Debian Linux Security Advisory 5272-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5272-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
November 06, 2022                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : xen  
CVE ID         : CVE-2022-33745 CVE-2022-33746 CVE-2022-33747 CVE-2022-33748  
                 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312  
                 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316  
                 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320  
                 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42324  
                 CVE-2022-42325 CVE-2022-42326

Multiple vulnerabilities have been discovered in the Xen hypervisor, which  
could result in privilege escalation, denial of service or information leaks.

For the stable distribution (bullseye), these problems have been fixed in  
version 4.14.5+86-g1c354767d5-1.

We recommend that you upgrade your xen packages.

For the detailed security status of xen please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/xen

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNoDxgACgkQEMKTtsN8  
TjZe9w//T3wWINyhswzOvgmUPDPbui3uMXWcnpkSXkS1RzVwt4UoqRwtrFpA/+jK  
0Y/Ug7/8S6Z6/RQfWS7zJcEHR+ClyDDn0IOK6Qkwjigz0V4GQbuOPvCML7GB6E/K  
mQoTe7iXSIRXHsFPr83YdAcB8n0XC1tEvvVd2aKbcxwLF+2f6FE5KiK3pN0Znej5  
IboMksgI7fnwNvE06ouSNYjjv7k/aDzFhV8NruOV6ecnF8R9iSWB73gLjba4XhmA  
4daNZDMKHHWtBrTMEobR+Kd/ycIY0nXDqSZI9Y0CMLFMO4PLRysgz7fBdEeX+RRo  
ZO9hbSKJLxrSu81uNuZOglwIIgNjrpMp1RXOQBjqAIn9JX2v0TFvX2WJQSZkNO5P  
1PRBqDZdS9o7RqJbpeaX2oF3GI/fj8bTApopdWjfoZVyKrMr7cLgOAgk92ngfUWC  
dAmBGqupevC+4jaOMR2r7usYFDuPXeaBRXr2WuBpSyPmO+lrQUCXC5vGQS0yE93N  
PnmcSatAx3QmIBGKWqDmsQDH7mUpzS2ShIdrIhJc7IEwyFGUOhBJ6v2U2awMbCG7  
XASAHcEAa4/pbDSo7bOMCv17BxC5uiZJx4Dmmq1kMy82oZ91qoCfFd0hSLxENhRW  
Oi/sMwqd5wc+P6n80KopjFjsPaIfmfArj3l/BmpRsVCscy7bTZI=tL2J  
-----END PGP SIGNATURE-----

Debian Security Advisory 5272-1

Debian Linux Security Advisory 5271-1 - Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5271-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
November 05, 2022                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : libxml2  
CVE ID         : CVE-2022-40303 CVE-2022-40304  
Debian Bug     : 1022224 1022225

Several vulnerabilities were discovered in libxml2, a library providing  
support to read, modify and write XML and HTML files.

CVE-2022-40303

    Maddie Stone discovered that missing safety checks in several  
    functions can result in integer overflows when parsing a XML  
    document with the XML_PARSE_HUGE option enabled.

CVE-2022-40304

    Ned Williamson and Nathan Wachholz discovered a vulnerability when  
    handling detection of entity reference cycles, which may result in  
    corrupted dictionary entries. This flaw may lead to logic errors,  
    including memory errors like double free flaws.

For the stable distribution (bullseye), these problems have been fixed in  
version 2.9.10+dfsg-6.7+deb11u3.

We recommend that you upgrade your libxml2 packages.

For the detailed security status of libxml2 please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/libxml2

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNmu0JfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0QPYQ/5AQtGMTA78fVUCt9lBuzBbGe5F/2jOHmP2CIlEbV3RnHtZe9wMGlcYvSq  
4hDRvu8OEHmSwqHyRbghQt2oCvSLhtIhqxf0Itro5Pv8PWrhoFy6TdNX9tW+ARqz  
TIF93hiHeTuQO+XqkTct50KUlTB6ccZDREqx7tGK4B/8fHM+34vPca0nRpWHUaXM  
aUJtgGNRvO+th3qulMKGGzE2K05678D1RYngF3T/NJ0+aobfdd4dVOobyVqotF76  
thwO04V54oXVNuaRUJ5ItGKcY6sLx0l0cJ+HysB93xS2TGDAZhayFkMRKTk7hfOo  
B08LPMnYjcbb+A1cezT+XpgcTOir+pZXuNSUuB7Q1vwERXGnhdMC0Z8hwTL5o18A  
h4S6fk7vPSIIOzOGkAWYQ0mjsG5c45rXDVCp4u9LwIqIEAq/pXI7UTp+kJFSRerk  
Q8lWBuTiwjlaaFGslANxmbPJtfS4PHFFLPnjJJArhJI0CRi5cq3Htruw/5sVgwTj  
Xu+d1ht/jmmNfNS4qTDBpq1wJVmpc82qrxT8uDLp1BK2nBx6tSnsDViENIPBZE3O  
OzmIYYCAuXvhKK4QG9H/02hBBhwSFVI/TnFzFhF8KyA95VXCYpBkUpweU0in4PuK  
l4/gd0lPZGeJDw7VI+p7HG5GeOA/7d+NkvwrHaHe4iShFfHYZxIŽtg  
-----END PGP SIGNATURE-----

Debian Security Advisory 5271-1

In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the camera-file module.

**July 2021** Exciting news, moni::tool gets an update!

moni::tool is the platform for the management of an almost unlimited number of stations, online probes, analyzers and parameters. In combination with the terminal con::cube V3 it is a powerful solution for compact station control.

