Ubuntu
xine-lib package

CAN-2005-2967: Format string vulnerability in xine-lib's CDDB response parsing

Bug #23555 reported by Debian Bug Importer
12
Affects Status Importance Assigned to Milestone
xine-lib (Debian)
Fix Released
Unknown
xine-lib (Ubuntu)
Fix Released
High
Martin Pitt

Bug Description

Automatically imported from Debian bug report #332919 http://bugs.debian.org/332919

See original description

CVE References

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Automatically imported from Debian bug report #332919 http://bugs.debian.org/332919

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Sun, 09 Oct 2005 15:58:36 +0200
From: Moritz Muehlenhoff <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: CAN-2005-2967: Format string vulnerability in xine-lib's CDDB response
 parsing

Package: xine-lib
Severity: grave
Tags: security
Justification: user security hole

A format string vulnerability in xine-lib's CDDB response parsing has been found.
Exploitation is quite unlikely, as it would require a rogue CDDB server, but it
should be fixed nevertheless, as the fix is trivial. Please see
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html for
details and a patch.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc1
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)

Revision history for this message
In , Ulf Harnhammar (metaur-operamail) wrote : No

No, you don't need to set up a rogue CDDB server, as CDDB servers let anyone add or modify information about records.

http://www.freedb.org/modules.php?name=Sections&sop=viewarticle&artid=26

// Ulf

--
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 8 at http://www.opera.com

Powered by Outblaze

Revision history for this message
In , Moritz Muehlenhoff (jmm-inutil) wrote :

Ulf Harnhammar wrote:
> No, you don't need to set up a rogue CDDB server, as CDDB servers let anyone add or modify information about records.

But according to the freedb.org FAQs every submission is reviewed before being
applied to the database. So it seems quite unlikely submissions of crafted entries
to exploit this vulnerability would pass this stage.

Cheers,
        Moritz

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Tue, 11 Oct 2005 12:26:10 +0100
From: "Ulf Harnhammar" <email address hidden>
To: <email address hidden>
Cc: <email address hidden>
Subject: No

No, you don't need to set up a rogue CDDB server, as CDDB servers let anyon=
e add or modify information about records.

http://www.freedb.org/modules.php?name=3DSections&sop=3Dviewarticle&artid=
=3D26

// Ulf

--=20
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 8 at http://www.opera.com

Powered by Outblaze

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Tue, 11 Oct 2005 13:59:37 +0200
From: Moritz Muehlenhoff <email address hidden>
To: Ulf Harnhammar <email address hidden>
Cc: <email address hidden>
Subject: Re: No

Ulf Harnhammar wrote:
> No, you don't need to set up a rogue CDDB server, as CDDB servers let anyone add or modify information about records.

But according to the freedb.org FAQs every submission is reviewed before being
applied to the database. So it seems quite unlikely submissions of crafted entries
to exploit this vulnerability would pass this stage.

Cheers,
        Moritz

Revision history for this message
Martin Pitt (pitti) wrote :

stables were fixed in USN-196-1, breezy is fixed as well.

Revision history for this message
In , Ulf Harnhammar (metaur-operamail) wrote :

> > No, you don't need to set up a rogue CDDB server, as CDDB servers
> > let anyone add or modify information about records.
>
> But according to the freedb.org FAQs every submission is reviewed before being
> applied to the database. So it seems quite unlikely submissions of
> crafted entries
> to exploit this vulnerability would pass this stage.

I can't find any place in the FAQ or the web site where it says that. On the contrary:

"Many users submit, and we are (automatically) trying to sort the bad entries out but we cannot guarantee that all submitted data is correct."

http://www.freedb.org/modules.php?name=Sections&sop=viewarticle&artid=4

"We update our master server as well as the mirrors with new submissions several times a day."

http://www.freedb.org/modules.php?name=Sections&sop=viewarticle&artid=26

They had about 19600 submissions last week:

http://www.freedb.org/freedb_stats.php?type=weekly&topic=submits

I think that's pretty conclusive evidence that they don't review the submitted entries.

It should also be noted that if you don't patch xine-lib, you have to trust the freedb.org people 100%, which I'm not willing to do. (I trust debian.org and ftp.sunet.se where I download .debs from, but they both have a reputation and a history.)

// Ulf

--
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 8 at http://www.opera.com

Powered by Outblaze

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Wed, 12 Oct 2005 12:27:17 +0100
From: "Ulf Harnhammar" <email address hidden>
To: "Moritz Muehlenhoff" <email address hidden>
Cc: <email address hidden>
Subject: Re: No

> > No, you don't need to set up a rogue CDDB server, as CDDB servers=20
> > let anyone add or modify information about records.
>=20
> But according to the freedb.org FAQs every submission is reviewed before =
being
> applied to the database. So it seems quite unlikely submissions of=20
> crafted entries
> to exploit this vulnerability would pass this stage.

