[SECURITY] [DSA 4283-1] ruby-json-jwt security update

[Moritz Muehlenhoff]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian Security Advisory DSA-4283-1   secur...@debian.org
https://www.debian.org/security/   Moritz Muehlenhoff
August 31, 2018   https://www.debian.org/security/faq
- -

Package: ruby-json-jwt
CVE ID : CVE-2018-1000539

It was discovered that ruby-json-jwt, a Ruby implementation of JSON web
tokens performed insufficient validation of GCM auth tags.

For the stable distribution (stretch), this problem has been fixed in
version 1.6.2-1+deb9u1.

We recommend that you upgrade your ruby-json-jwt packages.

For the detailed security status of ruby-json-jwt please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-json-jwt

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAluJuAsACgkQEMKTtsN8
TjY2vw/9GBrt/9S0UrG4r8RgZq+TquStkLp+vc4SFTn7Ahbky9wIqaO+AJ+MnK5M
MtVQDSpL/OP16S6AAJW3s9Wkb58s0HKa2gc7XQ41y6w7Lkg0yO5wvWRTzPWzIdit
cAf9J0uviWqCfDNxDkxrgoe8vKAhkFhRWm6kUKnsUwS51NN6DOVLjhn9pDYcI9cd
vmYyRdTHJZIIFBUvu9KFRa9BqAupu7G7C1E2NoGyWyv1DjFsHcSdvF0l9+b9BDxp
B+liySB8pHVuVTFp0YciRSGXm1suXdNLUWl4mf/Ie2IVyuI+OTgBrUUAMngrU8TZ
WY/Hi3X53mepm5oaUl8rgJgwRnyE1aqy49kGM7mQWe+b0Bp0YlvEMmO1Z2BD5mMF
kg+ZRYxsca4s3SzI/yUiNxMR0PYtB+486sAO6g305BhmmDb13JxnlPFe/8W/umFn
wIYhW5fRJk6ChkfoZMktpBttkLf7uIB8fSgAWnSfAHPZBeCltbQEXqpIZ9NU1l+U
gy8LuTcWKsdQeQGqkYZ2ygeUshTAny++59EDFZHgTNRjYanCcFBdxgsW8EpFO8m3
CMPezkUb5Schaq7Wq5qWdf8J+rNXHZ0Os+v+frzXnK1UbA6PBD+3awz/xSBg3qei
igmyiJT1oOSFThGzcA02Ktd/ka27ujivYguMH+yVE/DYGiQfZrs=
=DZhD
-END PGP SIGNATURE-

Defense in depth -- the Microsoft way (part 57): installation of security updates fails on Windows Embedded POSReady 2009

[Stefan Kanthak]

Hi @ll,

on a multitude of machines running Windows Embedded POSReady 2009,
"automatic updates" show the well-known and never resolved bug which
lets the Windows Update Agent occupy one core (good luck if your CPU
has some of them and can afford to sacrifice one.-) for DAYS at 100%
load!

This nasty behaviour is documented for example in the MSKB articles
 and
.

This bug has a rather LOOONG tradition; see for example
.


But this bug is NOT subject of this post -- the story only starts
there...


Since I've dealt with this bug quite some times in the past decade
I know how to overcome it (see for example
):
1. manually fetch the latest cumulative update for Internet Explorer,
2. install it,
3. then reboot and let "automatic updates" perform their duty again.


Step 1 was simple:
1.a) start the web browser and enter the URL
 ,
1.b) sort the updates by date,
1.c) find the latest cumulative update for IE,
1.d) then download the executable installer offered for your language.

This left me with the file
ie8-windowsxp-kb4343205-x86-embedded-deu_fd52c3ee749c7d21e0c8da6d9acb203607e25da4.exe
in my "Downloads" folder "C:\Dokumente und 
Einstellungen\Administrator\Downloads"

Since ALL downloads in the "Microsoft Update Catalog" are offered over
INSECURE HTTP: (see )
I checked the integrity of the downloaded executable:

C:\Dokumente und Einstellungen\Administrator\Downloads>CertUtil.exe /V /HashFile
ie8-windowsxp-kb4343205-x86-embedded-deu_fd52c3ee749c7d21e0c8da6d9acb203607e25da4.exe
SHA-1-Hash der Datei 
ie8-windowsxp-kb4343205-x86-embedded-deu_fd52c3ee749c7d21e0c8da6d9acb203607e25da4.exe:
fd 52 c3 ee 74 9c 7d 21 e0 c8 da 6d 9a cb 20 36 07 e2 5d a4
CertUtil: -hashfile-Befehl wurde erfolgreich ausgeführt.

