[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#947133: marked as done (tightvnc NMU: tightvnc_1.3.9-9_1.3.9-9.1.debdiff (security upload))

Your message dated Sat, 07 Dec 2024 15:01:10 +0100
with message-id <9a86f3f6f5e3a7962c65eccc8c2224858cab2eca.camel@debian.org>
and subject line Re: Bug#947133: tightvnc NMU: tightvnc_1.3.9-9_1.3.9-9.1.debdiff (security upload)
has caused the Debian Bug report #947133,
regarding tightvnc NMU: tightvnc_1.3.9-9_1.3.9-9.1.debdiff (security upload)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
947133: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947133
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: src:tightvnc
Version; 1.3.9-9
Severity: important

Hi Ola et al,

I have just dput tightvnc 1.3.9-9.1 targetting unstable to DELAYED/10.

This is the upload's changelog:

```
diff -Nru tightvnc-1.3.9/debian/changelog tightvnc-1.3.9/debian/changelog
--- tightvnc-1.3.9/debian/changelog     2017-01-27 22:08:21.000000000 +0100
+++ tightvnc-1.3.9/debian/changelog     2019-12-21 10:35:50.000000000 +0100
@@ -1,3 +1,26 @@
+tightvnc (1:1.3.9-9.1) unstable; urgency=medium
+
+  * Security upload. (Closes: #945364).
+ * CVE-2014-6053: Check malloc() return value on client->server ClientCutText 
+    message.
+  * CVE-2019-8287 (aka CVE-2018-20020): Fix heap out-of-bound write
+    vulnerability inside structure in VNC client code.
+  * CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code.
+  * CVE-2018-20022: CWE-665: Improper Initialization vulnerability.
+  * CVE-2018-7225: Uninitialized and potentially sensitive data could be
+ accessed by remote attackers because the msg.cct.length in rfbserver.c was 
+    not sanitized.
+ * CVE-2019-15678: LibVNCClient: ignore server-sent cut text longer than 1MB. 
+  * Extra patch similar to the fix for CVE-2019-15678: LibVNCClient: ignore
+    server-sent reason strings longer than 1MB (see CVE-2018-20748/
+    libvncserver).
+  * CVE-2019-15679: rfbproto.c/InitialiseRFBConnection: Check desktop name
+    length received before allocating memory for it and limit it to 1MB.
+  * CVE-2019-15680: Fix null-pointer-deref issue in vncviewer/zlib.c.
+  * CVE-2019-15681: rfbserver: don't leak stack memory to the remote.
+
+ -- Mike Gabriel <sunweaver@debian.org>  Sat, 21 Dec 2019 10:35:50 +0100
+
 tightvnc (1:1.3.9-9) unstable; urgency=high

   * Reverted the transition. Tigervnc is not ready for being a full

```
The .debdiff for the made upload is attached. Please let me know, if you want to let it just pass through after 10 days or if I shall cancel the upload and do the upload to unstable yourself.
Please also note my proposal to move tightvnc over under the umbrella of the Debian Remote Maintainers Team (debian-remote@lists.debian.org). 

Thanks+Greets,
Mike
--

mike gabriel aka sunweaver (Debian Developer)
mobile: +49 (1520) 1976 148
landline: +49 (4351) 486 14 27

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunweaver@debian.org, http://sunweavers.net


