-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TSR 2014-0001 Full Disclosure Case 84385 Summary Arbitrary code execution as cpanel-horde user via cache file poisioning. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The Horde Webmail interfaces accessible to cPanel and Webmail accounts uses PHP serialized cache files to speed up some backend operations. By default these cache files were stored in the world-writable /tmp directory with predictable names. A malicious local attacker could pre-create the cache files inside /tmp, potentially leading to arbitrary code execution as the cpanel-horde user. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.42.0.4 11.40.1.10 11.38.2.16 Case 86341 Summary Arbitrary file read as root during cPanel account creation for ACL limited resellers. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description An ACL limited reseller could send crafted inputs to WHM's account creation functionality to combine multiple path traversal attacks in the package extensions subsystem. This flaw would store the contents of the destination file into the new account's cpuser file. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.42.0.4 11.40.1.10 Case 86381 Summary Disclosure of root's accesshash to ACL limited resellers via WHM xml-api. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description Reseller accounts, regardless of their ACLs, were able to retrieve and alter root's accesshash credentials via the get_remote_access_hash XML-API command by supplying empty user and password arguments. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.42.0.4 11.40.1.10 11.38.2.16 Case 86453 Summary Injection of arbitrary settings into cpuser files via account creation. Security Rating cPanel has assigned a Security Level of Moderate to this vulnerability. Description The WHM /scripts5/wwwacctform interface allowed the injection of newlines into the 'locale' and 'cpmod' parameters. These injections could be used to set values in the newly created account's cpuser file that were not permissible with a reseller's ACL restrictions. Credits This issue was discovered by Rack911. Solution This issue is resolved in the following builds: 11.42.0.4 11.40.1.10 11.38.2.16 Case 86461 Summary Overwriting of trusted inputs to third party hooks scripts. Security Rating cPanel has assigned a Security Level of Moderate to this vulnerability. Description An ACL limited reseller could provide additional form inputs to WHM's create and modify account interfaces containing null bytes in the parameter name. When these inputs were passed on to third party hook scripts though an exec() call, the additional parameters would be truncated to match parameter names that are normally anchored in trust for the third party hook scripts. Third party hook scripts are provided the raw inputs to the functions they extend and are responsible for validating these inputs. Since null bytes do not transfer through the hook script interface correctly, any form parameter names submitted with null bytes will now result in an error. Credits This issue was discovered by Rack911. Solution This issue is resolved in the following builds: 11.42.0.4 11.40.1.10 11.38.2.16 Case 86857 Summary Limited arbitrary file overwrite for ACL limited resellers via domain parking. Security Rating cPanel has assigned a Security Level of Moderate to this vulnerability. Description The owner parameter to the WHM /scripts/park interface was not correctly validated. By injecting a path traversal attack into this parameter, reseller accounts with the 'park-dns' ACL could overwrite arbitrary files on the system with a Perl storable file with predictable contents. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.42.0.4 11.40.1.10 11.38.2.16 Case 87317 Summary Arbitrary code execution as root for ACL limited resellers via cluster configuration interfaces. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description Resellers with the 'clustering' ACL could inject data using newlines and NUL bytes into the form parameters of the cluster configuration interfaces. This flaw could then be leveraged to execute arbitrary code as root via string eval()s in various other interfaces. Credits This issue was discovered by Rack911. Solution This issue is resolved in the following builds: 11.42.0.4 11.40.1.10 11.38.2.16 Case 87433 Summary Injection of arbitrary settings into cpuser files via mxcheck setting. Security Rating cPanel has assigned a Security Level of Moderate to this vulnerability. Description The WHM /script2/savemx and /cgi/zoneeditor.cgi interfaces allowed resellers with the "edit-mx" or "edit-dns" ACLs to modify the mxcheck setting for accounts under their control. By injecting newlines into this setting, a malicious reseller could alter other settings for the account that are stored in the account's cpuser file. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.42.0.4 11.40.1.10 11.38.2.16 Case 87437 Summary ACL limited resellers allowed to disable digest authentication for arbitrary accounts. Security Rating cPanel has assigned a Security Level of Minor to this vulnerability. Description Due to a lack of ACL enforcement, an ACL limited reseller could disable digest authentication for any account on the system using WHM's XML-API. The ACL protections for this functionality have been updated to require that ACL limited resellers own any accounts they modify in this fashion. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.42.0.4 11.40.1.10 11.38.2.16 Case 87625 Summary ACL limited resellers allowed to restore backups for the accounts they control. Security Rating cPanel has assigned a Security Level of Minor to this vulnerability. Description The WHM XML-API allowed all resellers to restore backups for any accounts they own. The equivalent functionality in WHM's HTML interfaces restricted the ability to restore accounts from backups to resellers with the "all" ACL. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.42.0.4 11.40.1.10 11.38.2.16 Case 88061 Summary Mis-assignment of IP addresses for ACL limited resellers via createacct. Security Rating cPanel has assigned a Security Level of Moderate to this vulnerability. Description With certain combinations of IP delegations and free IP address space, reseller accounts with the 'add-pkg-ip' ACL could install new accounts onto IP addresses delegated to another reseller. This might allow a malicious reseller account to capture web traffic intended for other accounts on the system. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.42.0.4 11.40.1.10 11.38.2.16 Case 88341 Summary Arbitrary code execution for ACL limited resellers during account creation. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description A flaw in the new account creation process resulted in the Ruby 'gem' command running with the effective UID of the newly created user and the real UID of root. A malicious reseller account could leverage this flaw to execute arbitrary Ruby code with root's UID during the account creation process. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.42.0.4 11.40.1.10 11.38.2.16 Multiple Cases (55) Summary Multiple XSS vulnerabilities in various interfaces. Description Output filtering errors in several different interfaces allowed JavaScript inputs to be returned to the browser without proper filtering. The affected interfaces are listed below. Case: 84633 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/htaccess/deluser.html, /frontend/x3/indexmanager/changepro.html, /frontend/x3/indexmanager/dohtaccess.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 84877 Security Rating: Minor XSS Type: Self Interface: WHM URLs: /scripts3/initial_setup_wizard4 Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Christy Philip Mathew Case: 84881 Security Rating: Moderate XSS Type: Stored Interface: cPanel URLs: /frontend/x3/mail/def.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Christy Philip Mathew Case: 84885 Security Rating: Minor XSS Type: Self Interface: WHM URLs: /x3/mail/filters/editfilter.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Christy Philip Matthew Case: 84893 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/mail/conf.html, /frontend/x3/mail/saveconf.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Christy Philip Mathew Case: 84897 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/stats/detailsubbw.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Christy Philip Mathew Case: 84901 Security Rating: Moderate XSS Type: Stored Interface: cPanel URLs: /frontend/x3/cpanelpro/filelist-thumbs.html, /frontend/paper_lantern/cpanelpro/filelist-thumbs.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Christy Philip Mathew Case: 85029 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/mail/csvimport.html, /frontend/x3/mail/csvimport-step2.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Shubham Mittal Case: 85133 Security Rating: Moderate XSS Type: Stored Interface: cPanel URLs: /frontend/x3/filemanager/editit.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Shubham Mittal Case: 85177 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/cgi/Clock/docode.html, /frontend/x3/cgi/Countdown/docode.htm, /frontend/x3/cgi/Counter/docode.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Paweł Hałdrzyński Case: 85229 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/psql/deldb.html, /frontend/x3/psql/deldb.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 85249 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/psql/addusertodb.html, /frontend/x3/psql/addusertodb.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 85273 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/mime/addhotlink.html Affected Releases: 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 85457 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/mail/editmsgs.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Ankit Mittal Case: 85461 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/mail/showq.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Ankit Mittal Case: 85589 Security Rating: Minor XSS Type: Self Interface: WHM URLs: /scripts2/dotweaksettings Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Ernesto Martin Case: 85977 Security Rating: Minor XSS Type: Self Interface: WHM URLs: /scripts/addpkg2 Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Olivier Beg Case: 85985 Security Rating: Minor XSS Type: Self Interface: WHM URLs: /scripts2/edit_sourceipcheck, /x3/security/security-questions.html, /paper_lantern/security/security-questions.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: Olivier Beg Case: 86329 Security Rating: Important XSS Type: Stored Interface: WHM URLs: /scripts/doeditmx Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 87081 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/mime/add_redirect.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: SimranJeet Singh Case: 87417 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/err/erredit.html, /frontend/x3/filemanager/editit.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: SimranJeet Singh Case: 87457 Security Rating: Minor XSS Type: Self Interface: WHM URLs: /cgi/cpaddons_feature.pl Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88093 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/backup/fullbackup.html, /frontend/x3/backup/wizard-fullbackup.html, /frontend/paper_lantern/backup/fullbackup.html, /frontend/paper_lantern/backup/wizard-fullbackup.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88097 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/backup/doupload.html, /frontend/paper_lantern/backup/doupload.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88129 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/backup/dosqlupload.html, /frontend/paper_lantern/backup/dosqlupload.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88133 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/backup/doafupload.html, /frontend/paper_lantern/backup/doafupload.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88137 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/backup/wizard-dofullbackup.html, /frontend/x3/backup/dofullbackup.html, /frontend/paper_lantern/backup/wizard-dofullbackup.html, /frontend/paper_lantern/backup/dofullbackup.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88141 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/denyip/add.html, /frontend/x3/denyip/add.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88145 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/denyip/del.html, /frontend/x3/denyip/del.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88149 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/denyip/index.html, /frontend/x3/denyip/index.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88153 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/cpanelpro/filelist-convert.html, /frontend/paper_lantern/cpanelpro/filelist-scale.html, /frontend/paper_lantern/cpanelpro/filelist-thumbs.html, /frontend/x3/cpanelpro/filelist-convert.html, /frontend/x3/cpanelpro/filelist-scale.html, /frontend/x3/cpanelpro/filelist-thumbs.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88157 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/files/savefile.html, /frontend/paper_lantern/files/savefile.html, /frontend/x3/files/savefile.html, /frontend/x3/files/savefile.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88165 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/x3/files/extractfile.html, /frontend/paper_lantern/files/extractfile.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88173 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/files/showfile.html, /frontend/x3/files/showfile.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88181 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/fp/addfp.html, /frontend/paper_lantern/fp/delfp.html, /frontend/x3/fp/addfp.html, /frontend/x3/fp/delfp.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88209 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/htaccess/leechprotect/dohtaccess.html, /frontend/paper_lantern/htaccess/leechprotect/doleech.html, /frontend/x3/htaccess/leechprotect/dohtaccess.html, /frontend/x3/htaccess/leechprotect/doleech.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88213 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/net/dnslook.html, /frontend/x3/net/dnslook.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88229 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/park/dodelparked.html, /frontend/x3/park/dodelparked.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88253 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/psql/deluserfromdb.html, /frontend/x3/psql/deluserfromdb.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88257 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/stats/analog.html, /frontend/x3/stats/analog.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88261 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/addon/saveredirect.html, /frontend/x3/addon/saveredirect.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88265 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/subdomain/doadddomain.html, /frontend/x3/subdomain/doadddomain.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88269 Security Rating: Moderate XSS Type: Stored Interface: cPanel URLs: /frontend/x3/addoncgi/cpaddons.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88277 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/sql/PhpMyAdmin.html, /frontend/paper_lantern/backup/index.html, /frontend/x3/sql/PhpMyAdmin.html, /frontend/x3/backup/index.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88281 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/mail/queuesearch.html, /frontend/x3/mail/queuesearch.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88285 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/cpanelpro/changestatus.html, /frontend/x3/cpanelpro/changestatus.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88289 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/mail/editmsg.html, /frontend/x3/mail/editmsg.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88293 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/cpanelpro/editmsgs.html, /frontend/x3/cpanelpro/editmsgs.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88297 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/cpanelpro/msgaction.html, /frontend/x3/cpanelpro/msgaction.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88301 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/mail/resetmsg.html, /frontend/x3/mail/resetmsg.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88305 Security Rating: Moderate XSS Type: Stored Interface: cPanel URLs: /frontend/paper_lantern/mail/conf.html, /frontend/x3/mail/conf.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88309 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/mail/showlog.html, /frontend/x3/mail/showlog.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88313 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/mail/showmsg.html, /frontend/x3/mail/showmsg.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88321 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/cpanelpro/editlists.html, /frontend/x3/cpanelpro/editlists.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team Case: 88325 Security Rating: Minor XSS Type: Self Interface: cPanel URLs: /frontend/paper_lantern/mail/conf.html, /frontend/x3/mail/conf.html Affected Releases: 11.42.0, 11.40.1, 11.38.2 Reporter: cPanel Security Team cPanel includes a comprehensive protection mechanism against XSS and XSRF attacks called Security Tokens. Security Tokens protection is enabled by default in all installs of cPanel & WHM. When Security Tokens protection is enabled, an attacker intending to utilize any self-XSS vulnerabilities must convince the victim to navigate their browser to the appropriate cPanel or WHM interface and manually input the JavaScript payload. Credits These issues were discovered by the respective reporters listed above. Solution These issues are resolved in the following builds: 11.42.0.4 11.40.1.10 11.38.2.16 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJS8s0bAAoJEJUhvtyr2U3frikP/iPQcKDzc/LGown/B8LZN13Q 8eYccwqdw9ILUEjamTuwISXLyqz2CpPmB/ap1LJGl3796JLdoT6uN6EDi61/kk9m xIbpWoKW7SSVTobpSHsNz0RfibRLhqjx5T/RwPCPcxaY4ym+I50qvXyvlRfcyFv3 EA76WmYkfk8VS+DJQxUWuRes5hmVQ96ohDyl/Q8Y0GgxNJvWi46tkXjK/H/0bAA9 0YBTV/qvKKMtKrzP81oZKq1BnmJyILrRzQc6bMqqlj33nM3z2QFhE8dAg1RaJupW qzvD0D23/0zQjv953Rs0x0XdXByzvClNb29qw2/M6VKpCXy7Xkw6MOC3sVG64gd/ maE0+dCvNivfrw+ctqus3dV91p8LozH/xD/qai5zKjeXT/t2FJW/hXN6CgMT93WO mGWm9vN/BfcRZvVp0NHnfzBV7UJ2MhzudBIKp6auhBYm62vSC0mXSR/Bz7tO9O2R TgDp4W1aYu1EDhMFQaZknqYfaRNq26tNc/+E1zINsP5ZdE96KoTnc/Q0NNoXEdLK saDoHPIAXkY49Jn2lPkSvG7mZJzEQ0B/A17alFe+SGd/1irxHRO1ch8sBplaDZn7 iVOnTO+g+U2k7CLKIcLsw30fZIPj6+1rGYFZGZ0v73qcuZXCpapQ14eYUeRHGcHG M4PCmotif19HCLIzHT7v =R3My -----END PGP SIGNATURE-----