CVE-2023-26314: #972146 - /usr/share/applications/mono-runtime-common.desktop: should not handle MIME type by executing arbitrary code (CVE-2023-26314)

Reported by: Simon McVittie [email protected]

Date: Tue, 13 Oct 2020 10:33:01 UTC

Severity: grave

Tags: patch, security

Found in versions mono/5.18.0.240+dfsg-3, mono/6.8.0.105+dfsg-3

Fixed in versions mono/6.8.0.105+dfsg-3.3, mono/6.8.0.105+dfsg-3.3~deb11u1

Done: Salvatore Bonaccorso [email protected]

Reply or subscribe to this bug.

Toggle useless messages

Report forwarded to [email protected], [email protected], Debian Mono Group [email protected]:
Bug#972146; Package mono-runtime-common. (Tue, 13 Oct 2020 10:33:03 GMT) (full text, mbox, link).

Acknowledgement sent to Simon McVittie [email protected]:
New Bug report received and forwarded. Copy sent to [email protected], Debian Mono Group [email protected]. (Tue, 13 Oct 2020 10:33:03 GMT) (full text, mbox, link).

Message #5 received at [email protected] (full text, mbox, reply):

Package: mono-runtime-common Version: 6.8.0.105+dfsg-3 Severity: important File: /usr/share/applications/mono-runtime-common.desktop Tags: security X-Debbugs-Cc: Debian Security Team [email protected]

/usr/share/applications/mono-runtime-common.desktop and /usr/share/applications/mono-runtime-terminal.desktop are registered as freedesktop.org MIME handlers for the application/x-ms-dos-executable MIME type. They run the executable under mono(1) without any further prompting. This means that doing normal “open a document” actions will result in arbitrary code execution with normal user privileges:

• follow a web link to a downloadable file and accept the browser’s offer to open it (mitigation: the user is prompted, and major browsers might special-case application/x-ms-dos-executable as particularly dangerous)
• follow a file:/// link in a non-web format that allows links, such as PDF
• open an email attachment
• xdg-desktop-portal forwarding an “open file” action from a Flatpak app (mitigation: this one involves user action to confirm which app should be used to open the file)

I don’t think this is *necessarily* a security vulnerability, as such (everything is doing what it is designed to do), but in 2020 it seems deeply inadvisable. In particular, web browsers, email clients, and sandboxed app frameworks like Flatpak and Snap, which are not generally aware of the specifics of particular MIME types, have little choice but to assume that opening a file is not normally arbitrary code execution.

The analogous MIME handling in Wine was removed in 2013 (https://bugs.debian.org/327262\).

I would expect that Mono would either not handle application/x-ms-dos-executable, or handle it with an application that shows a “this is probably dangerous, are you sure?” prompt first (like Wine used to do). I would personally prefer it to not handle application/x-ms-dos-executable at all, due to https://en.wikipedia.org/wiki/Dancing\_pigs\.

This was brought to my attention by a commit in GNOME’s evince PDF viewer which removes its “launch action” feature (part of the PDF spec, but in practice mostly used by Windows malware) as a form of security hardening. See https://gitlab.gnome.org/GNOME/evince/-/issues/1333\ (I’m preparing an upload with the change referenced there), which uses mono in its proof-of-concept.

Mitigation: GNOME users will find that org.gnome.FileRoller.desktop is a preferred handler for application/x-ms-dos-executable. It isn’t clear to me how useful this really is (opening an executable as a zip-like archive with “filenames” like .text and .bss seems more like a proof-of-concept than something people would genuinely use) but at least it’s harmless. MATE’s equivalent (fork?) of file-roller, engrampa, does the same.

Another mitigation: I was surprised to find that gnome-games-app also associates itself with application/x-ms-dos-executable, alongside lots of ROM formats (presumably so it can offer to run them in a sandbox environment with Dosbox). This is hopefully OK, because gnome-games-app hopefully has a lot more prompting and sandboxing than a general-purpose program interpreter.

smcv

Information forwarded to [email protected], Debian Mono Group [email protected]:
Bug#972146; Package mono-runtime-common. (Tue, 04 May 2021 20:33:02 GMT) (full text, mbox, link).