diff -Nru tightvnc-1.3.9/debian/changelog tightvnc-1.3.9/debian/changelog
--- tightvnc-1.3.9/debian/changelog	2017-01-27 22:08:21.000000000 +0100
+++ tightvnc-1.3.9/debian/changelog	2019-12-21 10:35:50.000000000 +0100
@@ -1,3 +1,26 @@
+tightvnc (1:1.3.9-9.1) unstable; urgency=medium
+
+  * Security upload. (Closes: #945364).
+  * CVE-2014-6053: Check malloc() return value on client->server ClientCutText
+    message.
+  * CVE-2019-8287 (aka CVE-2018-20020): Fix heap out-of-bound write
+    vulnerability inside structure in VNC client code.
+  * CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code.
+  * CVE-2018-20022: CWE-665: Improper Initialization vulnerability.
+  * CVE-2018-7225: Uninitialized and potentially sensitive data could be
+    accessed by remote attackers because the msg.cct.length in rfbserver.c was
+    not sanitized.
+  * CVE-2019-15678: LibVNCClient: ignore server-sent cut text longer than 1MB.
+  * Extra patch similar to the fix for CVE-2019-15678: LibVNCClient: ignore
+    server-sent reason strings longer than 1MB (see CVE-2018-20748/
+    libvncserver).
+  * CVE-2019-15679: rfbproto.c/InitialiseRFBConnection: Check desktop name
+    length received before allocating memory for it and limit it to 1MB.
+  * CVE-2019-15680: Fix null-pointer-deref issue in vncviewer/zlib.c.
+  * CVE-2019-15681: rfbserver: don't leak stack memory to the remote.
+
+ -- Mike Gabriel <sunweaver@debian.org>  Sat, 21 Dec 2019 10:35:50 +0100
+
 tightvnc (1:1.3.9-9) unstable; urgency=high
 