Good, the SHA1 hash matches the filename (this was shown over the
secure HTTPS: connection to the Microsoft Update Catalog itself).

Right-click->Properties:"Digital signatures", then double-click on
the signature also yields "valid".


Good, lets proceed with step 2: install the downloaded update.

2.a) a double-click on
 
ie8-windowsxp-kb4343205-x86-embedded-deu_fd52c3ee749c7d21e0c8da6d9acb203607e25da4.exe
 presented TWO error message boxes with the following text:

| 
ie8-windowsxp-kb4343205-x86-embedded-deu_fd52c3ee749c7d21e0c8da6d9acb203607e25da4.exe
 - Auslagerungsdatei konnte nicht erstellt
werden
|
| (X) Exception Processing Message c145 Parameters c005 75b0bf7c 
75b0bf7c 75b0bf7c
|
|  [  OK  ]

 OUCH!

JFTR: you'll see this GIBBERISH on ALL NON-english editions of
  Windows Embedded POSReady 2009 (and Windows XP too)!

  For the description and demonstration of this bug in NTDLL.dll,
  start reading 


 Since I know this bug in NTDLL.dll since quite some time, I know
 that the "correct" error message box should have been

| 
ie8-windowsxp-kb4343205-x86-embedded-deu_fd52c3ee749c7d21e0c8da6d9acb203607e25da4.exe
 - Fehler in Anwendung
|
| (X) Die Anwendung konnte nicht richtig initialisiert werden (0xc005).
| Klicken Sie auf "OK", um die Anwendung zu beenden.
|
|  [  OK  ]


2.b) on english editions of Windows Embedded POSReady 2009, execution of
 
ie8-windowsxp-kb4343205-x86-embedded-enu_5cc2246031bd0a949785f6f1799610bff163224b.exe
 yields the error message box

| 
ie8-windowsxp-kb4343205-x86-embedded-enu_5cc2246031bd0a949785f6f1799610bff163224b.exe
 - Application Error
|
| (X) The application failed to initialize properly (0xc005).
| Click OK to terminate the application.
|
|  [  OK  ]

 That's an "access violation" during process initialisation.


2.c) Let's run the application under the debugger:

C:\Dokumente und Einstellungen\Administrator\Downloads>NTSD.exe
ie8-windowsxp-kb4343205-x86-embedded-deu_fd52c3ee749c7d21e0c8da6d9acb203607e25da4.exe

Microsoft (R) Windows User-Mode Debugger  Version 5.1.2600.0
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: "C:\Dokumente und
Einstellungen\Administrator\Downloads\ie8-windowsxp-kb4343205-x86-embedded-deu_fd52c3ee749c7d21e0c8da6d9acb203607e25da4.exe"
Loaded dbghelp extension DLL
Loaded exts extension DLL
Loaded ntsdexts extension DLL
Symbol search path is: 
SymSrv*SYMSRV.DLL*C:\WINDOWS\Symbols*http://msdl.microsoft.com/download/symbols/Executable
 search path is:
ModLoad: 0100 0102   sfxcab.exe
ModLoad: 7c91 7c9ca000   ntdll.dll
ModLoad: 7c80 7c909000   C:\WINDOWS\System32\kernel32.dll
ModLoad: 77be 77c38000   

[SECURITY] [DSA 4282-1] trafficserver security update

[Moritz Muehlenhoff]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian Security Advisory DSA-4282-1   secur...@debian.org
https://www.debian.org/security/   Moritz Muehlenhoff
August 31, 2018   https://www.debian.org/security/faq
- -

Package: trafficserver
CVE ID : CVE-2018-1318 CVE-2018-8004 CVE-2018-8005 CVE-2018-8040

Several vulnerabilities were discovered in Apache Traffic Server, a
reverse and forward proxy server, which could result in denial of
service, cache poisoning or information disclosure.

For the stable distribution (stretch), these problems have been fixed in
version 7.0.0-6+deb9u2.

