-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.3272
           SUSE Security Update: Security update for webkit2gtk3
                              25 October 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           webkit2gtk3
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Modify Arbitrary Files          -- Remote with User Interaction
                   Denial of Service               -- Remote/Unauthenticated      
                   Cross-site Scripting            -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-12911 CVE-2018-11713 CVE-2018-11712
                   CVE-2018-11646 CVE-2018-4246 CVE-2018-4233
                   CVE-2018-4232 CVE-2018-4222 CVE-2018-4218
                   CVE-2018-4204 CVE-2018-4200 CVE-2018-4199
                   CVE-2018-4190 CVE-2018-4165 CVE-2018-4163
                   CVE-2018-4162 CVE-2018-4161 CVE-2018-4146
                   CVE-2018-4133 CVE-2018-4129 CVE-2018-4128
                   CVE-2018-4127 CVE-2018-4125 CVE-2018-4122
                   CVE-2018-4121 CVE-2018-4120 CVE-2018-4119
                   CVE-2018-4118 CVE-2018-4117 CVE-2018-4114
                   CVE-2018-4113 CVE-2018-4101 CVE-2018-4096
                   CVE-2018-4088 CVE-2017-13885 CVE-2017-13884
                   CVE-2017-7165 CVE-2017-7161 CVE-2017-7160
                   CVE-2017-7153  

Reference:         ASB-2018.0185
                   ESB-2018.2391
                   ESB-2018.2295
                   ESB-2018.2203
                   ESB-2018.2190
                   ESB-2018.1785
                   ESB-2018.1782

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2018/suse-su-20183387-1/

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:3387-1
Rating:             moderate
References:         #1075775 #1077535 #1079512 #1088182 #1088932 
                    #1092278 #1092279 #1092280 #1095611 #1096060 
                    #1096061 #1097693 #1101999 #1102530 #1104169 
                    
Cross-References:   CVE-2017-13884 CVE-2017-13885 CVE-2017-7153
                    CVE-2017-7160 CVE-2017-7161 CVE-2017-7165
                    CVE-2018-11646 CVE-2018-11712 CVE-2018-11713
                    CVE-2018-12911 CVE-2018-4088 CVE-2018-4096
                    CVE-2018-4101 CVE-2018-4113 CVE-2018-4114
                    CVE-2018-4117 CVE-2018-4118 CVE-2018-4119
                    CVE-2018-4120 CVE-2018-4121 CVE-2018-4122
                    CVE-2018-4125 CVE-2018-4127 CVE-2018-4128
                    CVE-2018-4129 CVE-2018-4133 CVE-2018-4146
                    CVE-2018-4161 CVE-2018-4162 CVE-2018-4163
                    CVE-2018-4165 CVE-2018-4190 CVE-2018-4199
                    CVE-2018-4200 CVE-2018-4204 CVE-2018-4218
                    CVE-2018-4222 CVE-2018-4232 CVE-2018-4233
                    CVE-2018-4246
Affected Products:
                    SUSE Linux Enterprise Workstation Extension 12-SP3
                    SUSE Linux Enterprise Software Development Kit 12-SP3
                    SUSE Linux Enterprise Server 12-SP3
                    SUSE Linux Enterprise Desktop 12-SP3
______________________________________________________________________________

   An update that fixes 40 vulnerabilities is now available.

Description:

   This update for webkit2gtk3 to version 2.20.3 fixes the issues:

   The following security vulnerabilities were addressed:

