: Sat, 5 Aug 2017 12:24:19 +0100

Control: clone -1 -2
Control: reassign -2 src:iortcw
Control: forwarded -2 https://github.com/iortcw/iortcw/commit/260c39a29af517a08b3ee1a0e78ad654bdd70934
Control: found -2 1.51+dfsg1-2
Control: fixed -2 1.51+dfsg1-3

On Sat, 05 Aug 2017 at 11:47:23 +0100, Simon McVittie wrote:
> On Fri, 04 Aug 2017 at 16:30:46 +0200, Moritz Muehlenhoff wrote:
> > Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11721

iortcw in contrib also has this. I've uploaded a fix.

Again, I don't have time to handle this for stable right now, so
security or games team members are very welcome to do so. I'll prepare
a stable update during Debconf if nobody gets there first, assuming I
can find a stable user willing to test a game from contrib.

    S

Message #35 received at 870725@bugs.debian.org (full text, mbox, reply):

From: Simon McVittie <smcv@debian.org>

To: Moritz Muehlenhoff <jmm@debian.org>, 870725@bugs.debian.org, Salvatore Bonaccorso <carnil@debian.org>

Subject: Re: Bug#870725: CVE-2017-11721: read buffer overflow in MSG_ReadBits

Date: Thu, 10 Aug 2017 14:29:52 -0400

[Message part 1 (text/plain, inline)]

On Sat, 05 Aug 2017 at 12:24:19 +0100, Simon McVittie wrote:
> Again, I don't have time to handle this for stable right now, so
> security or games team members are very welcome to do so. I'll prepare
> a stable update during Debconf if nobody gets there first, assuming I
> can find a stable user willing to test a game from contrib.

I have prepared proposed stable-security updates and borrowed a
stable machine to smoke-test them (thanks to Andy Simpkins). I forget
whether you're interested in fixing contrib or not, so I'm doing iortcw
as well as ioquake3 (openjk is experimental-only so is not relevant here).
Let me know if I should redirect the iortcw update to the release team.

Here is some text which might be useful for a DSA:

----8<----

A read buffer overflow was discovered in the idtech3 (Quake III Arena)
family of game engines. This allows remote attackers to cause a denial
of service (application crash) or possibly have unspecified other impact
via a crafted packet. (CVE-2017-11721)

In Debian, this issue affects the ioquake3, iortcw and openjk packages.

For the stable distribution (stretch), this issue has been fixed in
ioquake3 version 1.36+u20161101+dfsg1-2+deb9u1 and in iortcw version
1.50a+dfsg1-3+deb9u1.

In the unstable distribution (sid), this issue has been fixed in ioquake3
version 1.36+u20170803+dfsg1-1 and in iortcw version 1.51+dfsg1-3.

In the experimental distribution this issue has been fixed in openjk
version 0~20170718+dfsg1-2.

---->8----

Proposed debdiffs attached. OK to upload?

Regards,
    S

[iortcw_1.50a+dfsg1-3+deb9u1.diff (text/x-diff, attachment)]

[ioquake3_1.36+u20161101+dfsg1-2+deb9u1.diff (text/x-diff, attachment)]

Message #40 received at 870725@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>

To: Simon McVittie <smcv@debian.org>

Cc: 870725@bugs.debian.org, Salvatore Bonaccorso <carnil@debian.org>

Subject: Re: Bug#870725: CVE-2017-11721: read buffer overflow in MSG_ReadBits

Date: Fri, 11 Aug 2017 20:11:46 +0200

On Thu, Aug 10, 2017 at 02:29:52PM -0400, Simon McVittie wrote:
> On Sat, 05 Aug 2017 at 12:24:19 +0100, Simon McVittie wrote:
> > Again, I don't have time to handle this for stable right now, so
> > security or games team members are very welcome to do so. I'll prepare
> > a stable update during Debconf if nobody gets there first, assuming I
> > can find a stable user willing to test a game from contrib.
> 
> I have prepared proposed stable-security updates and borrowed a
> stable machine to smoke-test them (thanks to Andy Simpkins). I forget
> whether you're interested in fixing contrib or not, so I'm doing iortcw
> as well as ioquake3 (openjk is experimental-only so is not relevant here).
> Let me know if I should redirect the iortcw update to the release team.

Thanks, please upload. Generally speaking contrib is not supported, but
it would be silly to fix ioquake, but not iortcw along, so please go ahead.

What about jessie, is that still usable against current game servers?