We recommend that you upgrade your trafficserver packages.

For the detailed security status of trafficserver please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/trafficserver

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAluJt/4ACgkQEMKTtsN8
TjaT5Q/+L/g2xpJSDlMXj9hrYcSHpKwJ9DYbxHROlgYlHkaJK/q6KMX4qzqilyIG
6qCwkEEnvIxSoO/CgWJrSo87JgVu6dQ5fY6rokLGYdLd4y1SXGNQWEV5vBgKiXXV
nGa1Ev/uPL/G5149E6WsvSEWY5eMOhlmqrZWy/fwIBZgGSKhsCmYMgRDT+2qTyDb
12hRwxelyoCebWaQ/7s+OgZKRBHbdl8VbS+9jJGU5X9wNKhfEIGvoB1+8ZJLS/Cz
ZGTDi1nzNYPBILqTim2E4Dl2je2Am/KeQ1vmLG5DQIYkWTo1ZN/CUQcruDoaZ2ZX
W3afSoR/FERtcNI9IFRXCPzAEt7EOo7ml06Lj0iJx/ysIETPWqWM7eQPBEiwz00U
SBh1QVXY5C92hpQmWylABHm3Dd4X2ShImH+W3te/dRA9dHmvsySh9ABpTT6AUs/+
or7hKlKaYEW+vQiLpAUENgYpuAASKOLIjM4XZrb79GZdeNYvv6XkCvDo0nfk+2za
JCZDQNif45m4Z4N9Mdo0qj/1vZom/wTKl0muAH9BPf1sXdStFDE6X+Me3jSG3gbP
rid2GQuQ9dR2bY+a24C5zcPqqfrvmBJLCuv9oSxdx9ljHBs1ySqzzVa2g0vap5O9
3+OfwEMu7fbofklkmWfoeAUuE+OBcfRYmZMo4gdouzEIUgx41tM=
=TNdT
-END PGP SIGNATURE-

CA20180829-03: Security Notice for CA Release Automation

[Williams, Ken]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

CA20180829-03: Security Notice for CA Release Automation

Issued: August 29, 2018
Last Updated: August 29, 2018

CA Technologies Support is alerting customers to a potential risk with 
CA Release Automation.  A vulnerability exists that can allow an 
attacker to potentially execute arbitrary code.  

The vulnerability, CVE-2018-15691, has a high risk rating and concerns 
insecure deserialization of a specially crafted serialized object, 
which can allow an attacker to potentially execute arbitrary code.  


Risk Rating

High


Platform(s)

All supported platforms


Affected Products

CA Release Automation 6.3
CA Release Automation 6.4
CA Release Automation 6.5

Note:  older, unsupported releases may be affected.


Unaffected Products

CA Release Automation 6.6
CA Release Automation 6.3.0.9945 or later
CA Release Automation 6.4.0.10119 or later
CA Release Automation 6.5.0.10080 or later


How to determine if the installation is affected

Check the build number with the Help->About menu option, or determine 
which fixes are applied by looking at the Fix_Maintenance directory.


Solution

CA Technologies published the following solutions to address the 
vulnerabilities. 

CA Release Automation 6.3:
Apply Cumulative Fix build 9945 or later.

CA Release Automation 6.4:
Apply Cumulative Fix build 10119 or later.

CA Release Automation 6.5:
Apply Cumulative Fix build 10080 or later.


References

CVE-2018-15691 - CA Release Automation deserialization vulnerability


Acknowledgement

CVE-2018-15691 - Jakub Palaczynski and Maciej Grabiec


Change History

Version 1.0: 2018-08-29 - Initial Release


Customers who require additional information about this notice may
contact CA Technologies Support at https://support.ca.com/

To report a suspected vulnerability in a CA Technologies product,
please send a summary to CA Technologies Product Vulnerability
Response at vuln  ca.com

Security Notices and PGP key
support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782

Regards,
Ken Williams
Vulnerability Response Director, Product Vulnerability Response Team
CA Technologies | 520 Madison Avenue, 22nd Floor, New York NY 10022


Copyright (c) 2018 CA. 520 Madison Avenue, 22nd Floor, New York, NY
10022.  All other trademarks, trade names, service marks, and logos
referenced herein belong to their respective companies.

-BEGIN PGP SIGNATURE-
Version: Encryption Desktop 10.3.2 (Build 15238)
Charset: utf-8

wsFVAwUBW4lufblJjor7ahBNAQgHCRAAlbiI2WtlSe1vnsES3mBAajChsQgClspH
BZ5AYknsLv9BUxObn+ungcXUjEl72fEOHYSIHjT4hSZFOKtmk+zNRc8X6dQV9V6a
ekVxUZhb08sowb2hNdG3DFKlArAX8gF1wVC/WaQvncLbPuvpKN+7z+1mpjYp7PJn
Sb+tW5LoMl7cQ50q1x+bjITPzNuOfG8CBqk4ErYD4adjv6iIdvPlysPhRuZI108B
0vDOfOkxGgEGbtDoIrm+7KNoD3HT1O6rZAjdAq8M9iCUO+ae7orTe1Euf+Q/1mh/
FBCNNcWbVyciy0Y7JJyrFOozMJhdRYn8WANOG5kil8la50iSmLKoDunh0r4N+i8F
XHTQGzvs4FLQaSC/eKpsW1+WPg/l9UmsJk6DUVn4Ql4cEpBzYjgve28XnHQ8Os23
m2oBMKnT+Vm+5uuiVhvMXfif633Qji715Cd+iEVofyzH1EcDU5QCIjW2zlP973XE
0oeYokEdTV9yLZz8UgNJVebJaCcNPvrxHfCWEsoOcumrk140dKpI3mclwc1gjJ5E
kehPO0usLZDGalzvuXawozwKy5ByYUF/vDCiB29izfJVWbUr0XVAVz0Ku7Zb5+Pn
3NDRTzzoI4igpe0Mr8Ne6NZJngFu0rI7KhEv+pf5lK4ZBbwHqofBlS3EMyKm6dpZ
buTODvqItNQ=
=KxBP
-END PGP SIGNATURE-

CA20180829-02: Security Notice for CA Unified Infrastructure Management

[Williams, Ken]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

CA20180829-02: Security Notice for CA Unified Infrastructure Management

Issued: August 29, 2018
Last Updated: August 29, 2018

CA Technologies Support is alerting customers to multiple potential 
risks with CA Unified Infrastructure Management. Multiple 
vulnerabilities exist that can allow an attacker, who has access to 
the network on which CA UIM is running, to run arbitrary CA UIM 
commands on machines where the CA UIM probes are running.  An attacker 
can also gain access to other machines running CA UIM and access the 
filesystems of those machines.

The first vulnerability, CVE-2018-13819, has a medium risk rating and 
concerns a hardcoded secret key, which can allow an attacker to access 
sensitive information.

The second vulnerability, CVE-2018-13820, has a medium risk rating and 
concerns a hardcoded passphrase, which can allow an attacker to access 
sensitive information.

The third vulnerability, CVE-2018-13821, has a high risk rating and 
concerns a lack of authentication, which can allow a remote attacker 
to conduct a variety of attacks, including file reading/writing.


Risk Rating

Cumulative risk rating of High.


Platform(s)

All supported platforms


Affected Products

CA Unified Infrastructure Management 8.5.1, 8.5, 8.4.7


Unaffected Products

CA Unified Infrastructure Management 8.5.1, 8.5, 8.4.7 with the 
solutions listed below applied. 


How to determine if the installation is affected

Review the UIM Vulnerability Patch 1 documentation [1] to determine if 
all appropriate patches have been applied.  Additionally, review 
KB000111575: CA UIM Best Practices For Secure Environments [2] and CA 
UIM Best Practices for Securing Environments to mitigate 
CVE-2018-13821 [3] to ensure that all best practices have been 
implemented.


Solution

Two solutions are available for CA UIM 8.5.1, CA UIM 8.5, and CA UIM 
8.4.7 to resolve these vulnerabilities.  Both solutions, UIM 
Vulnerability Patch 1, and UIM Best Practices for Secure Environments, 
must be implemented to effectively mitigate all three vulnerabilities.

* CA recommends installing UIM Vulnerability Patch 1 [1] to resolve 
CVE-2018-13819 and CVE-2018-13820 as soon as possible.  From the 
download link, select the directory that corresponds to your release 
to access the patch package.

* CA recommends securing the CA UIM deployment using the best 
practices described in KB000111575: CA UIM Best Practices For Secure 
Environments [2] and CA UIM Best Practices for Securing Environments 
to mitigate CVE-2018-13821 [3].

- -OR-

If you feel the best practice recommendations are insufficient for 
your specific security needs, please contact CA Support to install and 
configure the CA UIM Secure Bus 8.01.

Note: While the secured version of the message bus has additional 
security features (e.g. encrypting all UIM traffic from robot to hub), 
the implementation requires additional prerequisites (such as 
requiring user-provided, signed X.509 certificates) and may have 
reduced functionality compared to the standard message bus. 

Customers running any End of Service (EOS) release are strongly 
advised to upgrade to version 8.5.1 and take the remediation actions 
listed above to resolve the vulnerabilities immediately.  

For the most up-to-date information about these CA Unified 
Infrastructure Management vulnerabilities, and for other important 
product information, please see the CA Unified Infrastructure 
Management Support page [4].


References

CVE-2018-13819 - CA UIM hardcoded secret key
CVE-2018-13820 - CA UIM hardcoded passphrase
CVE-2018-13821 - CA UIM lack of authentication
[1] ftp://UIMuser:cnia2...@ftp.ca.com/Important Hotfixes/UIM Vulnerability
Patch 1/
[2]
https://comm.support.ca.com/kb/ca-uim-best-practices-for-secure-environment
s/kb000111575
[3] https://support.ca.com/phpdocs/7/8384/8384-critical-alert-0716-2016.pdf
[4]
https://support.ca.com/us/product-information/ca-unified-infrastructure-man
agement.html

Acknowledgement

CVE-2018-13819 - Oystein Middelthun
CVE-2018-13820 - Oystein Middelthun
CVE-2018-13821 - Oystein Middelthun


Change History

Version 1.0: 2018-08-29 - Initial Release


Customers who require additional information about this notice may
contact CA Technologies Support at https://support.ca.com/

To report a suspected vulnerability in a CA Technologies product,
please send a summary to CA Technologies Product Vulnerability
Response at vuln  ca.com

Security Notices and PGP key
support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782

Regards,
Ken Williams
Vulnerability Response Director, Product Vulnerability Response Team
CA Technologies | 520 Madison Avenue, 22nd Floor, New York NY 10022


Copyright (c) 2018 CA. 520 Madison Avenue, 22nd Floor, New York, NY
10022.  All other trademarks, trade names, service marks, and logos
referenced herein belong to their respective companies.

-BEGIN 

CA20180829-01: Security Notice for CA PPM

[Williams, Ken]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

CA20180829-01: Security Notice for CA PPM

Issued: August 29, 2018
Last Updated: August 29, 2018

CA Technologies Support is alerting customers to multiple potential 
risks with CA PPM (formerly CA Clarity PPM). Multiple vulnerabilities 
exist that can allow an attacker to conduct a variety of attacks.  

The first vulnerability, CVE-2018-13822, has a medium risk rating and 
concerns an SSL password being stored in plain text, which can allow 
an attacker to access sensitive information.

The second vulnerability, CVE-2018-13823, has a high risk rating and 
concerns an XML external entity vulnerability in the XOG functionality, 
which can allow a remote attacker to access sensitive information.

The third vulnerability, CVE-2018-13824, has a high risk rating and 
concerns two parameters that fail to properly sanitize input, which 
can allow a remote attacker to execute SQL injection attacks.

The fourth vulnerability, CVE-2018-13825, has a high risk rating and 
concerns improper input validation by the gridExcelExport 
functionality, which can allow a remote attacker to execute reflected 
cross-site scripting attacks.

The fifth vulnerability, CVE-2018-13826, has a medium risk rating and 
concerns an XML external entity vulnerability in the XOG functionality, 
which can allow a remote attacker to conduct server side request 
forgery attacks.


Risk Rating

Cumulative risk rating:  High


Platform(s)

All supported platforms


Affected Products

CA PPM 14.3 and below
CA PPM 14.4
CA PPM 15.1
CA PPM 15.2
CA PPM 15.3


Unaffected Products

CA PPM 15.2 with appropriate patch level listed in Solution section 
of this document.
CA PPM 15.3 with appropriate patch level listed in Solution section 
of this document.
CA PPM 15.4
CA PPM 15.4.1


How to determine if the installation is affected

Customers can use the CA PPM Classic interface to find the release and 
patch level by clicking on "About" in the upper right corner of any 
screen.


Solution

CA Technologies published the following solutions to address the 
vulnerabilities. 

CA PPM 15.3: 
Apply 15.3.Cumulative Patch 3 (15.3.0.3) or later.

CA PPM 15.2: 
Apply 15.2 Cumulative Patch 6 (15.2.0.6) or later.

CA PPM 15.1:
Please contact CA Technologies Support for assistance.  Note that 
CA PPM 15.1 will reach End of Service (EOS) on April 30, 2019.

CA PPM 14.4:
Please contact CA Technologies Support for assistance.  Note that 
CA PPM 14.4 will reach End of Service (EOS) on October 31, 2018.

CA PPM 14.3 and below:
As you plan your upgrade to the latest release, please feel free to 
contact CA Technologies Support should you have any questions.


References

CVE-2018-13822 - CA PPM unencrypted SSL password
CVE-2018-13823 - CA PPM XXE in XOG info disclosure
CVE-2018-13824 - CA PPM SQL injection
CVE-2018-13825 - CA PPM gridExcelExport Reflected XSS
CVE-2018-13826 - CA PPM XXE in XOG SSRF


Acknowledgement

CVE-2018-13822 - Piotr Domirski
CVE-2018-13823 - Piotr Domirski
CVE-2018-13824 - Piotr Domirski
CVE-2018-13825 - Piotr Domirski
CVE-2018-13826 - Piotr Domirski


Change History

Version 1.0: 2018-08-29 - Initial Release


Customers who require additional information about this notice may
contact CA Technologies Support at https://support.ca.com/

To report a suspected vulnerability in a CA Technologies product,
please send a summary to CA Technologies Product Vulnerability
Response at vuln  ca.com

Security Notices and PGP key
support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782

Regards,
Ken Williams
Vulnerability Response Director, Product Vulnerability Response Team
CA Technologies | 520 Madison Avenue, 22nd Floor, New York NY 10022


Copyright (c) 2018 CA. 520 Madison Avenue, 22nd Floor, New York, NY
10022.  All other trademarks, trade names, service marks, and logos
referenced herein belong to their respective companies.

-BEGIN PGP SIGNATURE-
Version: Encryption Desktop 10.3.2 (Build 15238)
Charset: utf-8

wsFVAwUBW4llorlJjor7ahBNAQh0XxAAgxdkwPjBI22xUdXwFHcVWec/qQWX/25B
h/MNN8HdlwKL3IV0MCnncHFaHkoGbQAhtyo5wyY9ql2GCBKUiLYNtDdXrBg1AlTw
MrgJnW0FkxiDvt90mIuWITkCF52sBVvoCCHfFvH781Z1PYlmThmcrf4Pc3kXunIs
a/pD9JMnBKBQEYUmdSHddqZ58pia+mYGlJY0b9fcNkYzqaMYx2QFh7TFeSq0wf1D
tZPQ7XOu69hOA2pE6/9XHqN5DyRk4rEXaTLHMNN+i9DXB1+aXdLNBAlnuSWi3hVU
oHtz8VULoVNrYZygcMOnQz9HusJcH8XaIv8hurqObzH5n3RsrGlvDM/9SxYaVE/j
m8x2yuiOBFQLO2elCnr2xEe9Qsrmkak8c8Ddkuc9e9mxas5ss1wdE/j5rpOzYIwG
QzJD+7nznBvAR8NG/jSVFMYu/M6zDmseKE0tPYHy8oDAV8VOhuoOJ05OoXWVnuc3
BXFfrWxdb6+C831QUs5HEuPfdETJPsUmZE4cGjeesVmInX7X729rtXDX/IIYQBli
3K+TFtxyMCmhAaNgRWt4Kgfv2v+WSEvVV1S9ivowrrDb+5KxnKqx2ib/+ZVJ2jhP
jj8p6bOKSlFqpU8mR767oNwslsIO4bBDvFsT4UO4bwSmxiwbSjwbHkIuAdXG0dCL
MRY2J0rRxzQ=
=TW4m
-END PGP SIGNATURE-