Acknowledgement sent to Gabriel Corona [email protected]:
Extra info received and forwarded to list. Copy sent to Debian Mono Group [email protected]. (Tue, 04 May 2021 20:33:02 GMT) (full text, mbox, link).

Message #10 received at [email protected] (full text, mbox, reply):

Hi,

Any update on this? This is actually very dangerous.

$ xdg-open hello.exe Hello World! $ cp hello.exe hello.ΡDF # <- actually not a P but a uppercase rho $ xdg-open hello.PDF Hello World!

Gabriel

Severity set to ‘grave’ from ‘important’ Request was from Salvatore Bonaccorso [email protected] to [email protected]. (Tue, 18 May 2021 20:06:02 GMT) (full text, mbox, link).

Marked as found in versions mono/5.18.0.240+dfsg-3. Request was from Adrian Bunk [email protected] to [email protected]. (Sun, 23 May 2021 15:39:02 GMT) (full text, mbox, link).

Added tag(s) bullseye-ignore. Request was from Paul Gevers [email protected] to [email protected]. (Fri, 30 Jul 2021 13:24:07 GMT) (full text, mbox, link).

Removed tag(s) bullseye-ignore. Request was from Paul Gevers [email protected] to [email protected]. (Sat, 14 Aug 2021 17:57:22 GMT) (full text, mbox, link).

Information forwarded to [email protected], Debian Mono Group [email protected]:
Bug#972146; Package mono-runtime-common. (Tue, 17 Aug 2021 07:42:02 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso [email protected]:
Extra info received and forwarded to list. Copy sent to Debian Mono Group [email protected]. (Tue, 17 Aug 2021 07:42:02 GMT) (full text, mbox, link).

Message #23 received at [email protected] (full text, mbox, reply):

Hi Monio Maintainers,

On Tue, May 04, 2021 at 10:30:57PM +0200, Gabriel Corona wrote:

Hi,

Any update on this? This is actually very dangerous.

$ xdg-open hello.exe Hello World! $ cp hello.exe hello.ΡDF # <- actually not a P but a uppercase rho $ xdg-open hello.PDF Hello World!

Friendly ping on this issue. This issue was ingored for bullseye release, at least during the freeze. Any suggestion for it’s further handling?

Regards, Salvatore

Information forwarded to [email protected], Debian Mono Group [email protected]:
Bug#972146; Package mono-runtime-common. (Wed, 10 Nov 2021 21:21:05 GMT) (full text, mbox, link).

Acknowledgement sent to Gabriel Corona [email protected]:
Extra info received and forwarded to list. Copy sent to Debian Mono Group [email protected]. (Wed, 10 Nov 2021 21:21:05 GMT) (full text, mbox, link).

Message #28 received at [email protected] (full text, mbox, reply):

Hi,

Any help needed for this?

Regards,

Gabriel

Information forwarded to [email protected], Debian Mono Group [email protected]:
Bug#972146; Package mono-runtime-common. (Mon, 05 Dec 2022 21:00:02 GMT) (full text, mbox, link).

Acknowledgement sent to Gabriel Corona [email protected]:
Extra info received and forwarded to list. Copy sent to Debian Mono Group [email protected]. (Mon, 05 Dec 2022 21:00:02 GMT) (full text, mbox, link).