With the new moni::tool v4.2 update the system is now more secure than ever!

**Support of HTTPS (encrypted http)**

moni::tool now ships with a self-signed certificate that encrypts data sent from a con::cube to a remote PC and back. It is possible to upload a server signed certificate.

**Secure file transfer protocol (SFTP)**

FTP file transfer connections use a secure shell tunnel (FTP over SSH). SFTP encrypts your data and passwords so that others cannot read them during transfer over the internet. SFTP only uses port 22 and there is no need to open passive mode ports with SFTP.

**Upgraded operating system (Linux Debian 10 “Buster”)**

Debian 10 brings stability fixes and the latest security updates such as a webserver update, a new web kit (webbrowser) and much more to moni::tool.

**Hardened security for remote access**

Access to moni::tool over the web requires taking a close look at software security. We did exactly that and are happy to announce that the following security flaws could be closed: CVE-2020-12507, CVE-2020-12508 and CVE-2020-12509.

**Support of Io::Tool upgrades**

With the upcoming Io::Tool upgrades, you can upload and apply update packages to a spectro::lyser V3, easily upgrade spectro::lyser V3 via moni::tool and supply update packages on USB sticks.

**Language extension (Polish)**

In addition to the 8 currently supported languages, the complete moni::tool user interface is now also available in Polish.

**Related Posts**

*   **The new moni::tool v4.2 | Security first!**
    
    July 2021 Exciting news, moni::tool gets an update! moni::tool is the platform for the management of an almost unlimited number of…

CVE-2020-12509: The new moni::tool v4.2 | Security first!

Debian Linux Security Advisory 5270-1 - Yuchen Zeng and Eduardo Vela discovered a buffer overflow in NTFS-3G, a read-write NTFS driver for FUSE, due to incorrect validation of some of the NTFS metadata. A local user can take advantage of this flaw for local root privilege escalation.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5270-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoNovember 04, 2022                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : ntfs-3gCVE ID         : CVE-2022-40284Yuchen Zeng and Eduardo Vela discovered a buffer overflow in NTFS-3G, aread-write NTFS driver for FUSE, due to incorrect validation of some ofthe NTFS metadata. A local user can take advantage of this flaw forlocal root privilege escalation.For the stable distribution (bullseye), this problem has been fixed inversion 1:2017.3.23AR.3-4+deb11u3.We recommend that you upgrade your ntfs-3g packages.For the detailed security status of ntfs-3g please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/ntfs-3gFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmNk0SpfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0Ti5A/9FsoHBMdHvmNC5orI/fWqKGJoJyG3Uf192sLVRxWDaX1P2GW8eDS6KiOCiCAenevi6yXslNVIpxMUCgevx0v7znAxxcbc4Wocax0j4ereSR+6T8pS6IvgcwAg0r6wXfHsjcm3AoAq/D5MamtC2YHpYDgppei65OvZeHIG0D8p57+KbMp3M9rqRp/NbvAjO38f0XiJ6zn+ry19Yy1YdS8I6xG/VYb0ab/Wg/v7cFv2f+qfLG0EZuOBF3wM0WXHtVxAgviVLznupokZo2yxxCl+DqWXSfOZM4OaQMzoJ50Rizp2PLUxs2BjVIst9QYOPkTB2EWrXRn4Bj5Q2AmNfmaAWBbADzOw7xfkLeXwCRz8Zvn+JOvMatSMVlmGGHD/so0NHpPIkINP/5hQO95b3bbwPeKUNtUaYsfAHDPMkRm26O0VNu0fSjjaK48Us4QlqFHpmCtt09Gs7ACZDeCjJy0vPs9ejG5Nf2aNZBNiu/vzANIjQlkmcG5WcpRLo+Tt/fNEUZMrKzww2awZ+08ht1cPffuvQfZRXGNiQGVt2KBtLUuKQ3uOumxGJmFS/lEdgkCSLoRnLFyjpGeSTEGWq/4BLWOUyasSQ5NJuBz1b+k2gC1YiZmBY8Q0jp20GV33WVJZ25gRonq+E9i91Eh0u10CM9uKeYYsh5VDnPXiDiEzewY=jcHQ-----END PGP SIGNATURE-----

Debian Security Advisory 5270-1

Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them.

**  
Zettlr \[_ˈset·lər_\]**

**A Markdown Editor for the 21st century**.

     

Homepage | Download | Documentation | Discord | Contributing | Support Us

With Zettlr, writing professional texts is easy and motivating: Whether you are a college student, a researcher, a journalist, or an author — Zettlr has the right tools for you. Watch the video or continue reading to see what they are!

Visit our Website.

**Features**

*   Available in over a dozen languages
*   Tight and ever-growing **integration with your favourite reference manager** (such as Zotero or JabRef)
*   **Cite with Zettlr** using citeproc and your existing literature database
*   Five **themes and dark mode support**
*   File-agnostic writing: Enjoy **full control over your own files**
*   Keep all your notes and texts **in one place** — searchable and accessible
*   **Code highlighting** for many languages
*   Simple and beautiful **exports** with Pandoc, LaTeX, and Textbundle
*   Support for state of the art knowledge management techniques (**Zettelkasten**)
*   A revolutionary **search algorithm** with integrated heatmap

… and the best is: **Zettlr is Open Source (FOSS)!**

**Installation**

To install Zettlr, just download the latest release for your operating system! Currently supported are macOS, Windows, and most Linux distributions (via Debian- and Fedora-packages as well as AppImages).

All other platforms that Electron supports are supported as well, but you will need to build the app yourself for this to work.

**Please also consider becoming a patron or making a one-time donation!**

**Getting Started**

After you have installed Zettlr, head over to our documentation to get to know Zettlr. Refer to the Quick Start Guide, if you prefer to use software heads-on.

**Contributing**

Zettlr is an Electron\-based app, so to start developing, you'll need to have:

1.  A NodeJS\-stack installed on your computer. Make sure it's at least Node 14 (lts/fermium). To test what version you have, run node -v.
2.  Yarn installed. Yarn is the required package manager for the project, as we do not commit package-lock.json\-files and many commands require yarn. You can install this globally using npm install -g yarn or Homebrew, if you are on macOS.

Then, simply clone the repository and install the dependencies on your local computer:

$ git clone https://github.com/Zettlr/Zettlr.git
$ cd Zettlr
$ yarn install --frozen-lockfile

The --frozen-lockfile flag ensures that yarn will stick to the versions as listed in the yarn.lock and not attempt to update them.

During development, hot module reloading is active so that you can edit the renderer's code easily and hit F5 after the changes have been compiled by electron-forge. You can keep the developer tools open to see when HMR has finished loading your changes.

**What Should I Know To Contribute Code?**

In order to provide code, you should have basic familiarity with the following topics and/or manuals (ordered by importance descending):

*   JavaScript (especially asynchronous code) and TypeScript
*   Node.js
*   Electron
*   Vue.js (2.x) and Vuex
*   CodeMirror (5.x)
*   ESLint
*   LESS
*   Webpack 5.x
*   Electron forge
*   Electron builder

> Note: See the "Directory Structure" section below to get an idea of how Zettlr specifically works.

**Development Commands**

This section lists all available commands that you can use during application development. These are defined within the package.json and can be run from the command line by prefixing them with yarn. Run them from within the base directory of the repository.

**start**

Starts electron-forge, which will build the application and launch it in development mode. This will use the normal settings, so if you use Zettlr on the same computer in production, it will use the same configuration files as the regular application. This means: be careful when breaking things. In that case, it's better to use test-gui.

**package**

Packages the application, but not bundle it into an installer. Without any suffix, this command will package the application for your current platform and architecture. To create specific packages (may require running on the corresponding platform), the following suffixes are available:

*   package:mac-x64 (Intel-based Macs)
*   package:mac-arm (Apple Silicon-based Macs)
*   package:win-x64 (Intel-based Windows)
*   package:win-arm (ARM-based Windows)
*   package:linux-x64 (Intel-based Linux)
*   package:linux-arm (ARM-based Linux)

The resulting application packages are stored in ./out.

> This command will skip typechecking to speed up builds, so be extra cautious.

**release:{platform-arch}**

Packages the application and then bundles it into an installer for the corresponding platform and architecture. To create such a bundle (may require running on the corresponding platform), one of the following values for {platform-arch} is required:

*   release:mac-x64 (Intel-based Macs)
*   release:mac-arm (Apple Silicon-based Macs)
*   release:win-x64 (Intel-based Windows)
*   release:win-arm (ARM-based Windows)
*   release:linux-x64 (Intel-based Linux)
*   release:linux-arm (ARM-based Linux)

The resulting setup bundles are stored in ./release.

> Please note that, while you can package directly for your platform without any suffix, for creating a release specifying the platform is required as electron-builder would otherwise include the development-dependencies in the app.asar, resulting in a bloated application.

**lang:refresh**

This downloads the four default translations of the application from Zettlr Translate, with which it is shipped by default. It places the files in the static/lang\-directory. Currently, the default languages are: German (Germany), English (USA), English (UK), and French (France).

> Please note, that this command is intended for an automated workflow that runs from time to time on the repository to perform this action. This means: Do **not** commit updated files to the repository. Instead, the updated files will be downloaded whenever you git fetch.

**csl:refresh**

This downloads the Citation Style Language (CSL) files with which the application is shipped, and places them in the static/csl-locales\- and static/csl-styles\-directories respectively.

> Please note, that this command is intended for an automated workflow that runs from time to time on the repository to perform this action. This means: Do **not** commit updated files to the repository. Instead, the updated files will be downloaded whenever you git fetch.

**lint**

This simply runs ESLint. Apps such as Atom or Visual Studio Code will automatically run ESLint in the background, but if you want to be extra-safe, make sure to run this command prior to submitting a Pull Request.

> This command will run automatically on each Pull Request to check your code for inconsistencies.

**reveal:build**

This re-compiles the source-files needed by the exporter for building reveal.js\-presentations. Due to the nature of how Pandoc creates such presentations, Zettlr needs to modify the output by Pandoc, which is why these files need to be pre-compiled.

> Please note, that this command is intended for an automated workflow that runs from time to time on the repository to perform this action. This means: Do **not** commit updated files to the repository. Instead, the updated files will be downloaded whenever you git fetch.

**test**

This runs the unit tests in the directory ./test. Make sure to run this command prior to submitting a Pull Request, as this will be run every time you commit to the PR, and this way you can make sure that your changes don't break any tests, making the whole PR-process easier.

**test-gui**

Use this command to carefree test any changes you make to the application. This command will start the application as if you ran yarn start, but will provide a custom configuration and a custom directory.

> This command will skip typechecking to speed up builds, so be extra cautious.

**The first time you start this command**, pass the --clean\-flag to copy a bunch of test-files to your ./resources\-directory, create a test-config.yml in your project root, and start the application with this clean configuration. Then, you can adapt the test-config.yml to your liking (so that certain settings which you would otherwise _always_ set will be pre-set without you having to open the preferences).

Whenever you want to reset the test directory to its initial state (or you removed the directory, or cloned the whole project anew), pass the flag --clean to the command in order to create or reset the directory. **This is also necessary if you changed something in test-config.yml**.

You can pass additional command-line switches such as --clear-cache to this command as well. They will be passed to the child process.

> Attention: Before first running the command, you **must** run it with the --clean\-flag to create the directory in the first place!

Additionally, have a look at our full development documentation.

**Directory Structure**

Zettlr is a mature app that has amassed hundreds of directories over the course of its development. Since it is hard to contribute to an application without any guidance, we have compiled a short description of the directories with how they interrelate.

    .
    ├── resources                      # Contains resource files
    │   ├── NSIS                       # Images for the Windows installer
    │   ├── icons                      # Icons used to build the application
    │   ├── screenshots                # The screenshots used in this README file
    ├── scripts                        # Scripts that are run by the CI and some YARN commands
    │   ├── assets                     # Asset files used by some scripts
    │   └── test-gui                   # Test files used by `yarn test-gui`
    ├── source                         # Contains the actual source code for the app
    │   ├── app                        # Contains service providers and the boot/shutdown routines
    │   ├── common                     # Common files used by several or all renderer processes
    │   │   ├── fonts                  # Contains the font files (note: location will likely change)
    │   │   ├── img                    # Currently unused image files
    │   │   ├── less                   # Contains the themes (note: location will likely change)
    │   │   ├── modules                # Contains renderer modules
    │   │   │   ├── markdown-editor    # The central CodeMirror markdown editor
    │   │   │   ├── preload            # Electron preload files
    │   │   │   └── window-register    # Run by every renderer during setup
    │   │   ├── util                   # A collection of utility functions
    │   │   └── vue                    # Contains Vue components used by the graphical interface
    │   ├── main                       # Contains code for the main process
    │   │   ├── assets                 # Static files (note: location will likely change)
    │   │   ├── commands               # Commands that perform user-actions, run from within zettlr.ts
    │   │   └── modules                # Main process modules
    │   │       ├── document-manager   # The document manager handles all open files
    │   │       ├── export             # The exporter converts Markdown files into other formats
    │   │       ├── fsal               # The File System Abstraction Layer provides the file tree
    │   │       ├── import             # The importer converts other formats into Markdown files
    │   │       └── window-manager     # The window manager manages all application windows
    │   ├── win-about                  # Code for the About window
    │   ├── win-custom-css             # Code for the Custom CSS window
    │   ├── win-defaults               # Code for the defaults file editor
    │   ├── win-error                  # The error modal window
    │   ├── win-log-viewer             # Displays the running logs from the app
    │   ├── win-main                   # The main window
    │   ├── win-paste-image            # The modal displayed when pasting an image
    │   ├── win-preferences            # The preferences window
    │   ├── win-print                  # Code for the print and preview window
    │   ├── win-quicklook              # Code for the Quicklook windows
    │   ├── win-stats                  # Code for the general statistics window
    │   ├── win-tag-manager            # Code for the tag manager
    │   └── win-update                 # The dedicated update window
    ├── static                         # Contains static files, cf. the README-file in there
    └── test                           # Unit tests
    

**On the Distinction between Modules and Service Providers**

You'll notice that Zettlr contains both "modules" and "service providers". The difference between the two is simple: Service providers run in the main process and are completely autonomous while providing functionality to the app as a whole. Modules, on the other hand, provide functionality that must be triggered by user actions (e.g. the exporter and the importer).

**The Application Lifecycle**

Whenever you run Zettlr, the following steps will be executed:

0.  Execute source/main.ts
1.  Environment check (source/app/lifecycle.ts::bootApplication)
2.  Boot service providers (source/app/lifecycle.ts::bootApplication)
3.  Boot main application (source/main/zettlr.ts)
4.  Load the file tree and the documents
5.  Show the main window

And when you shut down the app, the following steps will run:

1.  Close all windows except the main window
2.  Attempt to close the main window
3.  Shutdown the main application (source/main/zettlr.ts::shutdown)
4.  Shutdown the service providers (source/app/lifecycle.ts::shutdownApplication)
5.  Exit the application

During development of the app (yarn start and yarn test-gui), the following steps will run:

1.  Electron forge will compile the code for the main process and each renderer process separately (since these are separate processes), using TypeScript and webpack to compile and transpile.
2.  Electron forge will put that code into the directory .webpack, replacing the constants you can find in the "create"-methods of the window manager with the appropriate entry points.
3.  Electron forge will start a few development servers to provide hot module reloading (HMR) and then actually start the application.

Whenever the app is built, the following steps will run:

1.  Electron forge will perform steps 1 and 2 above, but instead of running the app, it will package the resulting code into a functional app package.
2.  Electron builder will then take these pre-built packages and wrap them in a platform-specific installer (DMG-files, Windows installer, or Linux packages).

Electron forge will put the packaged applications into the directory ./out while Electron builder will put the installers into the directory ./release.

**Command-Line Switches**

The Zettlr binary features a few command line switches that you can make use of for different purposes.

**--launch-minimized**

This CLI flag will instruct Zettlr not to show the main window on start. This is useful to create autostart entries. In that case, launching Zettlr with this flag at system boot will make sure that you will only see its icon in the tray.

Since this implies the need to have the app running in the tray bar or notification area when starting the app like this, it will automatically set the corresponding setting system.leaveAppRunning to true.

> Note: This flag will not have any effect on Linux systems which do not support displaying an icon in a tray bar or notification area.

**--clear-cache**

This will direct the File System Abstraction Layer to fully clear its cache on boot. This can be used to mitigate issues regarding changes in the code base. To ensure compatibility with any changes to the information stored in the cache, the cache is also automatically cleared when the version field in your config.json does not match the one in the package.json, which means that, as long as you do not explicitly set the version\-field in your test-config.yml, the cache will always be cleared on each run when you type yarn test-gui.

**--data-dir=path**

Use this switch to specify custom data directory, which holds your configuration files. Without this switch data directory defaults to %AppData%/Zettlr (on Windows 10), ~/.config/Zettlr (on Linux), etc. The path can be absolute or relative. Basis for the relative path will be either the binary's directory (when running a packaged app) or the repository root directory (when running an app that is not packaged). If the path contains spaces, do not forget to escape it in quotes. ~ to denote home directory does not work. Due to the bug in Electron an empty Dictionaries subdirectory is created in the default data directory, but it does not impact functionality.

**--disable-hardware-acceleration**

This switch causes Zettlr to disable hardware acceleration, which could be necessary in certain setups. For more information on why this flag was added, see issue #2127.

**VSCode Extension Recommendations**

This repository makes use of Visual Studio Code's recommended extensions feature. This means: If you use VS Code and open the repository for the first time, VS Code will tell you that the repository recommends to install a handful of extensions. These extensions are recommended if you work with Zettlr and will make contributing much easier. The recommendations are specified in the file .vscode/extensions.json.

Since installing extensions is sometimes a matter of taste, we have added short descriptions for each recommended extension within that file to explain why we recommend it. This way you can make your own decision whether or not you want to install any of these extensions (for example, the SVG extension is not necessary if you do not work with the SVG files provided in the repository).

If you choose not to install all of the recommended extensions at once (which we recommend), VS Code will show you the recommendations in the extensions sidebar so you can first decide which of the ones you'd like to install and then manually install those you'd like to have.

> Using the same extensions as the core developer team will make the code generally more consistent since you will have the same visual feedback.

**License**

This software is licensed via the GNU GPL v3-License.

The brand (including name, icons and everything Zettlr can be identified with) is excluded and all rights reserved. If you want to fork Zettlr to develop another app, feel free but please change name and icons. Read about the logo usage.

CVE-2022-40276: GitHub - Zettlr/Zettlr: A Markdown Editor for the 21st century.

Debian Linux Security Advisory 5269-1 - Nicky Mouha discovered a buffer overflow in the sha3 module of PyPy, a fast, compliant alternative implementation of the Python language.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5269-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffNovember 02, 2022                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : pypy3CVE ID         : CVE-2022-37454Nicky Mouha discovered a buffer overflow in the sha3 module of PyPy, afast, compliant alternative implementation of the Python language.For the stable distribution (bullseye), this problem has been fixed inversion 7.3.5+dfsg-2+deb11u2.We recommend that you upgrade your pypy3 packages.For the detailed security status of pypy3 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/pypy3Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNivD4ACgkQEMKTtsN8TjYcfxAAhkg2+/s7yTHve08CkBReV5cZ+z3cJSCCm53l4CHbpiNcza7IPzi0/GMjEupYEF+Mozvtm2puVgnWRkckuF5Nss3+yZYpHpPug4AHbEQy7GD7OdqVkV6aih0oAgIfd2jeaxzUAEEQ/7Mr+wInMknxDGmW5giFo2vUvR5dESRcfuImyaiJBlT6KUZY5ocMpp/JNcomfI61vJnzpqcnP8MMSLfzQuyyJoWXlUonJJCKw881Em2buRDRIZJJr3Gl5uF4vXUsJEWQqLMvpqJfCwjI+h6gmkZexv8fklU+xF5NFbf8Hlo2mOJq7mZVX6xplm0AhgsaqtM/dm1U4jHFflLvJ6LYTRTP3XqsuysSMhmURE6n7wUZBF/BvCqn747nS3yKFKyWXcP2AuEwZy1awo2xWigk5QJLIpcMcYP1MxLrMYZE2F59xXTctPLdwxZjdT1PZIUmxHVw3+kGDkGB/4EB9DGTYP925Acj+pwnrgBgwisQs0o2vKkKhYMZ3xvUf0BMszbVmNMBHE0YFPtAD/H8ALdxOTFwMtihQzBKvwmiBohn1lLRr00rNpaiYxJVOPxPFQUhI/RrB2m1BD0aAWSPNGZu8THbYyxA+1Sur3DMMRrihDLGfcZj2RzKGMEkUffW5oj9ZQeqhele6vfqHfvWRnhjc8rVkhRlyFCYLsHtnM4=2m5H-----END PGP SIGNATURE-----

Debian Security Advisory 5269-1

Debian Linux Security Advisory 5268-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5268-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffNovember 01, 2022                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : ffmpegSeveral vulnerabilities have been discovered in the FFmpeg multimediaframework, which could result in denial of service or potentially theexecution of arbitrary code if malformed files/streams are processed.For the stable distribution (bullseye), this problem has been fixed inversion 7:4.3.5-0+deb11u1.We recommend that you upgrade your ffmpeg packages.For the detailed security status of ffmpeg please refer toits security tracker page at:https://security-tracker.debian.org/tracker/ffmpegFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNhc1QACgkQEMKTtsN8TjadExAAhdN753YXa53vaBbQi8XQHiZEfWJY6ohVHwVrYMnQ31aa0XzJ7IsnQ7MauWpcwd/xxv/pg0BuNsUY4V4oFLHRJJd9+TGqfzg6nNYBOawrntTy0WrWwXS14A2IkYZ+TE888y/5/P0AkNdAtgEn3nsgPdgGF79/axvLQ0mU6jfb6qkg7CwDrjwdVbaxaR1Tb4V1PJhrkFE/wFnjlvhNc8Xfc8EcoorCslPuQ6KAEB1SLQikcSwzy2B4f8Kzyob4tkts5fckbtJp5O5fbgNfqiPS2np92e3B1PfzY+yTztj2yZaTNxAfRu5Wd5TrGzmj5mh+4sbYmSAIddA72TxsyLiIbMX5B0n7f6irQr4lnPbaUKOlE/PKidwyiZg4MUkU2c88FD0AlaHUieugO6/VNRa3iKcDJE8XScpAxYSJ/t7+k0O2oHd2+/e2CO1fY6XW5L4Q5bFjTWnefyf2Q4t2JTRYeD1aepz6F/+ly1odFFCMe1NL63Icteypi2hMExUmyDpU0G60vYg5DpgHvj7HM4Xds9r/zc6OYgrgAJQMnRTVTb+4dZrHPQAZ8vQwP/QVh+bgK5u9QjajS2DM30/cV/zIr1B2/09c566N7xHXrYv359toAsELKKoYB4Kxn/vNJtR0WeuZPfcO062kuWpKHTJ3A3lK7UrcBY7YuBFBK2PXCSI=SdoQ-----END PGP SIGNATURE-----

Debian Security Advisory 5268-1

xfig 3.2.7 is vulnerable to Buffer Overflow.

Toggle useless messages

**Report forwarded** to debian-bugs-dist@lists.debian.org, subin.kim@prosys.kr, Roland Rosenfeld <roland@debian.org>:  
Bug#992395; Package xfig. (Wed, 18 Aug 2021 06:15:03 GMT) (full text, mbox, link).

**Acknowledgement sent** to "Potential Buffer Overflow vulnerability in xfig-3.2.7b" <subin.kim@prosys.kr>:  
New Bug report received and forwarded. Copy sent to subin.kim@prosys.kr, Roland Rosenfeld <roland@debian.org>. (Wed, 18 Aug 2021 06:15:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: xfig
Version: xfig
Severity: important

Dear Maintainer,

It seems that there exists a potential Buffer Overflow.
(src/w\_help.c:55)
sprintf(filename, "%s/html/%s/index.html", XFIGDOCDIR, getenv("LANG"));

the length of getenv("LANG") may become very long and cause Buffer Overflow while executing sprintf(...).


-System Information:
Debian Release: 11.0
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86\_64)

Kernel: Linux 4.4.0-19041-Microsoft
Locale: LANG=en\_US.UTF-8, LC\_CTYPE=en\_US.UTF-8 (charmap=UTF-8), LANGUAGE=en\_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages xfig depends on:
pn  fig2dev | transfig  <none>
ii  libc6               2.31-13
ii  libjpeg62-turbo     1:1.5.2-2+deb10u1
ii  libpng16-16         1.6.36-6
ii  libx11-6            2:1.6.7-1+deb10u2
ii  libxi6              2:1.7.9-1
pn  libxpm4             <none>
ii  libxt6              1:1.1.5-1+b3
ii  sensible-utils      0.0.14
pn  xaw3dg              <none>

Versions of packages xfig recommends:
pn  xfig-libs  <none>

Versions of packages xfig suggests:
pn  cups-client | lpr  <none>
pn  ghostscript        <none>
pn  gimp               <none>
pn  gsfonts-x11        <none>
pn  netpbm             <none>
pn  spell              <none>
pn  xfig-doc           <none>

**Reply sent** to Roland Rosenfeld <roland@debian.org>:  
You have taken responsibility. (Fri, 20 Aug 2021 12:09:03 GMT) (full text, mbox, link).

**Notification sent** to "Potential Buffer Overflow vulnerability in xfig-3.2.7b" <subin.kim@prosys.kr>:  
Bug acknowledged by developer. (Fri, 20 Aug 2021 12:09:03 GMT) (full text, mbox, link).

Message #12 received at 992395-close@bugs.debian.org (full text, mbox, reply):

Source: xfig
Source-Version: 1:3.2.8a-1
Done: Roland Rosenfeld <roland@debian.org>

We believe that the bug you reported is fixed in the latest version of
xfig, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 992395@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Roland Rosenfeld <roland@debian.org> (supplier of updated xfig package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 20 Aug 2021 13:26:32 +0200
Source: xfig
Architecture: source
Version: 1:3.2.8a-1
Distribution: unstable
Urgency: medium
Maintainer: Roland Rosenfeld <roland@debian.org>
Changed-By: Roland Rosenfeld <roland@debian.org>
Closes: 992395
Changes:
 xfig (1:3.2.8a-1) unstable; urgency=medium
 .
   \* New upstream release 3.2.8a.
   \* 07\_missing-config.h, 08\_fig-format-doc, 09\_repair-table-doc are now
     incorporated upstream.
   \* Adapt file preservation to new upstream version.
   \* Update debian/copyright.
   \* Move xfig binary to /usr/libexec/xfig/xfig.
   \* Package test binaries and use them in autopkgtest.
   \* Update to Standards-Version 4.6.0 (no changes).
   \* 07\_LANG\_overflow: Avoid buffer overflow in LANG (Closes: #992395).
Checksums-Sha1:
 3c61e420b37da903f6a7e246fb0bacdab13c5ab8 2268 xfig\_3.2.8a-1.dsc
 0ac17ad33fdc8d570c187641e3d62ca9cd8faa2e 5380896 xfig\_3.2.8a.orig.tar.xz
 cd9de585ba1cf9f60cb888db8e6c23aedac8db8a 31736 xfig\_3.2.8a-1.debian.tar.xz
 7ec24ede8ad6c45982f1d6daecdf8eb2bbeb78db 8802 xfig\_3.2.8a-1\_source.buildinfo
Checksums-Sha256:
 5ccff8d437f6cca74c999902606c5288bc2faa3d4e369fbf5e9e41f06f528b83 2268 xfig\_3.2.8a-1.dsc
 ba43c0ea85b230d3efa5a951a3239e206d0b033d044c590a56208f875f888578 5380896 xfig\_3.2.8a.orig.tar.xz
 5bce4925951b4da43606ea0fdbc58e6d5bd586db5d3288f1b6abd2f69bc7dbe8 31736 xfig\_3.2.8a-1.debian.tar.xz
 8b72190e5c937543ef4692e84125a5bc816e234e68982b38f2c2d9f63e48f407 8802 xfig\_3.2.8a-1\_source.buildinfo
Files:
 47505378c399e92bd8320c9e7c3cfa26 2268 graphics optional xfig\_3.2.8a-1.dsc
 58dd2b6f9f17d7006c78156ce2da0073 5380896 graphics optional xfig\_3.2.8a.orig.tar.xz
 21becafff522811fd703ad707848b2c8 31736 graphics optional xfig\_3.2.8a-1.debian.tar.xz
 1ad72572a407e7d1ee3be3d287bbf4f4 8802 graphics optional xfig\_3.2.8a-1\_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErC+9sQSUPYpEoCEdAnE7z8pUELIFAmEfkesACgkQAnE7z8pU
ELK3ihAAjb2QzTyLRtUVTT50trBehzl8WJvfo7txeYBvJZup+j0hd0T46EFlpZ7M
gTFTN2zxWf7w8WUYQyfSqM7anzl3otEEaLSQ3kE3vzo+ZH9T0J98m2F/OQbEqF1u
QLbZxQF4f8M98s3TY3qBrE8Q+jN9CxcAaHMD4raoUw5LVz6FJ8c/l/xg8AQN2ekK
YWwwhZnxRWJjM3mu6hK7Cj9ihOsrs6f9q10t08q6sKVnuWLTUuvl5mGB3cDd/zHk
YNJ724pBwqUNPU1sDfGl6/DWiuWjmJwaQ1H/MnPEnV/7Utu3adfvF7AAodmxuV91
Jvx5Tb9VqnY84eRdCi2zFFyMKk4Kv6VXNLcOtFbpg7chFcWApIm+NY4Ql5s21yZg
JJZgrVHEo1rjqGbNQ9dnQHN8qZCANeKbJ44eGDgFnYPrUr963TWHhbDOOcwgU4sS
/HQf6aeq6OtXU5gSpLW2yfex2PAPustTmedREnSLuI3V5yiQxNa3Z8fQe3I36AKR
f0M4PU0c8JFEucA4ocwnzKflGsEqwGd/0OOSiPLShCdE+iaBrbz7FaOnQBO81Oyx
KUEXbL19EgBvSiz1oXIuVxgoObcEx2PK+W8uw1RkWq7Y2yjfx2N+kuDvTsJAEDzA
xYOtje3y6/VKKGWBVlDz8rFJSBA0hSY68XS+xQTzFPnNIU5wFPw=
=/r76
-----END PGP SIGNATURE-----

**Bug archived.** Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 18 Sep 2021 07:29:13 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org\>. Last modified: Mon Oct 31 16:35:27 2022; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

CVE-2021-40241: #992395 - xfig: Potential Buffer Overflow vulnerability in src/w_help.c

At this year’s KubeCon/CloudNativeCon, both development and operations practitioners were tackling different security needs.

As a self-identified movie buff, some movie lines somehow stick with me over the years. One of them is from Ridley Scott's _Gladiator_ (2000), when a Roman senator says, "The beating heart of Rome is not the marble of the Senate, it is the sand of the Colosseum."

That line popped up in my head as I walked around the halls at KubeCon/CloudNativeCon ("KubeCon"), the marquee event for the Cloud Native Computing Foundation (CNCF). To me, the beating heart of cloud-native security is most definitely KubeCon.

This year's North American edition of the event took place last week in Detroit, bringing together thousands of participants on-site plus many others remotely. In addition to the main three-day event, the growing interest in specific projects has led the Cloud Native Computing Foundation to set up various "co-located events" ahead of the main conference.

For the 2022 event, there was not only a specific CloudNativeSecurityCon two-day event but also plenty of security content across other events, including Application Networking Day, EnvoyCon, Policy Day with OPA, ServiceMeshCon, and more, reflecting the wide interest in cloud-native security topics. Interestingly, the CloudNativeSecurityCon event has itself now "graduated" to an independent event to be hosted separately in February.

**Cloud-Native security: Development vs. Operations**

So, where is the current state of cloud-native security conversations? To Omdia, there is a strong bifurcation: development-centric concerns and operations-centric concerns. It is not as helpful to call these "Dev" and "Ops" because team structure is in flux in many organizations: some may have site reliability engineering (SRE) teams, some may call them operations, platform teams, and more.

On the development side of the ledger, three topics of interest are provenance, noise, and exposure.

Provenance asks the fundamental question: Can we trust the integrity of the external component we're incorporating into our software pipeline? While many examples exist, the 2020 SolarWinds attack was a turning point for interest in the integrity of the software supply chain. At KubeCon, there was palpable momentum behind the idea of signing software images: The sigstore project was announced as general availability and is being used by Kubernetes and other key projects.

Noise refers to reducing the number of vulnerabilities that exist in the environment, starting with slimming down the container base images that are being used. This may include using image bases such as Alpine or Debian Slim or considering "distroless" alternatives that are even smaller. The benefit is that these smaller images have minimal footprint and therefore reduced chance of vulnerabilities popping up.

Exposure: For any given vulnerability, how exposed are we as an organization? There is no better example of this in recent industry history than Log4j, of course. This is the realm of discussions on software bills of materials (SBOMs) as it relates to knowing where components may be used either as images sitting in a registry somewhere or running in production. Interestingly, as this essay is being written, there's advance notice that information about critical vulnerabilities in OpenSSL 3.x will be disclosed imminently, which will likely be another good use case for SBOMs — just where is OpenSSL 3.x used in our organization? Given that SBOM coverage is still not widespread, Omdia expects minimal SBOM usage this time around, unfortunately.

Operations teams are naturally focused on providing and operating an increasingly complex underlying platform and doing so securely. The word “platform” is particularly relevant here: There was notable interest in organizing Kubernetes and many of the growing list of CNCF projects (140 as of this writing, between the various stages of project incubation: sandbox, incubation, graduated) into easier-to-consume platforms. Of specific interest to security audiences, projects such as Cilium (using the underlying eBPF functionality) for networking and observability, SPIFFE/SPIRE (for establishing identities), Falco (for runtime security), Open Policy Agent (for policy-as-code), Cloud Custodian (for governance), and others are worth looking into. The expectation is that these projects will increasingly collaborate with "observability" aspects of cloud-native and will also be deployed using practices such as GitOps.

**Reasons for Optimism on Cloud-Native Security**

Where do we go from here? It was abundantly clear that the cloud-native community cares deeply about security and is moving forward full-speed with tackling the many topics around it. The guidance to security teams is to quickly come up to speed on how these different projects and initiatives are being implemented. It's important to note that for many organizations, this will come not in the form of explicitly using the community project (though some will), but rather as part of a packaged platform from vendors such as Red Hat, SUSE, Canonical, and others, or directly from the cloud providers such as AWS, Google Cloud, Azure, Oracle, and others.

Be aware that, in the context of open source usage, there's no such thing as really "free" — even if one chooses to use the vanilla upstream version of projects, there are inherent costs in maintaining those packages and participating in the community development.

Cloud-Native Security Was in the Air at KubeCon/CloudNativeCon 2022

Debian Linux Security Advisory 5267-1 - Nicky Mouha discovered a buffer overflow in 'sha3', a Python library for the SHA-3 hashing functions.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5267-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffOctober 30, 2022                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : pysha3CVE ID         : CVE-2022-37454Debian Bug     : 1023030Nicky Mouha discovered a buffer overflow in 'sha3', a Python library forthe SHA-3 hashing functions.For the stable distribution (bullseye), this problem has been fixed inversion 1.0.2-4.1+deb11u1.We recommend that you upgrade your pysha3 packages.For the detailed security status of pysha3 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/pysha3Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNeydYACgkQEMKTtsN8TjZM0RAAk28/0iK+MlZR4EtgLm8chSw8YsaDjyCC6yVv82fz5yjYRhNkCteunkH0ffN2B8EXRJN8pqRV89ptnwOkwW3KjaJ6un3new3Zg4sPFB2DULd3yoxD3YGlzbh/EmHsnDSN88M8TSSi6IGErBIrMNqKt0FORg9/whpujDOJToo5np8uV7/SZNEMo2BOLtLIoXjMB4erlaI5pEE9/mEr6hzXJNsiVy82GtGZESuFo0XWu3hsD6BCzBvWKvZIOuALuTE9BEPGWJBPAIAqDS48yEd8KXiSEex9zsxdAa2vhsFHJ3U1LvwxZY0DvjG5JSjImc9U/p7DrwHhSyuS/pUFkR47Hl+d5i6+9IcU3lvFjszrq9bX019HuF2/U9ZfgvNQL/LmUpxFEyEziE3xkMG/SBP809fJ+UAU1XRV4qj6Yd/dN9TBZXE4eTcjzVCnjxjEzJKjaMcNl1qMM5JanG69iuGdy61ubTA/vEjxNH3qQOnJmITc1RuLlpkiU7TVA6ggNJ59xPQLLvgJ0lTY0oOQ0+pGh8aTHixHQFa35ynES6i+gKULv6M+fa/oayRLpw+06fGoSxdPmM8LHp9c54pLN3KgPIIcb/Aimkl+ReUYnrSXsaerfmyXS3f0LEjfhSxozXAooTxRr3eh5pUpTd3fuooodn9Zh3o5E5QcTbK82UGkTLI==p4UM-----END PGP SIGNATURE-----

Tag

#debian