Cheers,
        Moritz

Message #45 received at 870725@bugs.debian.org (full text, mbox, reply):

From: Simon McVittie <smcv@debian.org>

To: Moritz Mühlenhoff <jmm@inutil.org>, 870725@bugs.debian.org

Cc: Salvatore Bonaccorso <carnil@debian.org>

Subject: Re: Bug#870725: CVE-2017-11721: read buffer overflow in MSG_ReadBits

Date: Sat, 12 Aug 2017 01:46:33 -0400

On Fri, 11 Aug 2017 at 20:11:46 +0200, Moritz Mühlenhoff wrote:
> Thanks, please upload. Generally speaking contrib is not supported, but
> it would be silly to fix ioquake, but not iortcw along, so please go ahead.

Thanks, both uploaded to security-master targeting stretch-security.

> What about jessie, is that still usable against current game servers?

It would make sense to fix ioquake3 in jessie, but I am unlikely to
be able to complete this work any time soon - I probably won't find a
jessie user at DebConf, and soon after I get back I'll be moving house,
so my time and hardware are limited. I'll try to prepare packages so
that someone else can test them (via openarena).

For completeness: iortcw isn't in jessie, so not applicable.

    S

Message #50 received at 870725@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>

To: Simon McVittie <smcv@debian.org>

Cc: Moritz Mühlenhoff <jmm@inutil.org>, 870725@bugs.debian.org, Salvatore Bonaccorso <carnil@debian.org>

Subject: Re: Bug#870725: CVE-2017-11721: read buffer overflow in MSG_ReadBits

Date: Sat, 12 Aug 2017 15:33:34 +0200

On Sat, Aug 12, 2017 at 01:46:33AM -0400, Simon McVittie wrote:
> On Fri, 11 Aug 2017 at 20:11:46 +0200, Moritz Mühlenhoff wrote:
> > Thanks, please upload. Generally speaking contrib is not supported, but
> > it would be silly to fix ioquake, but not iortcw along, so please go ahead.
> 
> Thanks, both uploaded to security-master targeting stretch-security.
> 
> > What about jessie, is that still usable against current game servers?
> 
> It would make sense to fix ioquake3 in jessie, but I am unlikely to
> be able to complete this work any time soon - I probably won't find a
> jessie user at DebConf, and soon after I get back I'll be moving house,
> so my time and hardware are limited. I'll try to prepare packages so
> that someone else can test them (via openarena).

Feel free to simply upload an untested package for jessie-security,
I'm flying back on Sunday evening, I can run tests on jessie sometime
next week.

Cheers,
        Moritz

Message #55 received at 870725@bugs.debian.org (full text, mbox, reply):

From: Simon McVittie <smcv@debian.org>

To: Moritz Mühlenhoff <jmm@inutil.org>, 870725@bugs.debian.org

Cc: Salvatore Bonaccorso <carnil@debian.org>

Subject: Re: Bug#870725: CVE-2017-11721: read buffer overflow in MSG_ReadBits

Date: Sat, 12 Aug 2017 16:22:06 -0400

[Message part 1 (text/plain, inline)]

On Sat, 12 Aug 2017 at 15:33:34 +0200, Moritz Mühlenhoff wrote:
> Feel free to simply upload an untested package for jessie-security,
> I'm flying back on Sunday evening, I can run tests on jessie sometime
> next week.

I was able to do a smoke-test on a virtual machine (llvmpipe is much
better than I remembered, apparently) so there is now a briefly tested
jessie-security version in the queue. Any additional testing would
likely be useful - the patch is to netcode, so hosting or joining an
openarena server is an appropriate test. See attached debdiff.

    S

[ioquake3_1.36+u20140802+gca9eebb-2+deb8u2.diff (text/x-diff, attachment)]

Message #60 received at 870725-close@bugs.debian.org (full text, mbox, reply):