Message #33 received at [email protected] (full text, mbox, reply):

As a workaround, you should be able to disable this feature (and have the fix persist after a package update) with something like:

mkdir -p /usr/local/share/applications cp /usr/share/applications/mono-runtime-*.desktop /usr/local/share/applications sed -i ‘s/^Exec=.*/Exec=false/’ /usr/local/share/applications/mono-runtime-*.desktop

Regards,

Gabriel

Information forwarded to [email protected], Debian Mono Group [email protected]:
Bug#972146; Package mono-runtime-common. (Wed, 14 Dec 2022 09:42:02 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso [email protected]:
Extra info received and forwarded to list. Copy sent to Debian Mono Group [email protected]. (Wed, 14 Dec 2022 09:42:03 GMT) (full text, mbox, link).

Message #38 received at [email protected] (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Control: tags 972146 + patch

Dear maintainer,

I’ve prepared an NMU for mono (versioned as 6.8.0.105+dfsg-3.3). The diff is attached to this message.

Regards, Salvatore

[mono-6.8.0.105+dfsg-3.3-nmu.diff (text/x-diff, attachment)]

Added tag(s) patch. Request was from Salvatore Bonaccorso [email protected] to [email protected]. (Wed, 14 Dec 2022 09:42:03 GMT) (full text, mbox, link).

Reply sent to Salvatore Bonaccorso [email protected]:
You have taken responsibility. (Wed, 14 Dec 2022 10:57:03 GMT) (full text, mbox, link).

Notification sent to Simon McVittie [email protected]:
Bug acknowledged by developer. (Wed, 14 Dec 2022 10:57:03 GMT) (full text, mbox, link).

Message #45 received at [email protected] (full text, mbox, reply):

Source: mono Source-Version: 6.8.0.105+dfsg-3.3 Done: Salvatore Bonaccorso [email protected]

We believe that the bug you reported is fixed in the latest version of mono, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is attached.

Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software pp. Salvatore Bonaccorso [email protected] (supplier of updated mono package)

(This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected])

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Format: 1.8 Date: Fri, 09 Dec 2022 14:33:03 +0100 Source: mono Architecture: source Version: 6.8.0.105+dfsg-3.3 Distribution: unstable Urgency: medium Maintainer: Debian Mono Group [email protected] Changed-By: Salvatore Bonaccorso [email protected] Closes: 972146 Changes: mono (6.8.0.105+dfsg-3.3) unstable; urgency=medium . * Non-maintainer upload. * Revert “Added desktop file for mono with and without a terminal window” (Closes: #972146) Checksums-Sha1: a6328f64e65334e8efe493449680434b23e9d8dc 19796 mono_6.8.0.105+dfsg-3.3.dsc c8cf23f89c835a3defa9fd1652bc733eae9efe79 136532 mono_6.8.0.105+dfsg-3.3.debian.tar.xz 1faf68312140181825c77a857369e2c884dd7678 4830 mono_6.8.0.105+dfsg-3.3_source.buildinfo Checksums-Sha256: 691db0a4657222707277448467e33f05f19fa8eb80bb91113828187cc6e2d544 19796 mono_6.8.0.105+dfsg-3.3.dsc 0d62c1d1ef2f0b00420d41b0a30db6dd172f3f6bdd6cfc8a8abe8bff6a5d5fc8 136532 mono_6.8.0.105+dfsg-3.3.debian.tar.xz a244550c997733965abe6499a3f0bce52926e134ca0b60b12340e052b3f72248 4830 mono_6.8.0.105+dfsg-3.3_source.buildinfo Files: 300c8a5c48320caa038d5ef742f6a8e5 19796 cli-mono optional mono_6.8.0.105+dfsg-3.3.dsc 154fbda976a4c7a362336030aed8ba4e 136532 cli-mono optional mono_6.8.0.105+dfsg-3.3.debian.tar.xz 8c31bf51e44371e238f854abc5b4c97c 4830 cli-mono optional mono_6.8.0.105+dfsg-3.3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmOTPzxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EOTIQAJQsDM0YnWyE+20EYCHxtnHOOvPrZ7MR rkhiz6blBSwCEed0voCR8el31O4lypX68hCzLG+izBDE98n6kzgspjMMa8hQzJi+ VnQOByWWLpnGleBA/JRpmC4BEkEn4yGJ3jmFgoIpE19dMqC+VplGZY/Ot8briBrY KTJOnsg1/KTy8FfSzDdo7krpNhNGQ1zk262/uOQoIwSSBAjX72tEIrzCFe1SyqgV p39zjIArnCEI501f5e62YFHLVuBuqG+02EdDSS2m0OCmAFZXy0PKtLqVmjhlm3D8 YhKFikkxXAOXqw/QVS5fb4JSLAVE32v8gCd6Cxk7moJJvEV4wkTcpc1anOdytY2B S2YfypcjvjXk7FHKzmFLTWLIAPyFYXqdvJ+p7GxXt+Fvajxq/8O22dTWi6DyZ9IC c+GwK1PSUvPH/7/UCSmN7lz3dyxHSaDxqZnN2Z2f7CstGffO3++Cop5+RAIaVszd OSQnwWctfkumjqJuQnAXU9ntREFcFTSwgXYqPcer55HPPRPbclkI7niEo3Xtg5UL wDnJPCi/6Go7pQzF26WZy1K60vzkgzcYOnp3GBFWdmPO0jLNSOQYuhDotH9wTX0p w18cehFjVviBmNaj1IqDPMX2Ucg6bUTop0WP2JUSHZLHmFpwk8TBSAlkqZaFZ79+ esaOmULWu+pl =84G1 -----END PGP SIGNATURE-----