   - CVE-2018-12911: Fixed an off-by-one error in xdg_mime_get_simple_globs
     (boo#1101999)
   - CVE-2017-13884: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1075775).
   - CVE-2017-13885: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1075775).
   - CVE-2017-7153: An unspecified issue allowed remote attackers to spoof
     user-interface information (about whether the entire content is derived
     from a valid TLS session) via a crafted web site that sends a 401
     Unauthorized redirect (bsc#1077535).
   - CVE-2017-7160: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1075775).
   - CVE-2017-7161: An unspecified issue allowed remote attackers to execute
     arbitrary code via special characters that trigger command injection
     (bsc#1075775, bsc#1077535).
   - CVE-2017-7165: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1075775).
   - CVE-2018-4088: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1075775).
   - CVE-2018-4096: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1075775).
   - CVE-2018-4200: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site that triggers a
     WebCore::jsElementScrollHeightGetter use-after-free (bsc#1092280).
   - CVE-2018-4204: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1092279).
   - CVE-2018-4101: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1088182).
   - CVE-2018-4113: An issue in the JavaScriptCore function in the "WebKit"
     component allowed attackers to trigger an assertion failure by
     leveraging improper array indexing (bsc#1088182)
   - CVE-2018-4114: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1088182)
   - CVE-2018-4117: An unspecified issue allowed remote attackers to bypass
     the Same Origin Policy and obtain sensitive information via a crafted
     web site (bsc#1088182, bsc#1102530).
   - CVE-2018-4118: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1088182)
   - CVE-2018-4119: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1088182)
   - CVE-2018-4120: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1088182).
   - CVE-2018-4121: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1092278).
   - CVE-2018-4122: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1088182).
   - CVE-2018-4125: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1088182).
   - CVE-2018-4127: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1088182).
   - CVE-2018-4128: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1088182).
   - CVE-2018-4129: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1088182).
   - CVE-2018-4146: An unspecified issue allowed attackers to cause a denial
     of service (memory corruption) via a crafted web site (bsc#1088182).
   - CVE-2018-4161: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1088182).
   - CVE-2018-4162: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1088182).
   - CVE-2018-4163: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1088182).
   - CVE-2018-4165: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1088182).
   - CVE-2018-4190: An unspecified issue allowed remote attackers to obtain
     sensitive credential information that is transmitted during a CSS
     mask-image fetch (bsc#1097693)
   - CVE-2018-4199: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (buffer overflow and
     application crash) via a crafted web site (bsc#1097693)
   - CVE-2018-4218: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site that triggers an
     @generatorState use-after-free (bsc#1097693)
   - CVE-2018-4222: An unspecified issue allowed remote attackers to execute
     arbitrary code via a crafted web site that leverages a
     getWasmBufferFromValue
     out-of-bounds read during WebAssembly compilation (bsc#1097693)
   - CVE-2018-4232: An unspecified issue allowed remote attackers to
     overwrite cookies via a crafted web site (bsc#1097693)
   - CVE-2018-4233: An unspecified issue allowed remote attackers to execute
     arbitrary code or cause a denial of service (memory corruption and
     application crash) via a crafted web site (bsc#1097693)
   - CVE-2018-4246: An unspecified issue allowed remote attackers to execute
     arbitrary code via a crafted web site that leverages type confusion
     (bsc#1104169)
   - CVE-2018-11646: webkitFaviconDatabaseSetIconForPageURL and
     webkitFaviconDatabaseSetIconURLForPageURL mishandled an unset pageURL,
     leading to an application crash (bsc#1095611)
   - CVE-2018-4133: A Safari cross-site scripting (XSS) vulnerability allowed
     remote attackers to inject arbitrary web script or HTML via a crafted
     URL (bsc#1088182).
   - CVE-2018-11713: The libsoup network backend of WebKit unexpectedly
     failed to use system proxy settings for WebSocket connections. As a
     result, users could be deanonymized by crafted web sites via a WebSocket
     connection (bsc#1096060).
   - CVE-2018-11712: The libsoup network backend of WebKit failed to perform
     TLS certificate verification for WebSocket connections (bsc#1096061).


   This update for webkit2gtk3 fixes the following issues:

   - Fixed a crash when atk_object_ref_state_set is called on an AtkObject
     that's being destroyed (bsc#1088932).
   - Fixed crash when using Wayland with QXL/virtio (bsc#1079512)
   - Disable Gigacage if mmap fails to allocate in Linux.
   - Add user agent quirk for paypal website.
   - Properly detect compiler flags, needed libs, and fallbacks for usage of
     64-bit atomic operations.
   - Fix a network process crash when trying to get cookies of about:blank
     page.
   - Fix UI process crash when closing the window under Wayland.
   - Fix several crashes and rendering issues.
   - Do TLS error checking on GTlsConnection::accept-certificate to finish
     the load earlier in case of errors.
   - Properly close the connection to the nested wayland compositor in the
     Web Process.
   - Avoid painting backing stores for zero-opacity layers.
   - Fix downloads started by context menu failing in some websites due to
     missing user agent HTTP header.
   - Fix video unpause when GStreamerGL is disabled.
   - Fix several GObject introspection annotations.
   - Update user agent quiks to fix Outlook.com and Chase.com.
   - Fix several crashes and rendering issues.
   - Improve error message when Gigacage cannot allocate virtual memory.
   - Add missing WebKitWebProcessEnumTypes.h to webkit-web-extension.h.
   - Improve web process memory monitor thresholds.
   - Fix a web process crash when the web view is created and destroyed
     quickly.
   - Fix a network process crash when load is cancelled while searching for
     stored HTTP auth credentials.
   - Fix the build when ENABLE_VIDEO, ENABLE_WEB_AUDIO and ENABLE_XSLT are
     disabled.
   - New API to retrieve and delete cookies with WebKitCookieManager.
   - New web process API to detect when form is submitted via JavaScript.
   - Several improvements and fixes in the touch/gestures support.
   - Support for the “system” CSS font family.
   - Complex text rendering improvements and fixes.
   - More complete and spec compliant WebDriver implementation.
   - Ensure DNS prefetching cannot be re-enabled if disabled by settings.
   - Fix seek sometimes not working.
   - Fix rendering of emojis that were using the wrong scale factor in some
     cases.
   - Fix rendering of combining enclosed keycap.
   - Fix rendering scale of some layers in HiDPI.
   - Fix a crash in Wayland when closing the web view.
   - Fix crashes upower crashes when running inside a chroot or on systems
     with broken dbus/upower.
   - Fix memory leaks in GStreamer media backend when using GStreamer 1.14.
   - Fix several crashes and rendering issues.
   - Add ENABLE_ADDRESS_SANITIZER to make it easier to build with asan
     support.
   - Fix a crash a under Wayland when using mesa software rasterization.
   - Make fullscreen video work again.
   - Fix handling of missing GStreamer elements.
   - Fix rendering when webm video is played twice.
   - Fix kinetic scrolling sometimes jumping around.
   - Fix build with ICU configured without collation support.
   - WebSockets use system proxy settings now (requires libsoup 2.61.90).
   - Show the context menu on long-press gesture.
   - Add support for Shift + mouse scroll to scroll horizontally.
   - Fix zoom gesture to actually zoom instead of changing the page scale.
   - Implement support for Graphics ARIA roles.
   - Make sleep inhibitors work under Flatpak.
   - Add get element CSS value command to WebDriver.
   - Fix a crash aftter a swipe gesture.
   - Fix several crashes and rendering issues.
   - Fix crashes due to duplicated symbols in libjavascriptcoregtk and
     libwebkit2gtk.
   - Fix parsing of timeout values in WebDriver.
   - Implement get timeouts command in WebDriver.
   - Fix deadlock in GStreamer video sink during shutdown when accelerated
     compositing is disabled.
   - Fix several crashes and rendering issues.
   - Add web process API to detect when form is submitted via JavaScript.
   - Add new API to replace webkit_form_submission_request_get_text_fields()
     that is now deprecated.
   - Add WebKitWebView::web-process-terminated signal and deprecate
     web-process-crashed.
   - Fix rendering issues when editing text areas.
   - Use FastMalloc based GstAllocator for GStreamer.
   - Fix web process crash at startup in bmalloc.
   - Fix several memory leaks in GStreamer media backend.
   - WebKitWebDriver process no longer links to libjavascriptcoregtk.
   - Fix several crashes and rendering issues.
   - Add new API to add, retrieve and delete cookies via WebKitCookieManager.
   - Add functions to WebSettings to convert font sizes between points and
     pixels.
   - Ensure cookie operations take effect when they happen before a web
     process has been spawned.
   - Automatically adjust font size when GtkSettings:gtk-xft-dpi changes.
   - Add initial resource load statistics support.
   - Add API to expose availability of certain editing commands in
     WebKitEditorState.
   - Add API to query whether a WebKitNavigationAction is a redirect
     or not.
   - Improve complex text rendering.
   - Add support for the "system" CSS font family.
   - Disable USE_GSTREAMER_GL


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Workstation Extension 12-SP3:

      zypper in -t patch SUSE-SLE-WE-12-SP3-2018-2432=1

   - SUSE Linux Enterprise Software Development Kit 12-SP3:

      zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-2432=1

   - SUSE Linux Enterprise Server 12-SP3:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-2432=1

   - SUSE Linux Enterprise Desktop 12-SP3:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-2432=1



Package List:

   - SUSE Linux Enterprise Workstation Extension 12-SP3 (noarch):

      libwebkit2gtk3-lang-2.20.3-2.23.8

   - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):

      typelib-1_0-WebKit2WebExtension-4_0-2.20.3-2.23.8
      webkit2gtk3-debugsource-2.20.3-2.23.8
      webkit2gtk3-devel-2.20.3-2.23.8

   - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

      libjavascriptcoregtk-4_0-18-2.20.3-2.23.8
      libjavascriptcoregtk-4_0-18-debuginfo-2.20.3-2.23.8
      libwebkit2gtk-4_0-37-2.20.3-2.23.8
      libwebkit2gtk-4_0-37-debuginfo-2.20.3-2.23.8
      typelib-1_0-JavaScriptCore-4_0-2.20.3-2.23.8
      typelib-1_0-WebKit2-4_0-2.20.3-2.23.8
      webkit2gtk-4_0-injected-bundles-2.20.3-2.23.8
      webkit2gtk-4_0-injected-bundles-debuginfo-2.20.3-2.23.8
      webkit2gtk3-debugsource-2.20.3-2.23.8

   - SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

      libjavascriptcoregtk-4_0-18-2.20.3-2.23.8
      libjavascriptcoregtk-4_0-18-debuginfo-2.20.3-2.23.8
      libwebkit2gtk-4_0-37-2.20.3-2.23.8
      libwebkit2gtk-4_0-37-debuginfo-2.20.3-2.23.8
      typelib-1_0-JavaScriptCore-4_0-2.20.3-2.23.8
      typelib-1_0-WebKit2-4_0-2.20.3-2.23.8
      webkit2gtk-4_0-injected-bundles-2.20.3-2.23.8
      webkit2gtk-4_0-injected-bundles-debuginfo-2.20.3-2.23.8
      webkit2gtk3-debugsource-2.20.3-2.23.8

   - SUSE Linux Enterprise Desktop 12-SP3 (noarch):

      libwebkit2gtk3-lang-2.20.3-2.23.8


References:

   https://www.suse.com/security/cve/CVE-2017-13884.html
   https://www.suse.com/security/cve/CVE-2017-13885.html
   https://www.suse.com/security/cve/CVE-2017-7153.html
   https://www.suse.com/security/cve/CVE-2017-7160.html
   https://www.suse.com/security/cve/CVE-2017-7161.html
   https://www.suse.com/security/cve/CVE-2017-7165.html
   https://www.suse.com/security/cve/CVE-2018-11646.html
   https://www.suse.com/security/cve/CVE-2018-11712.html
   https://www.suse.com/security/cve/CVE-2018-11713.html
   https://www.suse.com/security/cve/CVE-2018-12911.html
   https://www.suse.com/security/cve/CVE-2018-4088.html
   https://www.suse.com/security/cve/CVE-2018-4096.html
   https://www.suse.com/security/cve/CVE-2018-4101.html
   https://www.suse.com/security/cve/CVE-2018-4113.html
   https://www.suse.com/security/cve/CVE-2018-4114.html
   https://www.suse.com/security/cve/CVE-2018-4117.html
   https://www.suse.com/security/cve/CVE-2018-4118.html
   https://www.suse.com/security/cve/CVE-2018-4119.html
   https://www.suse.com/security/cve/CVE-2018-4120.html
   https://www.suse.com/security/cve/CVE-2018-4121.html
   https://www.suse.com/security/cve/CVE-2018-4122.html
   https://www.suse.com/security/cve/CVE-2018-4125.html
   https://www.suse.com/security/cve/CVE-2018-4127.html
   https://www.suse.com/security/cve/CVE-2018-4128.html
   https://www.suse.com/security/cve/CVE-2018-4129.html
   https://www.suse.com/security/cve/CVE-2018-4133.html
   https://www.suse.com/security/cve/CVE-2018-4146.html
   https://www.suse.com/security/cve/CVE-2018-4161.html
   https://www.suse.com/security/cve/CVE-2018-4162.html
   https://www.suse.com/security/cve/CVE-2018-4163.html
   https://www.suse.com/security/cve/CVE-2018-4165.html
   https://www.suse.com/security/cve/CVE-2018-4190.html
   https://www.suse.com/security/cve/CVE-2018-4199.html
   https://www.suse.com/security/cve/CVE-2018-4200.html
   https://www.suse.com/security/cve/CVE-2018-4204.html
   https://www.suse.com/security/cve/CVE-2018-4218.html
   https://www.suse.com/security/cve/CVE-2018-4222.html
   https://www.suse.com/security/cve/CVE-2018-4232.html
   https://www.suse.com/security/cve/CVE-2018-4233.html
   https://www.suse.com/security/cve/CVE-2018-4246.html
   https://bugzilla.suse.com/1075775
   https://bugzilla.suse.com/1077535
   https://bugzilla.suse.com/1079512
   https://bugzilla.suse.com/1088182
   https://bugzilla.suse.com/1088932
   https://bugzilla.suse.com/1092278
   https://bugzilla.suse.com/1092279
   https://bugzilla.suse.com/1092280
   https://bugzilla.suse.com/1095611
   https://bugzilla.suse.com/1096060
   https://bugzilla.suse.com/1096061
   https://bugzilla.suse.com/1097693
   https://bugzilla.suse.com/1101999
   https://bugzilla.suse.com/1102530
   https://bugzilla.suse.com/1104169

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW9E+RGaOgq3Tt24GAQjZQw//cKSXZcVFoTX9JDxYns/ruspivLC+mH5Q
U5m5381K0/RU39+3+osKy/39CGfj4CYD/zpvMWlHdgy96E6o1Uxf3MviYQWbd6Id
Mxphj7X3uwaCJnyiwOaJL3B0A5zRHhR+GZe8Ihs7qUhOlYkoVetq/UAR1aoJgfwo
KCNfP2B2YnDw2haZuCjJccp1CEiqG810s7v6le1MU0JlXVzdxoVK0mVopeUn3Kbl
VCPRMZKw3BkAtvnvgAXi8CJN0aIjyELw7bfNK6Ntv8VWHbYfAxRwOxPMfnN4HSf3
EWB7pieC1kkeUU+YQydw+vfptoHltjG/Hpqt8qkdBSrE5/C5YBivDPv9ataipswt
8NEkynpjAADcYnfoOjOTLDI5KTSDhnyr1Iak2qYgoWiIE3AeLiYNaymr0tbt7l2Y
aFdmG/+C9Y2mCdDCFhu0wBJDy9Esw1hQq0xF7orXO2gYZ/xHWGuZ0Xamtq+EmS6W
WUlfJxDWKbh6s0RdqpXzVQoWREvta7HB9SATut/t1C81a88pKPxt6HkukRoXKvxA
ZeFalh9vwUZxbVpxD9GnoGlG9PBApCb3dKbZxwTBuxb0hhuvI+hswxMj1GxU0GoR
RIccNpPmuGouJ2Mx2XAQaHUmhQz2sqyPHMAp/3fChgWEuCRGUQppD26FXnsfrm2W
BISfSVz3hII=
=4kxr
-----END PGP SIGNATURE-----