I can't find any place in the FAQ or the web site where it says that. On th=
e contrary:

"Many users submit, and we are (automatically) trying to sort the bad entri=
es out but we cannot guarantee that all submitted data is correct."

http://www.freedb.org/modules.php?name=3DSections&sop=3Dviewarticle&artid=
=3D4

"We update our master server as well as the mirrors with new submissions se=
veral times a day."

http://www.freedb.org/modules.php?name=3DSections&sop=3Dviewarticle&artid=
=3D26

They had about 19600 submissions last week:

http://www.freedb.org/freedb_stats.php?type=3Dweekly&topic=3Dsubmits

I think that's pretty conclusive evidence that they don't review the submit=
ted entries.

It should also be noted that if you don't patch xine-lib, you have to trust=
 the freedb.org people 100%, which I'm not willing to do. (I trust debian.o=
rg and ftp.sunet.se where I download .debs from, but they both have a reput=
ation and a history.)

// Ulf

--=20
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 8 at http://www.opera.com

Powered by Outblaze

Revision history for this message
In , Joey Hess (joeyh) wrote : reassign 333682 to xine-lib, merging 333682 332919

# Automatically generated email from bts, devscripts version 2.9.8
reassign 333682 xine-lib
merge 333682 332919

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Wed, 19 Oct 2005 22:09:11 -0400
From: Joey Hess <email address hidden>
To: <email address hidden>
Subject: reassign 333682 to xine-lib, merging 333682 332919

# Automatically generated email from bts, devscripts version 2.9.8
reassign 333682 xine-lib
merge 333682 332919

Revision history for this message
Debian Bug Importer (debzilla) wrote :

*** Bug 24302 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Thijs Kinkhorst (kink) wrote : Re: #332919 Still not fixed

On Tue, 2005-11-22 at 23:31 +0100, Jérôme Marant wrote:
> Hi,
>
> I've just noticed that this security bug has not been fixed:
>
> #332919: CAN-2005-2967: Format string vulnerability in xine-lib's CDDB response parsing
>
> Any action taken?

This bug has been addressed for stable in DSA-863, it's only etch/sid
which have to be fixed. The package has two maintainers, but I can't
trace recent activity for any of them.

I've prepared updated packages for xine-lib, which fix this security
issue and the FTBFS-bug. They thus fix 2 RC bugs (or 3 if you count
merged separately). The diff is attached, the updated packages can be
found here: http://www.a-eskwadraat.nl/~kink/xine-lib/

Since I can't upload them myself, maybe someone else can review and
upload?

regards,
Thijs

Revision history for this message
Debian Bug Importer (debzilla) wrote :
Download full text (3.9 KiB)

Message-Id: <email address hidden>
Date: Wed, 23 Nov 2005 10:33:33 +0100
From: Thijs Kinkhorst <email address hidden>
To: <email address hidden>, <email address hidden>, <email address hidden>,
 =?ISO-8859-1?Q?J=E9r=F4me?= Marant <email address hidden>
Cc: <email address hidden>, <email address hidden>, <email address hidden>
Subject: Re: #332919 Still not fixed

--=-4kijn+3twrPUuoRosIth
Content-Type: multipart/mixed; boundary="=-QaeWL16TumS5KjBRZHzH"

--=-QaeWL16TumS5KjBRZHzH
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On Tue, 2005-11-22 at 23:31 +0100, J=E9r=F4me Marant wrote:
> Hi,
>=20
> I've just noticed that this security bug has not been fixed:
>=20
> #332919: CAN-2005-2967: Format string vulnerability in xine-lib's CDDB =
 response parsing
>=20
> Any action taken?

This bug has been addressed for stable in DSA-863, it's only etch/sid
which have to be fixed. The package has two maintainers, but I can't
trace recent activity for any of them.