Information forwarded to [email protected], Debian Mono Group [email protected]:
Bug#972146; Package mono-runtime-common. (Thu, 16 Feb 2023 22:45:02 GMT) (full text, mbox, link).

Acknowledgement sent to Gabriel Corona [email protected]:
Extra info received and forwarded to list. Copy sent to Debian Mono Group [email protected]. (Thu, 16 Feb 2023 22:45:02 GMT) (full text, mbox, link).

Message #50 received at [email protected] (full text, mbox, reply):

Hi,

Thanks for the patch!

This has been fixed in Debian testing and sid. However, stable is still affected. I believe it would make sense to port the patch to stable and allocate a CVE for this.

Regards,

Gabriel

Information forwarded to [email protected], Debian Mono Group [email protected]:
Bug#972146; Package mono-runtime-common. (Fri, 17 Feb 2023 21:39:02 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso [email protected]:
Extra info received and forwarded to list. Copy sent to Debian Mono Group [email protected]. (Fri, 17 Feb 2023 21:39:02 GMT) (full text, mbox, link).

Message #55 received at [email protected] (full text, mbox, reply):

Hi Gabriel,

On Thu, Feb 16, 2023 at 11:37:57PM +0100, Gabriel Corona wrote:

Hi,

Thanks for the patch!

Thanks for staying on top of the issue!

This has been fixed in Debian testing and sid. However, stable is still affected. I believe it would make sense to port the patch to stable and allocate a CVE for this.

The last upload to unstable as NMU was for me personally to near to the point release before christmas. A while has passed, and have now proposed the same change for bullseye as well, cf. #1031527. Thanks for pinging again on it, much appreciated! So the issue will/should be fixed as well with the upcoming point release.

There is no CVE assigned, if you feel strong about it, can you try to get one allocated by MITRE via the cveform? I think we won’t go trough the needed workflow to assign a Debian specific CVE id for it. But we will see what MITRE will respond on the request.

Regards, Salvatore

Information forwarded to [email protected], Debian Mono Group [email protected]:
Bug#972146; Package mono-runtime-common. (Sat, 18 Feb 2023 11:09:03 GMT) (full text, mbox, link).

Acknowledgement sent to Gabriel Corona [email protected]:
Extra info received and forwarded to list. Copy sent to Debian Mono Group [email protected]. (Sat, 18 Feb 2023 11:09:03 GMT) (full text, mbox, link).

Message #60 received at [email protected] (full text, mbox, reply):

Hi!

A while has passed, and have now proposed the same change for bullseye as well, cf. #1031527.

Great!

There is no CVE assigned, if you feel strong about it, can you try to get one allocated by MITRE via the cveform? I think we won’t go trough the needed workflow to assign a Debian specific CVE id for it. But we will see what MITRE will respond on the request.

I don’t believe MITRE will accept such a request and redirect me to Debian [1].

I believe obtaining a CVE ID would be beneficial so that this issue may be tracked by downstream projects/distributions.

[1] https://www.cve.org/PartnerInformation/ListofPartners/partner/debian

Regards,

Gabriel

Information forwarded to [email protected], Debian Mono Group [email protected]:
Bug#972146; Package mono-runtime-common. (Sat, 18 Feb 2023 18:33:06 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff [email protected]:
Extra info received and forwarded to list. Copy sent to Debian Mono Group [email protected]. (Sat, 18 Feb 2023 18:33:06 GMT) (full text, mbox, link).

Message #65 received at [email protected] (full text, mbox, reply):

On Sat, Feb 18, 2023 at 12:04:27PM +0100, Gabriel Corona wrote:

I believe obtaining a CVE ID would be beneficial so that this issue may be tracked by downstream projects/distributions.

All those distros were notified via your post to oss-security. You can try cveform, if there’s no assignment via that channel, that’s about it.

In the past assigning CVEs for Debian was simple, but with some recent changes it has become a complicated, time-consuming process and now we only do it in select cases.

Cheers, Moritz

Reply sent to Salvatore Bonaccorso [email protected]:
You have taken responsibility. (Sat, 18 Feb 2023 19:33:05 GMT) (full text, mbox, link).

Notification sent to Simon McVittie [email protected]:
Bug acknowledged by developer. (Sat, 18 Feb 2023 19:33:05 GMT) (full text, mbox, link).

Message #70 received at [email protected] (full text, mbox, reply):

Source: mono Source-Version: 6.8.0.105+dfsg-3.3~deb11u1 Done: Salvatore Bonaccorso [email protected]

We believe that the bug you reported is fixed in the latest version of mono, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is attached.

Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software pp. Salvatore Bonaccorso [email protected] (supplier of updated mono package)

(This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected])

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Format: 1.8 Date: Fri, 17 Feb 2023 06:30:39 +0100 Source: mono Architecture: source Version: 6.8.0.105+dfsg-3.3~deb11u1 Distribution: bullseye Urgency: medium Maintainer: Debian Mono Group [email protected] Changed-By: Salvatore Bonaccorso [email protected] Closes: 972146 Changes: mono (6.8.0.105+dfsg-3.3~deb11u1) bullseye; urgency=medium . * Rebuild for bullseye . mono (6.8.0.105+dfsg-3.3) unstable; urgency=medium . * Non-maintainer upload. * Revert “Added desktop file for mono with and without a terminal window” (Closes: #972146) Checksums-Sha1: d299482a99e07ddf029a7af708349fbe7ce2c298 19828 mono_6.8.0.105+dfsg-3.3~deb11u1.dsc a1384f42844a91fe0694a53294b7ad80602b5a98 136612 mono_6.8.0.105+dfsg-3.3~deb11u1.debian.tar.xz 391ef1d5d5fed5e5d8eaf70723ea44ef2f3fc19a 8639 mono_6.8.0.105+dfsg-3.3~deb11u1_source.buildinfo Checksums-Sha256: c80858ad5831da11c1d2f41d737d98ad1799837a03c736b02b2ff971e908a853 19828 mono_6.8.0.105+dfsg-3.3~deb11u1.dsc ead2d8f25eee6a9583e2d721cf5f1798ef8620b1f7c5d335ee825669a63e74b8 136612 mono_6.8.0.105+dfsg-3.3~deb11u1.debian.tar.xz ad5250a2be26d40c9673a449ba04c016716de0eee8bd0e2db9aa2ffcfa38114e 8639 mono_6.8.0.105+dfsg-3.3~deb11u1_source.buildinfo Files: 59881fe1fbb0d47eee63b9cad4bb49a3 19828 cli-mono optional mono_6.8.0.105+dfsg-3.3~deb11u1.dsc 07164271ff2a0471649877da2eea4801 136612 cli-mono optional mono_6.8.0.105+dfsg-3.3~deb11u1.debian.tar.xz 97a141996471fbd9db3d6716550928ae 8639 cli-mono optional mono_6.8.0.105+dfsg-3.3~deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmPv7QtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EWO0P/AihgX6WjxFqqnbIynGJwsICMriYVXmg 6c7CukOQSsVZFCnpZ7A3N/N+BSueics++yMNk3fy5yWV9FcQizlM28xp702b0Pan h4phGEkoNYsSdfoe5ng98uI3KiiA7nxnG9B41XAmx3OM0ZjCDThkzTf7xostCPAT o2Kdz3e2paEOVe/MAHKCKpLGGK3nTjwdWGxDDW0dxMzxgYL6QiI9Ov0oruXF0wN3 ApBAUIpzG08OCbmKDJtp1I6LtueKZZIQuCHPYiAOzC+pZ2uM3PSKlyEObsxC6p0c 80MsepKIeDlKLtcwe0EB7kbp9OMHWpeyZ9vIwISdnhUSb1oJ702AWtbL5egKxtGx qfMX9lon/Gq7nNAL312MBHPmz6rEDM6mp0LvOpctN4c8HTx8cTVlvRVIwC9esVE2 iX+WpVtwZ5WGspTg8SjEfLIk5GyuAT+orRuoAyuK+/H5swO/8Qt1ZeLqXIYXsbaz VqaliQjFnG5wj5k1sqojZATWIZB0HuRS+P1eo5VKnWDrMqWUcncCpdrO2KS3iS9i 7TPr+5qxx2xfh/dMAuI1baJ/6oSZpWq1M01MMcpd25XfTQzh7gumLJ70hamq7x9m 63Ill18FdVSGgsKIddPGXPKKmNtrs5x/kmSgbyrcx1dkaoZupnDWdsy7AAns2Fkg l61u92DQGmtu =KA6x -----END PGP SIGNATURE-----

Changed Bug title to '/usr/share/applications/mono-runtime-common.desktop: should not handle MIME type by executing arbitrary code (CVE-2023-26314)' from '/usr/share/applications/mono-runtime-common.desktop: should not handle MIME type by executing arbitrary code’. Request was from Salvatore Bonaccorso [email protected] to [email protected]. (Wed, 22 Feb 2023 06:54:02 GMT) (full text, mbox, link).

Information forwarded to [email protected], Debian Mono Group [email protected]:
Bug#972146; Package mono-runtime-common. (Wed, 22 Feb 2023 06:57:03 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso [email protected]:
Extra info received and forwarded to list. Copy sent to Debian Mono Group [email protected]. (Wed, 22 Feb 2023 06:57:03 GMT) (full text, mbox, link).

Message #77 received at [email protected] (full text, mbox, reply):

Hi Gabriel,

On Sat, Feb 18, 2023 at 12:04:27PM +0100, Gabriel Corona wrote:

Hi!

A while has passed, and have now proposed the same change for bullseye as well, cf. #1031527.

Great!

There is no CVE assigned, if you feel strong about it, can you try to get one allocated by MITRE via the cveform? I think we won’t go trough the needed workflow to assign a Debian specific CVE id for it. But we will see what MITRE will respond on the request.

I don’t believe MITRE will accept such a request and redirect me to Debian [1].

I requested one directly from MITRE, it is now https://www.cve.org/CVERecord?id=CVE-2023-26314 .

Regards, Salvatore

Send a report that this bug log contains spam.

Debian bug tracking system administrator <[email protected]>. Last modified: Wed Feb 22 07:35:56 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.