   * Reverted the transition. Tigervnc is not ready for being a full
diff -Nru tightvnc-1.3.9/debian/patches/CVE-2014-6053.patch tightvnc-1.3.9/debian/patches/CVE-2014-6053.patch
--- tightvnc-1.3.9/debian/patches/CVE-2014-6053.patch	1970-01-01 01:00:00.000000000 +0100
+++ tightvnc-1.3.9/debian/patches/CVE-2014-6053.patch	2019-12-19 21:39:14.000000000 +0100
@@ -0,0 +1,29 @@
+From 6037a9074d52b1963c97cb28ea1096c7c14cbf28 Mon Sep 17 00:00:00 2001
+From: Nicolas Ruff <nruff@google.com>
+Date: Mon, 18 Aug 2014 15:16:16 +0200
+Subject: [PATCH] Check malloc() return value on client->server ClientCutText
+ message. Client can send up to 2**32-1 bytes of text, and such a large
+ allocation is likely to fail in case of high memory pressure. This would in a
+ server crash (write at address 0).
+
+[sunweaver] port libvncserver patch over to tightvnc's vnc server code
+
+---
+ libvncserver/rfbserver.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/Xvnc/programs/Xserver/hw/vnc/rfbserver.c
++++ b/Xvnc/programs/Xserver/hw/vnc/rfbserver.c
+@@ -891,6 +891,12 @@
+ 
+ 	str = (char *)xalloc(msg.cct.length);
+ 
++	if (str == NULL) {
++		rfbLogPerror("rfbProcessClientNormalMessage: not enough memory");
++		rfbCloseSock(cl->sock);
++		return;
++	}
++
+ 	if ((n = ReadExact(cl->sock, str, msg.cct.length)) <= 0) {
+ 	    if (n != 0)
+ 		rfbLogPerror("rfbProcessClientNormalMessage: read");
diff -Nru tightvnc-1.3.9/debian/patches/CVE-2018-20021.patch tightvnc-1.3.9/debian/patches/CVE-2018-20021.patch
--- tightvnc-1.3.9/debian/patches/CVE-2018-20021.patch	1970-01-01 01:00:00.000000000 +0100
+++ tightvnc-1.3.9/debian/patches/CVE-2018-20021.patch	2019-12-19 21:38:55.000000000 +0100
@@ -0,0 +1,22 @@
+Description: CVE-2018-20021
+ CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows
+ attacker to consume excessive amount of resources like CPU and RAM
+---
+
+Origin: https://github.com/LibVNC/libvncserver/commit/c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c
+Bug: https://github.com/LibVNC/libvncserver/issues/251
+Bug-Debian: https://bugs.debian.org/916941
+
+[sunweaver] port libvncclient patch over to tightvnc's vncviewer code
+
+--- a/vncviewer/rfbproto.c
++++ b/vncviewer/rfbproto.c
+@@ -1021,7 +1021,7 @@
+ 	bytesPerLine = rect.r.w * myFormat.bitsPerPixel / 8;
+ 	linesToRead = BUFFER_SIZE / bytesPerLine;
+ 
+-	while (rect.r.h > 0) {
++	while (linesToRead && rect.r.h > 0) {
+ 	  if (linesToRead > rect.r.h)
+ 	    linesToRead = rect.r.h;
+ 
diff -Nru tightvnc-1.3.9/debian/patches/CVE-2018-20022.patch tightvnc-1.3.9/debian/patches/CVE-2018-20022.patch
--- tightvnc-1.3.9/debian/patches/CVE-2018-20022.patch	1970-01-01 01:00:00.000000000 +0100
+++ tightvnc-1.3.9/debian/patches/CVE-2018-20022.patch	2019-12-19 21:47:41.000000000 +0100
@@ -0,0 +1,31 @@
+Description: CVE-2018-20022
+ multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC
+ client code that allows attacker to read stack memory and can be abused for
+ information disclosure. Combined with another vulnerability, it can be used
+ to leak stack memory layout and in bypassing ASLR
+---
+
+Origin: https://github.com/LibVNC/libvncserver/commit/2f5b2ad1c6c99b1ac6482c95844a84d66bb52838
+Bug: https://github.com/LibVNC/libvncserver/issues/252
+Bug-Debian: https://bugs.debian.org/916941
+
+[sunweaver] ported from libvncclient to tightvnc's vncviewer code
+
+--- a/vncviewer/rfbproto.c
++++ b/vncviewer/rfbproto.c
+@@ -886,6 +886,7 @@
+ {
+   rfbKeyEventMsg ke;
+ 
++  memset(&ke, 0, sizeof(ke));