I've prepared updated packages for xine-lib, which fix this security
issue and the FTBFS-bug. They thus fix 2 RC bugs (or 3 if you count
merged separately). The diff is attached, the updated packages can be
found here: http://www.a-eskwadraat.nl/~kink/xine-lib/

Since I can't upload them myself, maybe someone else can review and
upload?

regards,
Thijs

--=-QaeWL16TumS5KjBRZHzH
Content-Disposition: attachment; filename=xine-lib_CVE-2005-2967.diff
Content-Type: text/x-patch; name=xine-lib_CVE-2005-2967.diff; charset=ANSI_X3.4-1968
Content-Transfer-Encoding: base64

ZGlmZiAtdSB4aW5lLWxpYi0xLjAuMS9kZWJpYW4vcnVsZXMgeGluZS1saWItMS4wLjEvZGViaWFu
L3J1bGVzDQotLS0geGluZS1saWItMS4wLjEvZGViaWFuL3J1bGVzDQorKysgeGluZS1saWItMS4w
LjEvZGViaWFuL3J1bGVzDQpAQCAtOTcsOCArOTcsMTAgQEANCiAJZGhfaW5zdGFsbCAtLWF1dG9k
ZXN0DQogCWRoX2luc3RhbGxkb2NzDQogCSN1Z2x5IGhhY2ssIGRvY3VtZW50YXRpb24gc2hvdWxk
IG5ldmVyIGhhdmUgYmVlbiBpbiAvdS9zL2QveGluZS8uLi4NCi0JbXYgZGViaWFuL3RtcC91c3Iv
c2hhcmUvZG9jL3hpbmUve2ZhcSxSRUFETUUqfSBcDQotICAgICAgICAgICBkZWJpYW4vbGlieGlu
ZTEvdXNyL3NoYXJlL2RvYy9saWJ4aW5lMQ0KKwltdiBkZWJpYW4vdG1wL3Vzci9zaGFyZS9kb2Mv
eGluZS9mYXEgXA0KKwkJZGViaWFuL2xpYnhpbmUxL3Vzci9zaGFyZS9kb2MvbGlieGluZTENCisJ
bXYgZGViaWFuL3RtcC91c3Ivc2hhcmUvZG9jL3hpbmUvUkVBRE1FKiBcDQorCQlkZWJpYW4vbGli
eGluZTEvdXNyL3NoYXJlL2RvYy9saWJ4aW5lMQ0KIAlkaF9pbnN0YWxsY2hhbmdlbG9ncyAtayBD
aGFuZ2VMb2cNCiAJZGhfbGluaw0KIAlkaF9zdHJpcA0KZGlmZiAtdSB4aW5lLWxpYi0xLjAuMS9k
ZWJpYW4vY2hhbmdlbG9nIHhpbmUtbGliLTEuMC4xL2RlYmlhbi9jaGFuZ2Vsb2cNCi0tLSB4aW5l
LWxpYi0xLjAuMS9kZWJpYW4vY2hhbmdlbG9nDQorKysgeGluZS1saWItMS4wLjEvZGViaWFuL2No
YW5nZWxvZw0KQEAgLTEsMyArMSwxMiBAQA0KK3hpbmUtbGliICgxLjAuMS0xLjQpIHVuc3RhYmxl
OyB1cmdlbmN5PWhpZ2gNCisNCisgICogTm9uLW1haW50YWluZXIgdXBsb2FkIGZvciBSQy0oc2Vj
dXJpdHktKWJ1Z3MuDQorICAqIEFwcGx5IHBhdGNoIGZyb20gVWxmIEhhcm5oYW1tYXIgZml4aW5n
IGEgZm9ybWF0IHN0cmluZyB2dWxuZXJhYmlsaXR5DQorICAgIGluIENEREIgcmVzcG9uc2UgcGFy
c2luZyAoQ1ZFLTIwMDUtMjk2NywgQ2xvc2VzOiAjMzMyOTE5LCAjMzMzNjgyKS4NCisgICogRml4
IGJhc2hpc20gaW4gZGViaWFuL3J1bGVzIGNhdXNpbmcgYSBGVEJGUyAoQ2xvc2VzOiAjMzM3OTk2
KS4NCisNCisgLS0gVGhpanMgS2lua2hvcnN0IDxraW5rQHNxdWlycmVsbWFpbC5vcmc+ICBXZWQs
IDIzIE5vdiAyMDA1IDA5OjQyOjM5ICswMTAwDQorDQogeGluZS1saWIgKDEuMC4xLTEuMykg...

Read more...

Revision history for this message
In , Thomas Viehmann (tv-beamnet) wrote :

tag 332919 + pending
thanks

I'm presently uploading Thijs' NMU.

Steve Langasek wrote:
> On Wed, Nov 23, 2005 at 09:15:29PM +0100, Thomas Viehmann wrote:
 [build-problem]
> This is an accidental dependency on i386 only due to a samba misbuild. It
> should be fixed as soon as samba gets binNMUed (autobuilder binNMUs are
> currently down for maintenance).
 Ah. Thanks for the info. So I've built xine-lib with a local binNMU of
samba on i386 and am uploading the xine-lib NMU.