From: Simon McVittie <smcv@debian.org>

To: 870725-close@bugs.debian.org

Subject: Bug#870725: fixed in ioquake3 1.36+u20161101+dfsg1-2+deb9u1

Date: Tue, 22 Aug 2017 21:32:20 +0000

Source: ioquake3
Source-Version: 1.36+u20161101+dfsg1-2+deb9u1

We believe that the bug you reported is fixed in the latest version of
ioquake3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 870725@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon McVittie <smcv@debian.org> (supplier of updated ioquake3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 12 Aug 2017 01:37:23 EDT
Source: ioquake3
Binary: ioquake3 ioquake3-server
Architecture: source
Version: 1.36+u20161101+dfsg1-2+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian Games Team <pkg-games-devel@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Description: 
 ioquake3   - Game engine for 3D first person shooter games
 ioquake3-server - Engine for 3D first person shooter games - server and common file
Closes: 870725
Changes:
 ioquake3 (1.36+u20161101+dfsg1-2+deb9u1) stretch-security; urgency=medium
 .
   * Reference CVE-2017-6903 in previous changelog entry
   * Add patch from upstream:
     + Address read buffer overflow in
       MSG_ReadBits (CVE-2017-11721) (Closes: #870725)
     + Check buffer boundary exactly in MSG_WriteBits, instead of
       potentially failing with a few bytes still available
Checksums-Sha256: 
 61bd336200f9cee4b02f23aa1231cb272bb04cbd711b40e5ec16295ff92b8b4b 2310 ioquake3_1.36+u20161101+dfsg1-2+deb9u1.dsc
 f2fc89d979a84088a08f81debd341a4905dc2149185874d17943d2c2044be151 25268 ioquake3_1.36+u20161101+dfsg1-2+deb9u1.debian.tar.xz
 16c071721387a37b592aad30ed3eddba66cdea87ad808af85f465396a51f4d0b 1886888 ioquake3_1.36+u20161101+dfsg1.orig.tar.xz
Checksums-Sha1: 
 ec34c192c83e46aaaedbeffd72a60fe6239a80ee 2310 ioquake3_1.36+u20161101+dfsg1-2+deb9u1.dsc
 47651a22549123ec28a480a100764e47f362c0ff 25268 ioquake3_1.36+u20161101+dfsg1-2+deb9u1.debian.tar.xz
 1287724135101aeed70f4a3cbb0883ca52995052 1886888 ioquake3_1.36+u20161101+dfsg1.orig.tar.xz
Files: 
 6e7b750d4288a9a7388e96c2f45ed3ac 2310 games optional ioquake3_1.36+u20161101+dfsg1-2+deb9u1.dsc
 81a330e471f12813df4ca9207d6417d1 25268 games optional ioquake3_1.36+u20161101+dfsg1-2+deb9u1.debian.tar.xz
 d14b0fca7af5ebc86688acd874e49b44 1886888 games optional ioquake3_1.36+u20161101+dfsg1.orig.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAlmOlB0ACgkQ4FrhR4+B
TE9ddRAAqhfiJV/e5ctum/N6saW4wJ7HMcWbOgFT/4hnej6me6QwzgMs841imexd
g1c+Pm+frjx3G1L/e3JHy+vPkfycqvSf/8f4QN5NTvrHj5FVfdV/9m6VHA4MZRlf
VyDd1j5xD1KJhq3/r+NqmvQLft4JOaQMFbh8fkykxIKVR27S/mhhZxMAk0cEgIKw
aoxZ7GWOA1JfaSfoW6A0e1Fn+uRpZcxGZOpe6CJmBiUaESNGUITb4+lw7E7N+FzG
5a3xedYqdLW+WfdbzwqZ44PerE9zEEFrChyUEZFQyTSv+vJHwYZRkEcxDsfVEIBF
CG55IONIggPIpixybSeRGk3Cqzs+rshBHF33hqQ+Mu0hIvaZ67j0uy74s2uATqfK
ev3cP48PLumZ+Aix2Mu7hXIGXUY9M3NXSaGf8C9ykJyr4WlMEq7KS4VH0/Kw1/TB
qZeSVrzE8LEdom9XadkMgqoTLNRiOqbU/LWEDgIixv85iAMmlX7E54pqp8dOkuYa
R/5ld/LpZSw6WcR6vBW0WMuFSXGM7W1SUcwzn25tka/sl0GC2hGmSlOZEdKck23m
0IFfw9RLteGKZlXwIHZTVHnVyX7m7SCVmYzMw9HNobJh/mCqNlZu507IxUBj5aGC
/eNhGcTYHOk5vJW46BlcmtThutQ5NZBCCs6iIOg8BdfpqQ1buos=
=LCdy
-----END PGP SIGNATURE-----

Message #65 received at 870725-close@bugs.debian.org (full text, mbox, reply):

