[SECURITY] [DLA 858-1] wireshark security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: wireshark Version: 1.12.1+g01b65bf-4+deb8u6~deb7u7 CVE ID : CVE-2017-5596 CVE-2017-5597 CVE-2017-6467 CVE-2017-6468 CVE-2017-6469 CVE-2017-6470 CVE-2017-6471 CVE-2017-6472 CVE-2017-6473 CVE-2017-6474 It was discovered that Wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for ASTERIX, DHCPv6, LDSS, IAX2, WSP and RTMPT and the NetScaler and K12 file parsers, that could lead to various crashes, denial-of-service, or execution of arbitrary code. For Debian 7 "Wheezy", these problems have been fixed in version 1.12.1+g01b65bf-4+deb8u6~deb7u7. We recommend that you upgrade your wireshark packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJYyzxDAAoJEPZk0la0aRp9z+wQAKDFTMaMTgHsvwqiJjMaYsp2 rbJ+PlXsvYLaz6WkY+CZI6OHw++D9VEXgpqOa5OF+OS8l9kvJM05rYbxxxqPjVvq 4b2PYWyfsp/0yrm0SxS1WzhBLBdiDqOHSzop/hYv5E7mUKrwGXORP4VhLg9MY30f CWajIv+pFT+BR6PGEd0Sakz3N7iDYLQprayEEPbYuyQsVXLE1Bx/CQwqQwl8sQ4X lmXSjEEnjnhG8pXz8RrkBTAwFJGxuD4HiqtMAQ750ksCJYGd1JMC1XzdJBLlbS/K bxTIKkDos4YDr5sAgZ/EYswkkvf/SNtzTwZDqhQuGStkqPLBNEEUOzuYjSiGyLjO Kag3KRrcOboaaZnG5I2E746uQlnCqGpqDZa1PF6o2tnAv9s/+H17GMGxXyIXmmSv MXiqw4GdxWN7wv83o7qrMeLWP1zLKHTTT2lpuUHZJMUbJ89K5H/WXtwh10nnoEyl yG87671xm3YWrtYN8WAupDdSSrO1SftX4xh+F5pBivz/ZJpsf+WPqEP6TNjd2SsH pungceDxEEIUR3DUZ2XN4MpbeFZlr6GDGp82HjqQKEtQdda+3/cpDsHHv1sahDYA xMO7HRkZO6KI+cprHqZr7O3XGlPvMaGnvl8woBdYuGpM6SQhdXXdkxOxiep7bbXt IdRFrbsWDj/TYwvUbPTg =JF7t -END PGP SIGNATURE-
[SECURITY] [DLA 844-1] libquicktime security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libquicktime Version: 2:1.2.4-3+deb7u1 CVE ID : CVE-2016-2399 Debian Bug : 855099 Marco 'nemux' Romano discovered that an integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom. For Debian 7 "Wheezy", these problems have been fixed in version 2:1.2.4-3+deb7u1. We recommend that you upgrade your libquicktime packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJYtiFTAAoJEPZk0la0aRp9hnoP/i67nnjVtc6J6Kdz/08Dx4MX YxbPDCvlFbmQT/EkL6Y5qpaD8UHxEzHPiu+uZijvEbONtHZJ4ZppX4155lmYY2TT Wj1DskONEc3pbRLX9AkQ9yDW+O62tfsWqzD5cUYv0ZLU6+BB1f+Q4iq5t9KUyde7 u8CHCC2bf7HVJftEvVCi1PNy21KKjguvn08x2jRaHVr+FkBYlK8tAphg2iYgrYEr qSG5ruBJrrptpUtnWX/scERPCb+I8Cq03nqqD9ARkN1fYst8oTSO/CXENbUzL3Vm y5ZriHBWFak2ZnKRqMpL6YjeAAFcnqcJJHkRtrhn/YGnmV0occG2I2uIV3Osy1Fs qMrRencGnZEKIndMoHPTB8fsfpOL4z2cMm787Wun2qzGEVSkT7I7TwiwXLIzeTej szhWdy/tEG571QJ7lBzK2IYxscyAOlmKiFjRrsn6uj29cwQ7rl+wscYdwUBhftz8 2bW2UxKhY0LEmVbA2oA3StGTvj+cMlH3cduTw0Ajkf/W+sBCpe7aNM+tQAlemAsC 9VJ29R4mT1Q4VNXl9GthO+1ukylGLhTdbN0pHaemRFl5u1SNdWNSxXKWDzXh2zB8 azuoEQkprLefDIzTRLAqIbDgw6sczUZJMOKUZKlA+lJ8b9bUlJuHgvYL4/Pl+7MN x9hvPgBvrvOFoD2yW3X5 =Z/1G -END PGP SIGNATURE-
[SECURITY] [DLA 838-1] shadow security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: shadow Version: 4.1.5.1-1+deb7u1 CVE ID : CVE-2017-2616 Debian Bug : 855943 Tobias Stoeckmann discovered that su does not properly handle clearing a child PID. A local attacker can take advantage of this flaw to send SIGKILL to other processes with root privileges, resulting in denial of service. For Debian 7 "Wheezy", these problems have been fixed in version 4.1.5.1-1+deb7u1. We recommend that you upgrade your shadow packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJYs2TMAAoJEPZk0la0aRp92h4P/AiI4RyMXC+6zWLWSNeAC2nM