+   ke.type = rfbKeyEvent;
+   ke.down = down ? 1 : 0;
+   ke.key = Swap32IfLE(key);
+@@ -906,6 +907,7 @@
+     free(serverCutText);
+   serverCutText = NULL;
+ 
++  memset(&cct, 0, sizeof(cct));
+   cct.type = rfbClientCutText;
+   cct.length = Swap32IfLE(len);
+   return  (WriteExact(rfbsock, (char *)&cct, sz_rfbClientCutTextMsg) &&
diff -Nru tightvnc-1.3.9/debian/patches/CVE-2018-7225.patch tightvnc-1.3.9/debian/patches/CVE-2018-7225.patch
--- tightvnc-1.3.9/debian/patches/CVE-2018-7225.patch	1970-01-01 01:00:00.000000000 +0100
+++ tightvnc-1.3.9/debian/patches/CVE-2018-7225.patch	2019-12-19 21:39:37.000000000 +0100
@@ -0,0 +1,51 @@
+From: Mike Gabriel <sunweaver@debian.org>
+Date: Tue, 5 Jun 2018 14:04:07 +0200
+Subject: CVE-2018-7225
+
+Bug-Debian: https://bugs.debian.org/894045
+Origin: https://github.com/LibVNC/libvncserver/commit/b0c77391e6bd0a2305bbc9b37a2499af74ddd9ee
+
+[sunweaver] port libvncserver patch over to tightvnc's VNC server code
+
+---
+ libvncserver/rfbserver.c | 20 +++++++++++++++++++-
+ 1 file changed, 19 insertions(+), 1 deletion(-)
+
+
+--- a/Xvnc/programs/Xserver/hw/vnc/rfbserver.c
++++ b/Xvnc/programs/Xserver/hw/vnc/rfbserver.c
+@@ -43,6 +43,9 @@
+ #include <vncserverctrl.h>
+ #endif
+ 
++/* PRIu32 */
++#include <inttypes.h>
++
+ char updateBuf[UPDATE_BUF_SIZE];
+ int ublen;
+ 
+@@ -889,7 +892,23 @@
+ 
+ 	msg.cct.length = Swap32IfLE(msg.cct.length);
+ 
+-	str = (char *)xalloc(msg.cct.length);
++	/* uint32_t input is passed to malloc()'s size_t argument,
++	 * to rfbReadExact()'s int argument, to rfbStatRecordMessageRcvd()'s int
++	 * argument increased of sz_rfbClientCutTextMsg, and to setXCutText()'s int
++	 * argument. Here we impose a limit of 1 MB so that the value fits
++	 * into all of the types to prevent from misinterpretation and thus
++	 * from accessing uninitialized memory (CVE-2018-7225) and also to
++	 * prevent from a denial-of-service by allocating to much memory in
++	 * the server. */
++	if (msg.cct.length > 1<<20) {
++	    rfbLog("rfbClientCutText: too big cut text length requested: %" PRIu32 "\n",
++	            msg.cct.length);
++	    rfbCloseSock(cl->sock);
++	    return;
++	}
++
++	/* Allow zero-length client cut text. */
++	str = (char *)calloc(msg.cct.length ? msg.cct.length : 1, 1);
+ 
+ 	if (str == NULL) {
+ 		rfbLogPerror("rfbProcessClientNormalMessage: not enough memory");
diff -Nru tightvnc-1.3.9/debian/patches/CVE-2019-15678-addon.patch tightvnc-1.3.9/debian/patches/CVE-2019-15678-addon.patch
--- tightvnc-1.3.9/debian/patches/CVE-2019-15678-addon.patch	1970-01-01 01:00:00.000000000 +0100
+++ tightvnc-1.3.9/debian/patches/CVE-2019-15678-addon.patch	2019-12-20 22:32:50.000000000 +0100
@@ -0,0 +1,28 @@
+From e34bcbb759ca5bef85809967a268fdf214c1ad2c Mon Sep 17 00:00:00 2001
+From: Christian Beier <dontmind@freeshell.org>
+Date: Sat, 29 Dec 2018 14:40:53 +0100
+Subject: [PATCH] LibVNCClient: ignore server-sent reason strings longer than
+ 1MB
+
+Fixes #273
+
+[sunweaver] Extract these few lines from the above referenced patch and port to tightvnc.
+            This patch was part of the fix series for CVE-2018-20748/libvncserver
+
+---
+ libvncclient/rfbproto.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/vncviewer/rfbproto.c
++++ b/vncviewer/rfbproto.c
+@@ -1293,6 +1293,10 @@
+ 
+   if (ReadFromRFBServer((char *)&reasonLen, sizeof(reasonLen))) {
+     reasonLen = Swap32IfLE(reasonLen);
++    if(reasonLen > 1<<20) {
++      fprintf(stderr, "VNC connection failed, but sent reason length of %u exceeds limit of 1MB",(unsigned int)reasonLen);