Kind regards

T.
--
Thomas Viehmann, http://thomas.viehmann.net/

Revision history for this message
In , Thijs Kinkhorst (kink) wrote : Fixed in NMU of xine-lib 1.0.1-1.4

tag 332919 + fixed
tag 333682 + fixed
tag 337996 + fixed

quit

This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 23 Nov 2005 09:42:39 +0100
Source: xine-lib
Binary: libxine-dev libxine1
Architecture: source i386
Version: 1.0.1-1.4
Distribution: unstable
Urgency: high
Maintainer: Siggi Langauf <email address hidden>
Changed-By: Thijs Kinkhorst <email address hidden>
Description:
 libxine-dev - the xine video player library, development packages
 libxine1 - the xine video/media player library, binary files
Closes: 332919 333682 337996
Changes:
 xine-lib (1.0.1-1.4) unstable; urgency=high
 .
   * Non-maintainer upload for RC-(security-)bugs.
   * Apply patch from Ulf Harnhammar fixing a format string vulnerability
     in CDDB response parsing (CVE-2005-2967, Closes: #332919, #333682).
   * Fix bashism in debian/rules causing a FTBFS (Closes: #337996).
Files:
 4f201c064f874cd28cd3fc1494157435 1103 libs optional xine-lib_1.0.1-1.4.dsc
 9f48de634d231a863a1cc48b19a1480b 97462 libs optional xine-lib_1.0.1-1.4.diff.gz
 41e688e695473119bb6102417e4d3075 108838 libdevel optional libxine-dev_1.0.1-1.4_i386.deb
 864da56df34734b732f07d16f8358bfd 4431800 libs optional libxine1_1.0.1-1.4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: GnuPG key at <http://thomas.viehmann.net/>

iD8DBQFDhZ3zriZpaaIa1PkRAnNzAKCbMfg6nPo7MGaGP+wuQTc4Z+HvMQCfWb1H
yedfa5GWYm6Tpn073+l+qGc=
=QsWX
-----END PGP SIGNATURE-----

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Thu, 24 Nov 2005 13:02:45 +0100
From: Thomas Viehmann <email address hidden>
To: Steve Langasek <email address hidden>, <email address hidden>,
 <email address hidden>
Cc: Thijs Kinkhorst <email address hidden>,
 <email address hidden>
Subject: Re: #332919 Still not fixed

tag 332919 + pending
thanks

I'm presently uploading Thijs' NMU.

Steve Langasek wrote:
> On Wed, Nov 23, 2005 at 09:15:29PM +0100, Thomas Viehmann wrote:
 [build-problem]
> This is an accidental dependency on i386 only due to a samba misbuild. It
> should be fixed as soon as samba gets binNMUed (autobuilder binNMUs are
> currently down for maintenance).
 Ah. Thanks for the info. So I've built xine-lib with a local binNMU of
samba on i386 and am uploading the xine-lib NMU.

Kind regards

T.
--
Thomas Viehmann, http://thomas.viehmann.net/

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Thu, 24 Nov 2005 04:17:07 -0800
From: Thijs Kinkhorst <email address hidden>
To: <email address hidden>
Cc: Thijs Kinkhorst <email address hidden>, Siggi Langauf <email address hidden>
Subject: Fixed in NMU of xine-lib 1.0.1-1.4

tag 332919 + fixed
tag 333682 + fixed
tag 337996 + fixed

quit

This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 23 Nov 2005 09:42:39 +0100
Source: xine-lib
Binary: libxine-dev libxine1
Architecture: source i386
Version: 1.0.1-1.4
Distribution: unstable
Urgency: high
Maintainer: Siggi Langauf <email address hidden>
Changed-By: Thijs Kinkhorst <email address hidden>
Description:
 libxine-dev - the xine video player library, development packages
 libxine1 - the xine video/media player library, binary files
Closes: 332919 333682 337996
Changes:
 xine-lib (1.0.1-1.4) unstable; urgency=high
 .
   * Non-maintainer upload for RC-(security-)bugs.
   * Apply patch from Ulf Harnhammar fixing a format string vulnerability
     in CDDB response parsing (CVE-2005-2967, Closes: #332919, #333682).
   * Fix bashism in debian/rules causing a FTBFS (Closes: #337996).
Files:
 4f201c064f874cd28cd3fc1494157435 1103 libs optional xine-lib_1.0.1-1.4.dsc
 9f48de634d231a863a1cc48b19a1480b 97462 libs optional xine-lib_1.0.1-1.4.diff.gz
 41e688e695473119bb6102417e4d3075 108838 libdevel optional libxine-dev_1.0.1-1.4_i386.deb
 864da56df34734b732f07d16f8358bfd 4431800 libs optional libxine1_1.0.1-1.4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: GnuPG key at <http://thomas.viehmann.net/>

iD8DBQFDhZ3zriZpaaIa1PkRAnNzAKCbMfg6nPo7MGaGP+wuQTc4Z+HvMQCfWb1H
yedfa5GWYm6Tpn073+l+qGc=
=QsWX
-----END PGP SIGNATURE-----

Revision history for this message
In , Reinhard Tartler (siretart) wrote : Bug#332919: fixed in xine-lib 1.1.1-1
Download full text (3.6 KiB)

Source: xine-lib
Source-Version: 1.1.1-1

We believe that the bug you reported is fixed in the latest version of
xine-lib, which is due to be installed in the Debian FTP archive:

libxine-dev_1.1.1-1_i386.deb
  to pool/main/x/xine-lib/libxine-dev_1.1.1-1_i386.deb
libxine1_1.1.1-1_i386.deb
  to pool/main/x/xine-lib/libxine1_1.1.1-1_i386.deb
xine-lib_1.1.1-1.diff.gz
  to pool/main/x/xine-lib/xine-lib_1.1.1-1.diff.gz
xine-lib_1.1.1-1.dsc
  to pool/main/x/xine-lib/xine-lib_1.1.1-1.dsc
xine-lib_1.1.1.orig.tar.gz
  to pool/main/x/xine-lib/xine-lib_1.1.1.orig.tar.gz

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler <email address hidden> (supplier of updated xine-lib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 19 Feb 2006 18:34:51 +0100
Source: xine-lib
Binary: libxine-dev libxine1
Architecture: source i386
Version: 1.1.1-1
Distribution: unstable
Urgency: low
Maintainer: Siggi Langauf <email address hidden>
Changed-By: Reinhard Tartler <email address hidden>
Description:
 libxine-dev - the xine video player library, development packages
 libxine1 - the xine video/media player library, binary files
Closes: 288189 315986 318838 320317 323276 325960 326935 326936 327203 328168 328184 328265 328454 332919 337996 337997 338000 342208 345499 346488 347162 353150
Changes:
 xine-lib (1.1.1-1) unstable; urgency=low
 .
   * New upstream release! (Closes: #326936, #353150, #332919)
 .
   [ Reinhard Tartler ]
     - adding myself to uploaders
     - Remove build dependencies on xlibs-dev, as well as alternatives on
       xlibs-dev-static. Debian is on its way towards X11R7!
       (Closes: #337997, #346488, #345499, #342208, #347162)
     - Rechecking the long list of NMUs. Thanks to all submitters!
 .
   [ Darren Salt ]
     - Add debian/watch file for uscan.
     - Convert debian/copyright to UTF-8.
     - Add build-deps on libxv-dev and libvcdinfo-dev.
     - Bump standards version to 3.6.2
     - Make "post-Sarge"-tagged changes to debian/rules and strip debian/tmp/
       from debian/*.install.
     - Remove *.gmo on clean (Just In Case). (Closes: #338000)
     - Do a little preparation for a possible -dbg package.
 .
   * Acknowledge NMUs.
     - Backports and gcc 4.0 fixes dropped since they're already in this version.
       Closes: #288189, #318838
     - slang transition: Closes: #315986
     - aalib transition: Closes: #320317, #323276
     - flac transition: Closes: #325960
     - fix of dependency generation script debian/shlibdeps.sh:
       Closes: #326935, #327203, #328168, #328184, #328265, #328454
     - fix bashism in debian/rules: Closes: #337996
Files:
 3a7bb1c29296533f933ba4d3a5023d3a 1109 libs optional xine-lib_1.1.1-1.dsc
 b1f42602c...

Read more...

Revision history for this message
In , Reinhard Tartler (siretart) wrote :

Package: xine-lib
Version:

--- Please enter the report below this line. ---

--- System information. ---
Architecture: i386
Kernel: Linux 2.6.18-4-686

Debian Release: 4.0
  500 testing security.debian.org
  500 testing ftp.de.debian.org
   50 unstable www.debian-multimedia.org
   50 unstable ftp.debian-unofficial.org
   50 unstable ftp.de.debian.org
    1 experimental ftp.de.debian.org

--- Package information. ---
Depends (Version) | Installed
==================================================-+-=========================
                                                   |

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.