ubVHSCqJ0X+Ywn4YB0qm88BIni+xXFoZUuQS01qXW3vPPn2xLdR5apSwMAfhRyE6 NJAKQQplSARx33l5gdT+S1f2lqiga64OHeGq8cAXmV8LYL2xrfGf8ZjzRt3pS1fP 3vH17QfLEKlMVCN07ZeSu/lOQ8nPA5KKdpQg7NUfiheJT0TxdTch4zhDPEgwu3hr Ll/BSakluZiPUyQ7wMb/EwQcas64/5W/GE71FqDSi71vWZC0cijjxAx+ilcNCy4U zSHRVq+m35JiCyr5h2CEwWIef/Ot4kwdOPoGUP8zeYt8Stm5jsmSW7o1JFyiHq9d OaFi6+oWAJwVT3Mwra9+Gju2PL6BIuqiaeG1CZEpnWDnlZaMNsSf0wl0jnzzttFy qo+pX4rFbCqVUanf92ppNkFKQo0GNbyrRUA/DglXpctlD6K9y+GagV1ZF1RIHIjR eQlXgK5Uyx1F79SGupkZf/aHRJxgjd+lnPJR6mKOCfhazHLY7aQxU/JsS2BidVUn v91V4+tIHGHDoXfZom2EhLPKZTINgdhLQnzgr1ReOLZTS8jlG44VpBeDaGNak2f2 FVNu/oZfw/1QeEM1nov3Cjg9h1ZJhYH57d5ZphaOPUaoeG67Um275uFkEizEc9gI cLdDVx0wfRF5eLoTbaOV =ydYJ -END PGP SIGNATURE-
[SECURITY] [DLA 819-2] mysql-5.5 version number correction
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: mysql-5.5 Version: 5.5.54-0+deb7u2 CVE ID : Debian Bug : #854713 This is a correction of DLA 819-1 that mentioned that mysql-5.5 5.5.47-0+deb7u2 was corrected. The corrected package version was 5.5.54-0+deb7u2. For completeness the text from DLA 819-1 is available below with only corrected version information. No other changes. It has been found that the C client library for MySQL (libmysqlclient.so) has use-after-free vulnerability which can cause crash of applications using that MySQL client. For Debian 7 "Wheezy", these problems have been fixed in version 5.5.54-0+deb7u2. We recommend that you upgrade your mysql-5.5 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJYnauEAAoJEPZk0la0aRp90xkP/jLroLDDyIik0viip9W6Ml/m Jj5F8iTjEUwsQmmLSkji+zXnMMz0VXPdB6UyM4QyNqslG4jG0DK16CVP+ElXg7ds MKCMrY9TtRlgG85KB6BXdRIdgCBX4GhijtinMCJQ8LzAc4KXx3fN1XnCdYKIh5m1 jes7/AAPIRErao0/+SWOo8nzRjdr/FAE1JAUFggMB3p9B1CgKrBlHyMku59EUz7w +6HI9NIlQAGaTlPjp+7FNZY5skB2nBcPqsxBxQ74Y9HUI3rRHlv7mi89WuMWt7+r C9EyLf+AO105JcA75WXYVPDgcFYCDMhZo7s5BuovH4Iw8e7pkiXCU9SfyZTR0ZJe 2UVMOAfZk/Dqo4PhY3H1V9ezM1Y24OyZzslnbpzkEP4EsAsconC3EETAxEcRbdbR ohIFm8X5pFZwMQmfIJ+P6fywetnD5HlD38hF2enRxqTN7fHIVz7xPixLC/4Lk3t9 aJactd+zyzRR2dtehFQsJnUODV7B8pGICoF6saYikEdHnY/o7Iq7lwo8UK1NZoAN zhmm3VkyQFNOWRPaghE3LCDkdvipabAIAqiX02UbPPUduSe5W6/MSdmXhS/Pg81a OxAwaLkt7FdGlpwm2hewqZeegRY/qCECg793dHFliofpgTJsNhG8nn7XEMaKrER8 fomkEBqmXUCLeEUZBo+g =yupE -END PGP SIGNATURE-
[SECURITY] [DLA 819-1] mysql-5.5 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: mysql-5.5 Version: 5.5.47-0+deb7u2 CVE ID : Debian Bug : #854713 It has been found that the C client library for MySQL (libmysqlclient.so) has use-after-free vulnerability which can cause crash of applications using that MySQL client. For Debian 7 "Wheezy", these problems have been fixed in version 5.5.47-0+deb7u2. We recommend that you upgrade your mysql-5.5 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJYnMAMAAoJEPZk0la0aRp9c88P+wfcaIk3DssR/acJnGJyomKW 4MrYwqC+tGfB/5Lm3xPqaAMI2/FJ6mwiLjsIgCPJwdL7KjEtZWVys5NgFX5EFWxJ 94Fu5C1u1HRG1z4wzd0f4AdLWssjyffFbUrxvRpCXNMiBOFqu1DSCqcF6ILPTr5k 6LcB1mNVZUAcaPU51hT4Loq3dSaLJUI7xFmzioHcQLRCVzua9SdEP9dj7WNLytMn urT9cACkLG/JI8GTnUGH348ISqwuKcuKzAfqvX5XmoxMB1Xrkjn3nFgA7s6g1GSA seo78rCB/fXeG270RPB6JEaWY7oTyrFsXUxCh/20QLDF3NAhPeVAzzwoUPqCyQFS 0yyRDrJvjP3nhSE7A4be/X+jFlcdMIj3SOfpFhpxUFk1iE+GNZX0NjA/8/Vtw+OM BcspccgNhVShOWCQTeMZ94B/3+Zk5al+k3Mz9zbEM5y/tql0Vm7xrqvkmEvqX6y2 AI/7djoUPVUljghhVmpzdI7hEqz/QxhpPdfNf84Q11RtYk9XW7KXB9nVZmNNJSa+ Vnt8IcNZFQHvKmtHf0qUU4LF0xbPV4XQOwbQxBOlVh4EeJ6rAz5ALJ0J6NzSqkST hjmEQm84ZCqnxg/54o1e65JhoDia/rgDCKJWhYguW5rQE7BvnUXt7+rH1j5nDWzj 4QIBaalMi/bu09cZHCwN =sBXP -END PGP SIGNATURE-