++      return;
++    }
+     if ((reason = malloc(reasonLen)) != NULL &&
+         ReadFromRFBServer(reason, reasonLen)) {
+       fprintf(stderr,"%.*s\n", (int)reasonLen, reason);
diff -Nru tightvnc-1.3.9/debian/patches/CVE-2019-15678.patch tightvnc-1.3.9/debian/patches/CVE-2019-15678.patch
--- tightvnc-1.3.9/debian/patches/CVE-2019-15678.patch	1970-01-01 01:00:00.000000000 +0100
+++ tightvnc-1.3.9/debian/patches/CVE-2019-15678.patch	2019-12-20 22:32:35.000000000 +0100
@@ -0,0 +1,28 @@
+From c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a Mon Sep 17 00:00:00 2001
+From: Christian Beier <dontmind@freeshell.org>
+Date: Sat, 29 Dec 2018 14:16:58 +0100
+Subject: [PATCH] LibVNCClient: ignore server-sent cut text longer than 1MB
+
+This is in line with how LibVNCServer does it
+(28afb6c537dc82ba04d5f245b15ca7205c6dbb9c) and fixes part of #273.
+
+[sunweaver] Port to tightvnc.
+
+---
+ libvncclient/rfbproto.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/vncviewer/rfbproto.c
++++ b/vncviewer/rfbproto.c
+@@ -1214,6 +1214,11 @@
+ 
+     msg.sct.length = Swap32IfLE(msg.sct.length);
+ 
++    if (msg.sct.length > 1<<20) {
++	    fprintf(stderr, "Ignoring too big cut text length sent by server: %u B > 1 MB\n", (unsigned int)msg.sct.length);
++	    return False;
++    }
++
+     if (serverCutText)
+       free(serverCutText);
+ 
diff -Nru tightvnc-1.3.9/debian/patches/CVE-2019-15679.patch tightvnc-1.3.9/debian/patches/CVE-2019-15679.patch
--- tightvnc-1.3.9/debian/patches/CVE-2019-15679.patch	1970-01-01 01:00:00.000000000 +0100
+++ tightvnc-1.3.9/debian/patches/CVE-2019-15679.patch	2019-12-20 22:32:08.000000000 +0100
@@ -0,0 +1,33 @@
+From c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7 Mon Sep 17 00:00:00 2001
+From: Christian Beier <dontmind@freeshell.org>
+Date: Sun, 6 Jan 2019 14:20:37 +0100
+Subject: [PATCH] LibVNCClient: fail on server-sent desktop name lengths longer
+ than 1MB
+
+re #273
+---
+ libvncclient/rfbproto.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+[sunweaver] Ported over to tightvnc.
+
+--- a/vncviewer/rfbproto.c
++++ b/vncviewer/rfbproto.c
+@@ -303,13 +303,11 @@
+   si.format.blueMax = Swap16IfLE(si.format.blueMax);
+   si.nameLength = Swap32IfLE(si.nameLength);
+ 
+-  /* FIXME: Check arguments to malloc() calls. */
+-  desktopName = malloc(si.nameLength + 1);
+-  if (!desktopName) {
+-    fprintf(stderr, "Error allocating memory for desktop name, %lu bytes\n",
+-            (unsigned long)si.nameLength);
+-    return False;
++  if (si.nameLength > 1<<20) {
++      fprintf(stderr, "Too big desktop name length sent by server: %u B > 1 MB\n", (unsigned int)si.nameLength);
++      return FALSE;
+   }
++  desktopName = malloc(si.nameLength + 1);
+ 
+   if (!ReadFromRFBServer(desktopName, si.nameLength)) return False;
+ 
diff -Nru tightvnc-1.3.9/debian/patches/CVE-2019-15680.patch tightvnc-1.3.9/debian/patches/CVE-2019-15680.patch
--- tightvnc-1.3.9/debian/patches/CVE-2019-15680.patch	1970-01-01 01:00:00.000000000 +0100
+++ tightvnc-1.3.9/debian/patches/CVE-2019-15680.patch	2019-12-20 16:07:49.000000000 +0100
@@ -0,0 +1,16 @@
+Origin: https://github.com/LibVNC/libvncserver/pull/360/commits/85d00057b5daf71675462c9b175d8cb2d47cd0e1
+
+--- a/vncviewer/zlib.c
++++ b/vncviewer/zlib.c
+@@ -55,6 +55,11 @@
+     raw_buffer_size = (( rw * rh ) * ( BPP / 8 ));
+     raw_buffer = (char*) malloc( raw_buffer_size );
+ 
++    if (raw_buffer == NULL) {
++
++       return False;