From: Simon McVittie <smcv@debian.org>

To: 870725-close@bugs.debian.org

Subject: Bug#870725: fixed in ioquake3 1.36+u20140802+gca9eebb-2+deb8u2

Date: Tue, 22 Aug 2017 21:48:29 +0000

Source: ioquake3
Source-Version: 1.36+u20140802+gca9eebb-2+deb8u2

We believe that the bug you reported is fixed in the latest version of
ioquake3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 870725@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon McVittie <smcv@debian.org> (supplier of updated ioquake3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 12 Aug 2017 10:15:49 -0400
Source: ioquake3
Binary: ioquake3 ioquake3-server ioquake3-dbg
Architecture: source amd64
Version: 1.36+u20140802+gca9eebb-2+deb8u2
Distribution: jessie-security
Urgency: medium
Maintainer: Debian Games Team <pkg-games-devel@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Description:
 ioquake3   - Game engine for 3D first person shooter games
 ioquake3-dbg - debug symbols for the ioquake3 game engine
 ioquake3-server - Standalone server for ioQuake3 based games
Closes: 870725
Changes:
 ioquake3 (1.36+u20140802+gca9eebb-2+deb8u2) jessie-security; urgency=medium
 .
   * Add patch from upstream:
     + Address read buffer overflow in
       MSG_ReadBits (CVE-2017-11721) (Closes: #870725)
     + Check buffer boundary exactly in MSG_WriteBits, instead of
       potentially failing with a few bytes still available
Checksums-Sha1:
 74428d865287b740fe942e9c61a1c1de6148bb95 2487 ioquake3_1.36+u20140802+gca9eebb-2+deb8u2.dsc
 dbc1bef688c31dde83efce5f289850c7691720d4 21328 ioquake3_1.36+u20140802+gca9eebb-2+deb8u2.debian.tar.xz
 e082506121ad0039040f3e2281bc9c71d3c82dc3 1467444 ioquake3_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb
 1cb478e031d39aafacfdaca9450c69b4192b4f4b 858832 ioquake3-server_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb
 e63c1b73d34d6286529530da8fbaa01213e71bef 5103992 ioquake3-dbg_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb
Checksums-Sha256:
 c4d7f5d1fcdc4880aae830fa285e3e34d3f92013389e8ad3169bb8d6e9748e4f 2487 ioquake3_1.36+u20140802+gca9eebb-2+deb8u2.dsc
 431d0bfd241c03b668496e4d271e0ac687f73acfa3e61afc4a61b1e160bc4821 21328 ioquake3_1.36+u20140802+gca9eebb-2+deb8u2.debian.tar.xz
 fd4620dae688a1da9930ba643d0196564868e31c2b6ff1c9ce070263bf36b093 1467444 ioquake3_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb
 4b46e8a300db691e4d6482a7dd6b9b8d01193bc098901bb716fbd5edff6edfc4 858832 ioquake3-server_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb
 44928de612b490e254e99744230e8fd7759d8d8b4b06de5fc1219e470c94924b 5103992 ioquake3-dbg_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb
Files:
 15b866d299bd49dadcc34345ef9c174a 2487 games optional ioquake3_1.36+u20140802+gca9eebb-2+deb8u2.dsc
 d32e16ee6ae297b0dff0e4c3ba3410d4 21328 games optional ioquake3_1.36+u20140802+gca9eebb-2+deb8u2.debian.tar.xz
 682fabb11d7546db34626145ead2b97b 1467444 games optional ioquake3_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb
 daf0766b20ff78047d94af3dfdf648b2 858832 games optional ioquake3-server_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb
 e65241a904a16c1911b57c85bdf8cde9 5103992 debug extra ioquake3-dbg_1.36+u20140802+gca9eebb-2+deb8u2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAlmPYnQACgkQ4FrhR4+B
TE9wkA/8Cle5qH/luXYIP88Kej/xFamqc4K8OHmU1M6uSEpk+UlnG6lVWJc76NJR
DdS5d8bLHVD3gaLMPxGhIunXMPVM4gOwdvLBxtDoBy5auTtBLTWS01KGmOSPnfC3
86cVKsftKRDsd5b08sybyXK8H4em7p9DhMdxscB4GJOXxLQybkJGWy9qzebg0E1n
8RZIP7xZvSpA7EzPurH5XIdfftPGFmy6TvluT3WZ1n/L3J8OqpJbUV8M0E3+BLfN
7C/0nME8imeTGVBFtN9AgyGNQzXO3gydcizYW38Qj9M3BQMrZ+smDw6+LHbyhtjC
sLBMcgSgvsrZpRhx4Qmnzlfii5sQItQJGUdurQuYPmLmVniaFSVE3KYOersmC4WS
xM9tTZAY/63cBLJbMbEjcbkibBkxKnDEhcShIWde6yeK54NVgiF7oiNLoOh4bQhx
MRRTDBZDialZE+CIND5NngICE1ns9C1/ITT64bKNYO68hixLYZcBybW2cqZANy8S
4FTXaau2UJVAW4COkB+xcl9N8xx40rYWNwxJeSIFCXbtxNN2Jl9NZTQQFJ9bEIe5
TNBO5olDkcYka/fHoIvhdkFnRsYG0LznAnDwyBGsyamnBXK72JPGuhoGHfvu6EgG
QsGPVeE1uP94qJVFEMHLqn1M5NHfDiO9tX346J21T92m+1AToQY=
=+EfJ
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.