[SECURITY] [DLA 804-1] libgd2 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libgd2 Version: 2.0.36~rc1~dfsg-6.1+deb7u8 CVE ID : CVE-2016-9317 CVE-2016-10167 CVE-2016-10168 Multiple security issues have been found in the GD Graphics Library. They may lead to the execution of arbitrary code or causing application crash. CVE-2016-9317 Signed integer overflow in gd_io.c CVE-2016-10167 Improper handling of issing image data can cause crash CVE-2016-10168 GD2 stores the number of horizontal and vertical chunks as words (i.e. 2 byte unsigned). These values are multiplied and assigned to an int when reading the image, what can cause integer overflows. For Debian 7 "Wheezy", these problems have been fixed in version 2.0.36~rc1~dfsg-6.1+deb7u8. We recommend that you upgrade your libgd2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJYjb6hAAoJEPZk0la0aRp9MXIP/1dm1VDPNMCU4MlrYx+4JsXe zGt5RROeZ+VQOpnmBHhy3jmLw6yH7GTXzOEuJqeuTfOIOTpSgDi1eBE/KZQsUN4R wEFpNorHdkFKJjrgtWd7TXOzaMechuscs7XZTPUktS12BHwoVebpywfrfm+6kPOg vh687jo8012nabpVRTA35Y70uOVs8kMZ40E+54BfriynXwt696pK+73xdwP923bK ygc/Rf5aPFGZ6ZiocHWegDUTPqL+qSaR+PRHFfk2n7WCGOLqDL9YtwOk4muPjBbT XD0zDrFGaedIdEjQSq5vrY6Ff4A01LHAAHSsmGWFn8rmRYJuwTz0ijWbjZlbjOOT uOh2kiJ/IO3PIU4tZFL/YU6HzPLBXyHqIVdpww+GyGBaYFk4VlGPLlYW5GOFu+Q9 EScc4RfNEKjWZKEznp0dmafQTZ1FhPJ8h39f8OT/2f3F3htIUaYQYZ6SLCSO5mKs Wgb9sGDIuCLyvsQjjnyG9Hxe7jBTiAkxDHnxkML+uEXqt0eo8ejkrXxV78HytsLI U8f8VR1RuysLaI4LYToA/fjdhBMy+cLw5BISMmThPl1r8by8kPjt7QjPdWT9WfFr CxyuTLHLGMCIjimXmSDVRKKfzV2b/3qmc1ixwkghe7kxreNN1j8J1WbyF74+mFuL GcDYaNpjC9i1+GszR9fD =LIcn -END PGP SIGNATURE-
[SECURITY] [DLA 755-1] dcmtk security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: dcmtk Version: 3.6.0-12+deb7u1 CVE ID : CVE-2015-8979 Debian Bug : 848830 At several places in the code a wrong length of ACSE data structures received over the network can cause overflows or underflows when processing those data structures. Related checks have been added at various places in order to prevent such (possible) attacks. Thanks to Kevin Basista for the report. The bug will indeed affect all DCMTK-based server applications that accept incoming DICOM network connections that are using the dcmtk-3.6.0 and earlier versions. (From: http://zeroscience.mk/en/vulnerabilities/ZSL-2016-5384.php) For Debian 7 "Wheezy", these problems have been fixed in version 3.6.0-12+deb7u1. We recommend that you upgrade your dcmtk packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJYWb4AAAoJEPZk0la0aRp9Cs4P/RrPizhJS6JlSmgjBV1/rNdj xUVYflCT70UsM31gXwUy8tUZ3cTP6xWpcespY54fq2rXPfwjXQxf0vOX2wV/sTrS GtLxRFLnaE2wv8jTkHP0PxunaPvzRYdr+OPXFXoIn8BERXFsiulhhSzsRjTiaHE+ qAYnHoP9UCF5QeFruqW+v0SlG0VQe5fYONfbDJ2zGN/PmcyF38CkMBYb2gUoqHDs 6UT9Aa2LTpMG4MZSmCML1rSv+We17CWExZxfGqNA5+ecQLbjbEUaLkG6zm7ZtM8v i/IdumYDOJ+aiKxd6r4A3aBMVta/xC3L35xVau/D4mK3Z5tAWBSGxdKWv42czZDL Xoz2ac+pZOMGiUXoVINaRGsfMqc4lIgqMlialAmPBcD1R6Bbfnhh0W5tvwDci84N mClJyej6ePrp+agXPFuuzfRFv+LtrdEpfAPiHMVhOXeDbNimoWol0L82R/oOHQRm hH0aU1lHXRWaHI9I5j2J1ax+XHzHArz9oq8hjkqllKtvBUjdkfOvpZ2pHofNRXow O1nT6LDVdEhqYm3hJW9k4nkTnp/MbXAlHXqYI8KCrk0ydmL9slc6OMhCBwMmbcFj tUosFT+mdfKqJjlFu5SXmhW6qxSC6c9t4CnE+Dk287pZ7l09mGPvOT321nxzbWEv SlMdCheg0KTm8lLZLH+/ =SeY6 -END PGP SIGNATURE-
[SECURITY] [DLA 707-1] sudo security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: sudo Version: 1.8.5p2-1+nmu3+deb7u2 CVE ID : CVE-2016-7032 CVE-2016-7076 Debian Bug : 842507 It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system(), popen() or wordexp() C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. CVE-2016-7032 noexec bypass via system() and popen() CVE-2016-7076 noexec bypass via wordexp() For Debian 7 "Wheezy", these problems have been fixed in version 1.8.5p2-1+nmu3+deb7u2. We recommend that you upgrade your sudo packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJYKhbVAAoJEPZk0la0aRp9rLcQAKfu0p5Gv7tCzNgM34VPpXCG y/xrxEJeXhcDJ/Pff9GUDNm9+DSdcNSSCYHK6+PAlTJqppwkWsW+BiPyqMkQrg1w nsVxEcq+n0GH9X9ENQixc8CRXJCpYSYakJyLhDG6khtwjv98Ct6kjkidHuQBLVDg t6zBnC6O5aKHzg2knT4tmePPWVMe9MupXVnXd94cuGyFGodz/bHYk+tlwUjl+4+A T460blhsmoxkD6TUv5flhcjSFKP9H4W95V8tRNXBUpodrsTtA3Lw5CA8+8ZlR/rm QLeWN6ph7WCMkde+zUjRHef6IWEYcNls5VEq3mGw6dhZA/NczLJkH5LrhtXZbpk5 3S3c2cbYYBUabbM4uEgib1tKFKmIWfq/gbfKw3D+CtcUnenLJGXRrp01xKRnMAM5 GRWqLxR2bMFSMfv/JEFOG93o7/gJdtMRzGGURIWKVEZwF5y0y2Z19VzEgbvK+pXH 2E1SZMoIcV6cZcjVnol9mE9bbrX8xFcYs/yC5yMuDPDgdq/yKKHAxPYXsyjE2htv uH3GH+QgBDiIwhsFlCv9iXyaPAJOlnMbIgusw0jNDh8ictcru/RIq0PAUT8CMHjf r4GQDnsaBMLjrsdIWxa6QUrafOA6oiFjDYlx0TQBGopaLBYqZnvYxxTriSr1vAqV Kf2P3DYAa9xLWvpNB6XN =yXps -END PGP SIGNATURE-
[SECURITY] [DLA 694-1] libwmf security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libwmf Version: 0.2.8.4-10.3+deb7u2 CVE ID : CVE-2016-9011 Debian Bug : 842090 Agostino Sarubbo from Gentoo discovered a flaw in libwmf's Windows Metafile Format (WMF) parser which caused allocation of excessive amount of memory potentially leading to a crash. For Debian 7 "Wheezy", these problems have been fixed in version 0.2.8.4-10.3+deb7u2. We recommend that you upgrade your libwmf packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJYGfjGAAoJEPZk0la0aRp97QcP/jocLxjkuNCeUSJJ6awFhTCe 5FA+Ufmbf4AnaccnmfCS1yenadgTkEmzbEJrBUPbfeqAsMaT+kaj7GXOtSAQHwCN jq30QZMSfNQJNzE+f9lPntM6ZD9xkjdt1twfuVS7JpA4bY3qgP7uBUEySnwOnSXU kxTr48dCi+WVksXQ9h7Snk6ov2wedmrNEI/j0ukC1vIQ97sX3y6aw9ijuIqNiW8x Hnl7/11zFjV5aDe7jaMHeT1xg4c6PVmZmXxcHzrqBEZVxpikc3wEAi+UPSjcc5+R ZPxKFq6HCSbttj9Ftw3nOvuvzex1o5Gn130MsBqIJJ1JTyZ2ytDGn7K5+nJOP8yl FFWMYKf02Xj3JmYqiuuv34QmZDO6wkI7gMCW2Ohm4SpYC2lTwr5BEi/2tSUV2Wrp TIt4zZsNq3gYUuPF73MKVktOd5SwMIWKIe1l37yFLtoFqukvxUc6Lw+aR6K7mEjT zU5Ge4amc7tjG02qgbvwpAOEdLGiiBhbD8ZNwWz6dOvzjWOzv3tkRylw9lX4OALI rGDtaf9jCQhGWAGxbBM6uD6hz+DVIZJBW9Euyl0hErb0OCcANpIlIr7nj28Raaqt pYL1GKc9Ajwbm5LQc6g0djC90cyoPushTnWds+JaPomCvlVX5aV0hxKjyQ/qKZTa epMQiVdakbDcB/PWQvi4 =eBHk -END PGP SIGNATURE-
[SECURITY] [DLA 636-2] firefox-esr regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 45.4.0esr-1~deb7u2 The update of firefox-esr to 45.4.0esr-1~deb7u1 caused build failure on armel and armhf architectures. For Debian 7 "Wheezy", these problems have been fixed in version 45.4.0esr-1~deb7u2. We recommend that you upgrade your firefox-esr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJX7pm5AAoJEPZk0la0aRp9ZS4P/1QFwUfLRX0QIRDEcFM070KO ttG4mYVawuKqIKyoIZoPazRAXt124+eHFnNK1AONdRp7YfX/t0u0pz9LZLdK8yS3 cQWe9Fit1phbtcwjYrLHuK4pHbSwpN9763g6iLwAMdELQ3BJvrjdRDBlo+eWavvf u0sxQG4UeLYtLCiTsppccv2uvX57LAs2lK64CCe/G3T2UA0FGcnKSuHOyrK+2zxQ pAzEN9VYZ4Gqzk8W0HwUxdb3h1mlc9SUp3Y3PA2AuiuYY3elTor/X1fYrDQNEgqj rB9SDu15YfCAdY6cqhsoV9QIr8SU8ze2M/fvZetY5FRc6cyAl/6nJlcQIxcr7G7B GJU/ZYt3wWjVG8RpzPwTzb7GSfKe0phsQuOCOB88pawqbYCqG7mn6LjNk1Oukkmk /4YDn1w9vgU95ksTXV1Q0C9mSQU7GYQkK4kHoQLHura3vex+GyWvXEDWqnB0VZQx qA8aOf2Vt52Rfks/cKMhoZQarTgbMIg6F8U4K06N6ruWVcFL19MifIGU1G6VBEUm hS9LZwwmU1XX0vIXUKVdgI8cpd1jUXPiAzq53Qr5fxDtVgc0NUvQ5JYI221oChmZ +O5pHSqVpb1LLkvYkFMW6BFbPoC2+pRKxebhYreTtLC6cU8t7NdwwzyYqJxj3UhE w8D+l5whW5qGSbI7X/SG =MoG/ -END PGP SIGNATURE-
[SECURITY] [DLA 643-1] chicken security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: chicken Version: 4.7.0-1+deb7u1 CVE ID : CVE-2016-6830 CVE-2016-6831 Multiple vulnerabilities have been found in the CHICKEN Scheme compiler: CVE-2016-6830 Buffer overrun in CHICKEN Scheme's "process-execute" and "process-spawn" procedures from the posix unit CVE-2016-6831 Memory leak in CHICKEN Scheme's process-execute and process-spawn procedures For Debian 7 "Wheezy", these problems have been fixed in version 4.7.0-1+deb7u1. We recommend that you upgrade your chicken packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJX7pmBAAoJEPZk0la0aRp94LAP/i8dZ62I/fM/MnbJVjyhyWEb e2FmsHO6CFYP5KaR/hXQv8oKpssTlabLAQzJcbgN9RJbqZ7SpWmaFBXINIWxsCEB qJeCG8bLQs8qrKP/9JYbQxsr4TMvq31yk5i0AFTkELTcKdWi+ORa+1+5mmzBCh7g azlaONXKxTtKDzQ6hk4Cb8tihbJVZQ2S/8BHVn+EcSlUJBOe05lonuT8Nb/rCSer dQ3ZRtgqyVUd7hqR8eZu7Nms+2cxcjjSGfBPM3FnT0uajY9piwBD3lJtH99a7t96 zf/b3sFEvIkNie4I0otharywzcrXZU22MjVw6DT3PJxFdUDbfvsMLH+D0ezBdS28 DFTQ53tsLoby/LW7IEj8y18fYVZ276N0UCtDCbquv7HQa3JE8DbAZUDojlNu1WNI Fe/r8LW1v4ddA64VOg3aqxKDxZjLq7yv3aLxOf/QejSmP7EOxmrIcZ0q0SkAhaGt S0liJcAACY7RLxd2VCbWHPd75tNkbuQ8oYLEsGKeuXhgrpEyhV2C1zEvixaY5hom +Vp16GZROhT8PpsR/YB6wo0UQ55YWhOW4AzMYk5sZwpJrKDfjISPl+48RQUjq4Xc XUAru0HNx866VbzhTpuhur3XluaaHwUrll4m817xatRs9vcrl7KuIjPRGSeuYsPa Jlf08vQEUMEN6+eXQ/1f =9BJF -END PGP SIGNATURE-
[SECURITY] [DLA 636-1] firefox-esr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: firefox-esr Version: 45.4.0esr-1~deb7u1 CVE ID : CVE-2016-5250 CVE-2016-5257 CVE-2016-5261 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or information disclosure. For Debian 7 "Wheezy", these problems have been fixed in version 45.4.0esr-1~deb7u1. We recommend that you upgrade your firefox-esr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJX6mCEAAoJEPZk0la0aRp9YSQP/iyTFaCmKBS37LK+IiQAvsQk jlf508vMQn6cBxO45/yazbHFN9pc5gUe7dxdvHnHMLmaEUoMlHOYUI3BA1XNwjG8 opbhfsltLEdm7pkqNw+qb+rQbjYTCgLMkehiyzjGcfc1q25ai4UsW4fR74KI4IhH psnl5JtP+QGKYcKM6+sgF57SGaf5qKjxw45aEbIrrK/ChmP1Ii8g2eBJ5+iE41u7 B9uY5AEpQ1nRb4TTAhLTykDSRWylPU1Pjvgh9TNlNkbwRm9EqUp/cDZj8Dm+8eXh flRFC19G+v2azHnfFkw3W32kjOR0IgOYoFPYwOenRp7WtIOWk+SZZGuqUUpDlwId Q+IwvFfmOR3Jp7QBcWt1XEQJtCHmyb713hhKJ9sV1mON+thDBrKvhPklh5cu3K7n 2RNEaSXmK0ISi52OqfLY+oX99vL8IyklPi4pIx0NdSSPFwfSjgtdYBBef1d9Utfz +WM+nASjfFOE9BiIvxacRj0DrFuQDGHSHXHWwKZ4qWW+goF9skGbz9OIhk2V76lM egsHA8W3qJaYHmqfSF2BQ/qD2bdoUT53JW79C41xXJmjyejy1snHUkzLBy7qafxQ jz/RlTurjWOdS/V1RBedKgYAsdX/yq1Cdpa//OhRdQ7nTrNh9D2N199MRluSQbop QSuI/CoQoHtKEjdwiUDa =MPZw -END PGP SIGNATURE-
[SECURITY] [DLA 605-1] eog security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: eog Version: 3.4.2-1+build1+deb7u1 CVE ID : CVE-2016-6855 It was discovered that Eye of GNOME incorrectly handled certain invalid UTF-8 strings. If a user were tricked into opening a specially-crafted image, a remote attacker could use this issue to cause Eye of GNOME to crash, resulting in a denial of service, or possibly execute arbitrary code. For Debian 7 "Wheezy", these problems have been fixed in version 3.4.2-1+build1+deb7u1. We recommend that you upgrade your eog packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXw2FOAAoJEPZk0la0aRp9cSQP/ArTK06dS78tcIsfcWiRWMJd 49HvUS4NW8HBckflneygrBHFouyPrcqSjAf4dWy3qsD6NViTkqzNRijd3/cRkU4U OUTdew/hTE+7zBsqHlFF+MfQRAV2bIzoWAIqPhFGCOK9YzVPQbgeGgfl/TbszvxC MypImPLBAeXDksO8tc6ykYI36AxVF48lIK9QVBGxjcDFNjEGtk+9kqwhbB2TznZc AI7fBAxTFI+AnVJbVPLKlkHwYd6icHFZNHxJdLy4E1ofQjNV/iUnG5bhl5VbpTgL b8qod70ftBjZtm/ivzrLJkujDp5/jNso9LNSOACk7VWsjr4xkOCtn3OWZ2fjpuKi /hM1M2QUkyHE6j2bdxmKi4gEthkxW9/AqkJr1zwWNx7JoNCqKqBLc/r5BS6KPTXs BIDQVz8nKVMOsW3s8baXUOnYROyxQY4YgTBYPTFf8isANZU7aa4vN8IGUgwf7T/Z 8ftJWh7dIUit0dObHBr7LXSdSl1LycGBgTtIWQx2JlTd7FV4rrMCwylzbfrQQZwG 2QNcVh6Qt3/6sO9nImyP6ubo5If2y2+ATK7nqmtYISn9niPVXrYN8LnsCXMx/Nva Gobr6aKNupYdW+1qmGb/n1o1wY/pj40PUuAQoBl4clpKsR1zwS/yPyATLwzIMrFq aswMAZmUsXLb8NZkrnzH =j4g/ -END PGP SIGNATURE-
[SECURITY] [DLA 595-1] wireshark security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: wireshark Version: 1.12.1+g01b65bf-4+deb8u6~deb7u3 CVE ID : CVE-2016-6504 CVE-2016-6505 CVE-2016-6506 CVE-2016-6507 CVE-2016-6508 CVE-2016-6509 CVE-2016-6510 CVE-2016-6511 Multiple vulnerabilities were discovered in the dissectors for NDS, PacketBB, WSP, MMSE, RLC, LDSS, RLC and OpenFlow, which could result in denial of service or the execution of arbitrary code. For Debian 7 "Wheezy", these problems have been fixed in version 1.12.1+g01b65bf-4+deb8u6~deb7u3. We recommend that you upgrade your wireshark packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXsddkAAoJEPZk0la0aRp9yUEQALcZFndaOAASfOg3zs3Uy22U yz8DWvOefoHy9cxOXW3sP7/gYY3xm5ojqzAxehSDty93OP5dOZQBTvPap/G/0g8n qdaRQC/D3i+AtMNBeOicu49UQC20FOW4w7xEGLVbHUGIP/OejeSG1nDPwPe9B6kb 5LFHf8O1vEUN2MEqKchj1TegdDDXCLMNGslg1/fShqCoP3wv07iFFONyFhCzOLo4 tkrQX0+pOJb29PRNnOic9cnROSi4hX0whcVrOWlfeJ+pK946+aJod/8fg4K9bJep BjIi8lSbAaISg+/T7HqZPDCyRVx9VTSnQa6CNd7Eflbpkxddp6LzxEVM9u09keIx 7sePt/r+9gkw5qLdXK9yNQJiLOnEZQqsd+78acfp31XffA0nygAdsxx6oX7FE0jM cExi4DTOACsaQ1inM1ygpIzIbAr4x7loxFspRH3mQuY8cwG0bG/uuBtv8IgXilZ+ kaL1q8bU9EA3xSC9+sfPzQFMdSZ9G+tAaM7bU1aGyYvPv7rSD+EtrWIlvbSzPHJT 4T54+mM3k6YnS+MZRIdcV1xLzgT7Y2wZlYg7Jp8nhz2qL6CROl6O/mSbp48NqlO3 umpw+D+NeGFC/+sygU0osOZVgyXdjdDlp3N+eUcp1koKjqtTv9MKy76Ifv/yu0+h tj7lmdh4ybkOBhQZO5LK =IOJq -END PGP SIGNATURE-
[SECURITY] [DLA 591-1] libreoffice security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libreoffice Version: 3.5.4+dfsg2-0+deb7u8 CVE ID : CVE-2016-1513 An OpenDocument Presentation .ODP or Presentation Template .OTP file can contain invalid presentation elements that lead to memory corruption when the document is loaded in LibreOffice Impress. The defect may cause the document to appear as corrupted and LibreOffice may crash in a recovery-stuck mode requiring manual intervention. A crafted exploitation of the defect can allow an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code. For Debian 7 "Wheezy", this problem have been fixed in version 3.5.4+dfsg2-0+deb7u8. We recommend that you upgrade your libreoffice packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXqbyXAAoJEPZk0la0aRp9UWcP/Al22F5NbfIONEjvWxGl1LgG zRhIGsINBTrl/1PVyZ87L/KMPbUxev4KNazLoiKjYoqlxlb8GOUCf6n+azpMH+bl IrLenoUrUncaf/dQyg/ftGbsgofPbAgmRP0Fw4GNcMR6PTzuaCZ12OVoDbGTO/Jo YwHOERGS/p1s0oqPzFsag5WQx+/41eFgj44kQCQGPhCpbTwDDoO7aeOp6wlV7y4S Dr3ObfCaHREtEBUJWBmgUqpggoYlKjfSmh3Lp+QCD1OLiP+kjAmrUyilhtWnp32E q8Pg20wNFH5t9SFQI4E4LOnIvnyVZglH/FjpDjpSs5ljuqKw798MAEmKAa/btbbG YjDS3vKSTARpza072uYmfK7UNVQctKzB29e69DRTlVQLZLv6/Ada1/u/E1qDez/p 6/5uu0t/FX0ewXrksCPgVLNUq1HzNyobXbs+dMFFcYKMeONfLpbK8OC2k4IcRexK /ZNjx6Z0SNwq9Q/1iiAljvgORx/PLPjTBfx/zAQelSC0kIFSxdEw2rQVvH6QnGU7 RSCMsc6/ewWVweRHckEf3YB12agxvECmDof3XMkq1rhsYlffim+yZjkmm4FjfIWF kM5WCZVDUHYTpxY2rQfvFmijnEvckwTNvgaClio98imOD1B4hy1TUxhwv5Ti2kJb dec6ZMtwjvS7nlJA/8ZC =qvnG -END PGP SIGNATURE-
[SECURITY] [REGRESSION] [DLA -] graphite2 regression update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: graphite2 Version: 1.3.6-1~deb7u2 The previous upload of graphite2 (on 2016-04-26) included a .shlib file which did not match the shipped shared libraries preventing packages build-depending on graphite2 libraries to build. For Debian 7 "Wheezy", these problems have been fixed in version 1.3.6-1~deb7u2. We recommend that you upgrade your graphite2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXnx8DAAoJEPZk0la0aRp97uoP/jzwIsRlkymI4zVLe2jWprtS FYG2k41hg6YHXLoVSj4UK3B5iLf6nXY0G2JgrBmSBYfgOaW+slQflt7p7GkPGctF MheNJRSJ/5IqfOGVtdxNXW7TqlnzgVssDCg6tglTubxxRURRdcl577onnuMoIiUy pyDrkIyeiGa2xRZtKsB9Qv1DyDP2MhmUMKr41X4IFMzKGdJto4e4PjV0lq8PSHRK UIiWulIlg6EliIWjwziIg4ISq+RwtK1GFX7lILU/yrRSe+QInzTmXcgXZ4GXMkxn ckCWa2wUtw1RIZdfOEKOR/IM2ZrwSIhS/dzSKkI5kkjlb4tcZ7fxc7iBWJNWf1Bn ntorfrtbi+h2X02dYRi9aZ2lPvo9Or/wMh6PEMJVJb+oXROGbo8Fv1c9nPk7s+V7 dfInY7Hfr7iZqi1I2gsFExYJo29l3zF5Jqcmldch3REhS2dNT5wUKZh9ZP2PSrQo RNZMaRvE9US4iIWeNoy7vSCchIYoWC3IBtJG7oDO3Os332t4P0Vgudy3iTIV4+qR vefjLXuJG+J6NuMInO/LBblhEAEt9NqGP/yry+0c7rOC8Oac0JGe47bMqgOrODF1 P8SRRhPcTiDoiO6qge0uUL+kmTHrmA33Vyogu2438XIZUV/VxFOd4EqGoRuv2XtB LKyPgS3gCksYIobuHoG5 =CmfM -END PGP SIGNATURE-
[SECURITY] [DLA 570-1] kde4libs security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: kde4libs Version: 4:4.8.4-4+deb7u2 CVE ID : CVE-2016-6232 Debian Bug : 832620 It was possible to trick kde4libs's KArchiveDirectory::copyTo() function to extract files to arbitrary system locations from a specially prepared tar file outside of the extraction folder. For Debian 7 "Wheezy", these problems have been fixed in version 4:4.8.4-4+deb7u2. We recommend that you upgrade your kde4libs packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXm++mAAoJEPZk0la0aRp9QEIP/3hDZi/pjlxDpSrBN4PEvsjB eCjInlj0naRagCR3/AC/4IMVCtfwQZr5UrT5cm497FLZvvFvbgjFgOVa2GeUEYu1 WlGBVrzf6qvrjeM2TFMFhBGK1dtIpTedzI0MVC7n9nGhuCOCPWCKmTNLcjhrR1/I +nhYgTpLkYuTMnUPSd9yCeMXZDgeCTVtfMNLXQ+zl/Kn1XrLf9wN/2u8jQxQoTuX kg/kKYq8UwqNEVERWsmaePiFkeeEf2UdDZ5U2JDY+uGm34rcXuvsWFKnGV5O38Aj rT5HjUIgBEBzywjCxgj+GnkRyhtBX2YsR1h/Kc0lChi1xa+tY/rGH0kQKtUimYkC 1UQnVWZRQd+k7Fn2VyXHYh8W9pLoG6I+ocafDqWvJH71eFYxHcpjC601XLWP7LFd MEu9rkTd44FNaxSljW29E062eetbtJ1XlmKoKp3rn83RaJ8sVf123NVAzylxfLZ7 jR8zq6pAZYEkG/qJA38zLnDEXlfFnLec1J/6h8uQgq6gJZgd93Ca8mUwiNO1en7M Tnb8oY4DxgqDlI8Sp/ovc4EhXDTMQBbQuYSgMhXIL0zZ80kjXDLnKspBRo5GTfzB Vz7lBusQwb1CkJviV+9MgSJzhRutblUH1hy4v4bjPxl4zM3YBuhRU8reOm3RnJIv MpabyMBWLQWlXC2LwJG5 =tYnh -END PGP SIGNATURE-
[SECURITY] [DLA 566-1] cakephp security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: cakephp Version: 1.3.15-1+deb7u1 Debian Bug : 832283 CakePHP, an open-source web application framework for PHP, was vulnerable to SSRF (Server Side Request Forgery) attacks. Remote attacker can utilize it for at least DoS (Denial of Service) attacks, if the target application accepts XML as an input. It is caused by insecure design of Cake's Xml class. For Debian 7 "Wheezy", these problems have been fixed in version 1.3.15-1+deb7u1. We recommend that you upgrade your cakephp packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXmnJvAAoJEPZk0la0aRp9BVYP/AwaEyVZleQ71EYHsjPafuoF 1d3FGeZTNkFR+D8bf7+mgmHHtRDHuTCV8Xg0hJS8duXrmVEMQoeNhq7bxaIjLkw6 0kPgtgOEGdUhZFq34C5vOOH0mef3nJcnrlkk2uEGyvrj73jqR557UUGG547msU9F dosYhFcslE79RtXFPj7IMURhKIXzNveWy36I0MUPqqRK6nbiCjEEUGkU2JlzJn0X g+xOlpZB+fsqgLb33Qncn+/ghFx6jL0Rd25fLUvsd7FNf0zFbIlV2ZFzOsUYDDuq HqYB1mXeSr3LveENVPHT3QdYhSCO6A+WEuI0fikoHOuHxvFtL0UehyclaKYWYl6h rRQqgoS7Bb81g1Xw8+/7US8kreIH5oJQ+Ql8l1kGseRoGwriPr+rKPUyWx41/1xe 8XaLmoxfTYIwy76Kt2xy7SMgT8o1UGfk3WG53n6j/wpHnaFwd6CnyfJQmuFig4Z4 M9l3l71UR/NPWvNxf8Im7Bxi5NosrED+2viCaWVenckIDmEaXifindZwcTXwCwug uplbTYaurjGKdjIV+L9cglw+96j+CEiWDzUnOAKY53RT18aHHqhLmApTP/Af6k7j 11WiOW1Alv4qDALWhvHzAbnQDl6+jjXW8/2KtZy5v7DxTH2P0LiwqE/cevEvizVg uGAaQ1KjPW3CfYRn80re =7bDr -END PGP SIGNATURE-
[SECURITY] [DLA 497-1] wireshark security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: wireshark Version: 1.12.1+g01b65bf-4+deb8u6~deb7u1 CVE ID : CVE-2012-6052 CVE-2012-6053 CVE-2012-6054 CVE-2012-6055 CVE-2012-6056 CVE-2012-6057 CVE-2012-6058 CVE-2012-6059 CVE-2012-6060 CVE-2012-6061 CVE-2012-6062 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 CVE-2013-1579 CVE-2013-1580 CVE-2013-1581 CVE-2013-2476 CVE-2013-2479 CVE-2013-2482 CVE-2013-2485 CVE-2013-2486 CVE-2013-2487 CVE-2013-4079 CVE-2013-4080 CVE-2013-4927 CVE-2013-4929 CVE-2013-4931 CVE-2013-5719 CVE-2013-5721 CVE-2013-6339 CVE-2013-7112 CVE-2015-6243 CVE-2015-6246 CVE-2015-6248 CVE-2016-4006 CVE-2016-4079 CVE-2016-4080 CVE-2016-4081 CVE-2016-4082 CVE-2016-4085 Multiple vulnerabilities were discovered in the dissectors/parsers for PKTC, IAX2, GSM CBCH and NCP which could result in denial of service. This update also fixes many older less important issues by updating the package to the version found in Debian 8 also known as Jessie. For Debian 7 "Wheezy", these problems have been fixed in version 1.12.1+g01b65bf-4+deb8u6~deb7u1. We recommend that you upgrade your wireshark packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXTWXnAAoJEPZk0la0aRp9b/EQAIskixovlNrvyC2YNJY/COvR qcMChf8hCa3N8ghW7U2nVvf7I7215CHqFjt5L7JaORkmTYCoethud7f9FgA/Os2L lpsRSCs0i2MOIKMcDdYd/2gF0k164uBsHnIKeZujr0mn4u98mYTgeWvuP/bBN8th VLhKzkrJFLhEDOeKStjL9sQ1de2tH4SOPPNxbo1hqXVNd8oPUGkfT5goAy8LzuUx m6xMOcBu1Ee+koJeJ94HpSydwPVcXVZse/w1gShllcPyCfASzNQP3pYWQRr9tDas cs3eNCUPpGsF/zmNlxea1IXVaaPdTsTiYATMykOcKj46MNXh3/dl0LiqpvSFbm1C TOvIIpEkXaQvka3qlXZ14yVMvQhSFxuqvE6147cCNk1eL46wySZ4587HxsSLyeaP c/FvRzBZlB/n4aF0N3ORKY6J0LkVMfr5Ye0nfPJVnp5ExYsLoHu+0uwdagi72yIb tHLN49ixPj9c2DePami1YOBBNyMB/AZqCpZMWyoHQ+3FriMq80u5snQLbgwXOMNH 7/GcoTITNdSUNR/VZU1Uc0PA6jh5tNr33luldLwyzLUVHlLnTy3IsEas4XmSVu4r mmveoxqvLCUBrpcoXdBlZYX6d52MD50KHXV8ZfkAnEQxqCC/316VM00pa5t+zVUf iwHPgkBSHx/+O9PFz7/f =Be8K -END PGP SIGNATURE-