++
++    }
+   }
+ 
+   if (!ReadFromRFBServer((char *)&hdr, sz_rfbZlibHeader))
diff -Nru tightvnc-1.3.9/debian/patches/CVE-2019-15681.patch tightvnc-1.3.9/debian/patches/CVE-2019-15681.patch
--- tightvnc-1.3.9/debian/patches/CVE-2019-15681.patch	1970-01-01 01:00:00.000000000 +0100
+++ tightvnc-1.3.9/debian/patches/CVE-2019-15681.patch	2019-12-19 21:39:44.000000000 +0100
@@ -0,0 +1,20 @@
+From d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a Mon Sep 17 00:00:00 2001
+From: Christian Beier <dontmind@freeshell.org>
+Date: Mon, 19 Aug 2019 22:32:25 +0200
+Subject: [PATCH] rfbserver: don't leak stack memory to the remote
+
+Thanks go to Pavel Cheremushkin of Kaspersky for reporting.
+
+[sunweaver] Ported to rfbserver.c in tightvnc
+
+--- a/Xvnc/programs/Xserver/hw/vnc/rfbserver.c
++++ b/Xvnc/programs/Xserver/hw/vnc/rfbserver.c
+@@ -1481,6 +1481,8 @@
+     rfbClientPtr cl, nextCl;
+     rfbServerCutTextMsg sct;
+ 
++    memset((char *)&sct, 0, sizeof(sct));
++
+     if (rfbViewOnly)
+ 	return;
+ 
diff -Nru tightvnc-1.3.9/debian/patches/CVE-2019-8287.patch tightvnc-1.3.9/debian/patches/CVE-2019-8287.patch
--- tightvnc-1.3.9/debian/patches/CVE-2019-8287.patch	1970-01-01 01:00:00.000000000 +0100
+++ tightvnc-1.3.9/debian/patches/CVE-2019-8287.patch	2019-12-20 21:43:49.000000000 +0100
@@ -0,0 +1,23 @@
+Description: CVE-2019-8287
+ (same as CVE-2018-20020/libvncserver)
+ heap out-of-bound write vulnerability inside structure in VNC client code that
+ can result remote code execution
+---
+
+Origin: https://github.com/LibVNC/libvncserver/commit/7b1ef0ffc4815cab9a96c7278394152bdc89dc4d
+Bug: https://github.com/LibVNC/libvncserver/issues/250
+Bug-Debian: https://bugs.debian.org/916941
+
+[sunweaver] port libvncclient patch over to tightvnc's vncviewer code
+
+--- a/vncviewer/corre.c
++++ b/vncviewer/corre.c
+@@ -56,7 +56,7 @@
+     XChangeGC(dpy, gc, GCForeground, &gcv);
+     XFillRectangle(dpy, desktopWin, gc, rx, ry, rw, rh);
+ 
+-    if (!ReadFromRFBServer(buffer, hdr.nSubrects * (4 + (BPP / 8))))
++    if (hdr.nSubrects > BUFFER_SIZE / (4 + (BPP / 8)) || !ReadFromRFBServer(buffer, hdr.nSubrects * (4 + (BPP / 8))))
+ 	return False;
+ 
+     ptr = (CARD8 *)buffer;
diff -Nru tightvnc-1.3.9/debian/patches/series tightvnc-1.3.9/debian/patches/series
--- tightvnc-1.3.9/debian/patches/series	2016-06-19 13:22:20.000000000 +0200
+++ tightvnc-1.3.9/debian/patches/series	2019-12-21 10:35:39.000000000 +0100
@@ -6,3 +6,13 @@
 ppc64el.patch
 782620-crashfix.patch
 more-arm64-fixes.patch
+CVE-2019-15680.patch
+CVE-2019-15681.patch
+CVE-2014-6053.patch
+CVE-2018-7225.patch
+CVE-2018-20021.patch
+CVE-2019-8287.patch
+CVE-2018-20022.patch
+CVE-2019-15679.patch
+CVE-2019-15678.patch
+CVE-2019-15678-addon.patch

Attachment: pgpMOYpjdCWwi.pgp
Description: Digitale PGP-Signatur


--- End Message ---
--- Begin Message --- 
On Sun, 22 Dec 2019 23:35:09 +0100 Ola Lundqvist <ola@inguza.com>
wrote:
> Thanks.
> 
> Den sön 22 dec. 2019 23:02Mike Gabriel <sunweaver@debian.org> skrev:
> 
> > Hi Ola,
> >
> > On  Sa 21 Dez 2019 19:27:24 CET, Ola Lundqvist wrote:
> >
> > > Thank you. You can skip the delay.
> > >
> >
> > just issues a
> >
> >    dcut reschedule -f tightvnc_1.3.9-9.1_source.changes -d 0

Closing this NMU notification for being acknowledged by the former
package maintainer.

-- 
GPG Fingerprint
3DF5 E8AA 43FC 9FDF D086 F195 ADF5 0EDA F8AD D585

Attachment: signature.asc
Description: This is a digitally signed message part


--- End Message ---
Reply to: