-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.1171
        IBM Security Bulletin: IBM API Connect Developer Portal is
                     affected multiple vulnerabilities
                               8 April 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM API Connect
Publisher:         IBM
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
                   Virtualisation
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                   Increased Privileges            -- Existing Account            
                   Cross-site Scripting            -- Remote with User Interaction
                   Access Confidential Data        -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-9641 CVE-2019-9639 CVE-2019-9638
                   CVE-2019-9637 CVE-2019-8331 CVE-2019-6341
                   CVE-2019-4155  

Reference:         ESB-2019.1166
                   ESB-2019.1092
                   ESB-2019.1066
                   ESB-2019.1000

Original Bulletin: 
   http://www.ibm.com/support/docview.wss?uid=ibm10879483
   http://www.ibm.com/support/docview.wss?uid=ibm10878775
   http://www.ibm.com/support/docview.wss?uid=ibm10879401
   http://www.ibm.com/support/docview.wss?uid=ibm10879443
   http://www.ibm.com/support/docview.wss?uid=ibm10879575

Comment: This bulletin contains five (5) IBM security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

IBM API Connect Developer Portal is affected by a cross site scripting
vulnerability in Bootstrap (CVE-2019-8331)

Product:             IBM API Connect

Component:           Developer Portal

Software version:    2018.1-2018.4.1.3

Operating system(s): Platform Independent

Reference #:         0879483

Security Bulletin

Summary

IBM API Connect has addressed the following vulnerability.

Vulnerability Details

CVEID: CVE-2019-8331
DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by
improper validation of user-supplied input by the tooltip or popover
data-template. A remote attacker could exploit this vulnerability to execute
script in a victim's Web browser within the security context of the hosting Web
site. An attacker could use this vulnerability to steal the victim's
cookie-based authentication credentials.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
157409 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

IBM API Connect version 2018.1-2018.4.1.3

Remediation/Fixes

+---------------+-------------+-------+--------------------------------------------------------------------------------+
|Affected       |Addressed in |APAR   |Remediation/First Fix                                                           |
|Product        |VRMF         |       |                                                                                |
+---------------+-------------+-------+--------------------------------------------------------------------------------+
|               |             |       |Addressed in IBM API Connect v2018.4.1.4fixpack.                                |
|               |             |       |                                                                                |
|IBM API Connect|             |       |Follow this link and find the appropriate 2018.4.1.4portal package suitable for |
|V2018.1 -      |2018.4.1.4   |LI80764|the form factor ofyour installation.                                            |
|2018.4.1.3     |fixpack      |       |                                                                                |
|               |             |       |http://www.ibm.com/support/fixcentral/swg/quickorderparent=ibm%7EWebSphere&     |
|               |             |       |product=ibm/WebSphere/IBM+API+Connect&release=2018.4.1.3&platform=All&function= |
|               |             |       |all&source=fc                                                                   |
+---------------+-------------+-------+--------------------------------------------------------------------------------+

Workarounds and Mitigations

None

Reference

Complete CVSS v3 Guide
On-line Calculator v3

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

IBM API Connect Support Lifecycle Policy

Change History

April 4, 2019: Original bulletin published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.


====================


IBM API Connect Developer Portal is affected by a cross site scripting
vulnerability in Drupal

Product:             IBM API Connect

Component:           Developer Portal

Software version:    2018.1-2018.4.1.3

Operating system(s): Platform Independent

Reference #:         0878775

Security Bulletin

Summary

IBM API Connect has addressed the following vulnerability.

Vulnerability Details

CVEID: Not Applicable
DESCRIPTION: EU Cookie Compliance module for Drupal is vulnerable to cross-site
scripting, caused by improper validation of user-supplied input. A remote
attacker could exploit this vulnerability to inject malicious script into a Web
page which would be executed in a victim's Web browser within the security
context of the hosting Web site, once the page is viewed. An attacker could use
this vulnerability to steal the victim's cookie-based authentication
credentials.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
157882 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

IBM API Connect version 2018.1-2018.4.1.3

Remediation/Fixes

+---------------+-------------+-------+--------------------------------------------------------------------------------+
|Affected       |Addressed in |APAR   |Remediation/First Fix                                                           |
|Product        |VRMF         |       |                                                                                |
+---------------+-------------+-------+--------------------------------------------------------------------------------+
|               |             |       |Addressed in IBM API Connect v2018.4.1.4fixpack.                                |
|               |             |       |                                                                                |
|IBM API Connect|             |       |Follow this link and find the appropriate 2018.4.1.4portal package suitable for |
|V2018.1 -      |2018.4.1.4   |LI80744|the form factor ofyour installation.                                            |
|2018.4.1.3     |fixpack      |       |                                                                                |
|               |             |       |http://www.ibm.com/support/fixcentral/swg/quickorderparent=ibm%7EWebSphere&     |
|               |             |       |product=ibm/WebSphere/IBM+API+Connect&release=2018.4.1.3&platform=All&function= |
|               |             |       |all&source=fc                                                                   |
+---------------+-------------+-------+--------------------------------------------------------------------------------+

Workarounds and Mitigations

None

Reference

Complete CVSS v3 Guide
On-line Calculator v3

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

IBM API Connect Support Lifecycle Policy

Change History

April 3, 2019: Original bulletin published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.


====================


IBM API Connect Developer Portal is affected by multiple PHP vulnerabilities
(CVE-2019-9641 CVE-2019-9637 CVE-2019-9639 CVE-2019-9638)

Product:             IBM API Connect

Component:           Developer Portal

Software version:    5.0.0.0-5.0.8.5, 2018.1-2018.4.1.3

Operating system(s): Platform Independent

Reference #:         0879401

Security Bulletin

Summary

IBM API Connect has addressed the following vulnerabilities.

Vulnerability Details

CVEID: CVE-2019-9638
DESCRIPTION: PHP could allow a remote attacker to execute arbitrary code on the
system, caused by an uninitialized read flaw in the
exif_process_IFD_in_MAKERNOTE method. An attacker could exploit this
vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158118 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2019-9639
DESCRIPTION: PHP could allow a remote attacker to execute arbitrary code on the
system, caused by an uninitialized read flaw in the
exif_process_IFD_in_MAKERNOTE method. An attacker could exploit this
vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158119 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2019-9637
DESCRIPTION: PHP could allow a remote attacker to obtain sensitive information,
caused by a flaw in the implementation of rename function. By sending a
specially-crafted request, an attacker could exploit this vulnerability to
obtain sensitive information.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158117 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2019-9641
DESCRIPTION: PHP could allow a remote attacker to execute arbitrary code on the
system, caused by an uninitialized read in exif_process_IFD_in_TIFF. An
attacker could exploit this vulnerability to execute arbitrary code on the
system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158121 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM API Connect version V5.0.0.0-5.0.8.5;2018.1-2018.4.1.3

Remediation/Fixes

+------------------------+-----------------+-------+--------------------------------------------------------------------------------+
|Affected Product        |Addressed in VRMF|APAR   |Remediation/First Fix                                                           |
+------------------------+-----------------+-------+--------------------------------------------------------------------------------+
|                        |                 |       |Addressed in IBM API Connect V5.0.8.6fix pack.                                  |
|                        |                 |       |                                                                                |
|                        |                 |       |Developer Portal is impacted. Follow this link and find the APIConnect-Portal   |
|IBM API Connect         |5.0.8.6          |LI80755|package.                                                                        |
|5.0.0.0-5.0.8.5         |                 |       |                                                                                |
|                        |                 |       |http://www.ibm.com/support/fixcentral/swg/quickorderparent=ibm%7EWebSphere&     |
|                        |                 |       |product=ibm/WebSphere/IBM+API+Connect&release=5.0.8.5&platform=All&function=all |
|                        |                 |       |&source=fc                                                                      |
+------------------------+-----------------+-------+--------------------------------------------------------------------------------+
|                        |                 |       |+-----------------------------------------------------------------------------+ |
|                        |                 |       ||Addressed in IBM API Connect v2018.4.1.4fixpack.                             | |
|                        |                 |       ||                                                                             | |
|                        |                 |       ||Developer Portal is impacted. Follow this link and find the "portal" package | |
|IBM API Connect V2018.1 |2018.4.1.4fixpack|LI80755||appropriate for the form factor of your installation for 2018.4.1.4.         | |
|- 2018.4.1.3            |                 |       ||                                                                             | |
|                        |                 |       ||http://www.ibm.com/support/fixcentral/swg/quickorderparent=ibm%7EWebSphere&  | |
|                        |                 |       ||product=ibm/WebSphere/IBM+API+Connect&release=2018.4.1.3&platform=All&       | |
|                        |                 |       ||function=all&source=fc                                                       | |
|                        |                 |       |+-----------------------------------------------------------------------------+ |
+------------------------+-----------------+-------+--------------------------------------------------------------------------------+

Workarounds and Mitigations

None

Reference

Complete CVSS v3 Guide
On-line Calculator v3

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

IBM API Connect Support Lifecycle Policy

Change History

April 3, 2019: Original bulletin published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.


====================


IBM API Connect Developer Portal is by Cross Site Scripting(XSS) in Drupal core
(CVE-2019-6341)

Product:             IBM API Connect

Component:           Developer Portal

Software version:    5.0.0.0-5.0.8.5, 2018.1-2018.4.1.3

Operating system(s): Platform Independent

Reference #:         0879443

Security Bulletin

Summary

IBM API Connect has addressed the following vulnerability.

Vulnerability Details

CVEID: Not Applicable
DESCRIPTION: AddToAny Share Buttons Module for Drupal is vulnerable to
cross-site scripting, caused by improper validation of user-supplied input. A
remote authenticated attacker could exploit this vulnerability to inject
malicious script into a Web page which would be executed in a victim's Web
browser within the security context of the hosting Web site, once the page is
viewed. An attacker could use this vulnerability to steal the victim's
cookie-based authentication credentials.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158450 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2019-6341
DESCRIPTION: Drupal core is vulnerable to cross-site scripting, caused by
improper validation of user-supplied input by the File module/subsystem. A
remote attacker could exploit this vulnerability using the file upload to
inject malicious script into a Web page which would be executed in a victim's
Web browser within the security context of the hosting Web site, once the page
is viewed. An attacker could use this vulnerability to steal the victim's
cookie-based authentication credentials.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158445 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

IBM API Connect versions

+-----------------+
|5.0.0.0-5.0.8.5  |
+-----------------+
|2018.1-2018.4.1.3|
+-----------------+

Remediation/Fixes

+------------------------+-----------------+-------+---------------------------------------------------------------------------------+
|Affected Product        |Addressed in VRMF|APAR   |Remediation/First Fix                                                            |
+------------------------+-----------------+-------+---------------------------------------------------------------------------------+
|                        |                 |       |Addressed in IBM API Connect V5.0.8.6fixpack.                                    |
|                        |                 |       |                                                                                 |
|                        |                 |       |Developer Portal is impacted.                                                    |
|IBM API Connect         |                 |       |                                                                                 |
|5.0.0.0-5.0.8.5         |5.0.8.6 fixpack  |LI80743|Follow this link and find the APIConnect-Portal package.                         |
|                        |                 |       |                                                                                 |
|                        |                 |       |http://www.ibm.com/support/fixcentral/swg/quickorderparent=ibm%7EWebSphere&      |
|                        |                 |       |product=ibm/WebSphere/IBM+API+Connect&release=5.0.8.5&platform=All&function=all  |
|                        |                 |       |&source=fc                                                                       |
+------------------------+-----------------+-------+---------------------------------------------------------------------------------+
|                        |                 |       |+-----------------------------------------------------------------------------+  |
|                        |                 |       ||Addressed in IBM API Connect v2018.4.1.4fixpack.                             |  |
|                        |                 |       ||                                                                             |  |
|                        |                 |       ||Developer Portal is impacted.                                                |  |
|IBM API Connect V2018.1 |                 |       ||                                                                             |  |
|- 2018.4.1.3            |2018.4.1.4fixpack|LI80743||Follow this link and find the "portal" package appropriate for the form      |  |
|                        |                 |       ||factor of your installation:                                                 |  |
|                        |                 |       ||http://www.ibm.com/support/fixcentral/swg/quickorderparent=ibm%7EWebSphere&  |  |
|                        |                 |       ||product=ibm/WebSphere/IBM+API+Connect&release=2018.4.1.3&platform=All&       |  |
|                        |                 |       ||function=all&source=fc                                                       |  |
|                        |                 |       |+-----------------------------------------------------------------------------+  |
+------------------------+-----------------+-------+---------------------------------------------------------------------------------+

Workarounds and Mitigations

None

Reference

Complete CVSS v3 Guide
On-line Calculator v3

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

IBM API Connect Support Lifecycle Policy

Change History

April 3, 2019: Original bulletin published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.


====================


IBM API Connect's Developer Portal is impacted by a privilege escalation
vulnerability (CVE-2019-4155)

Product:             IBM API Connect

Component:           Developer Portal

Software version:    2018.1-2018.4.1.3

Operating system(s): Platform Independent

Reference #:         0879575

Security Bulletin

Summary

IBM API Connect has addressed the following vulnerability.

Vulnerability Details

CVEID: CVE-2019-4155
DESCRIPTION: IBM API Connect's Developer Portal is impacted by a privilege
escalation vulnerability when integrated with an OpenID Connect (OIDC) user
registry.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158544 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM API Connect version 2018.1-2018.4.1.3

Remediation/Fixes

+---------------+-------------+-------+--------------------------------------------------------------------------------+
|Affected       |Addressed in |APAR   |Remediation/First Fix                                                           |
|Product        |VRMF         |       |                                                                                |
+---------------+-------------+-------+--------------------------------------------------------------------------------+
|               |             |       |Addressed in IBM API Connect v2018.4.1.4fixpack.                                |
|               |             |       |                                                                                |
|IBM API Connect|             |       |Follow this link and find the appropriate 2018.4.1.4 Developer Portal package   |
|V2018.1 -      |2018.4.1.4   |LI80678|suitable for the form factor ofyour installation.                               |
|2018.4.1.3     |fixpack      |       |                                                                                |
|               |             |       |http://www.ibm.com/support/fixcentral/swg/quickorderparent=ibm%7EWebSphere&     |
|               |             |       |product=ibm/WebSphere/IBM+API+Connect&release=2018.4.1.3&platform=All&function= |
|               |             |       |all&source=fc                                                                   |
+---------------+-------------+-------+--------------------------------------------------------------------------------+

Workarounds and Mitigations

None

Reference

Complete CVSS v3 Guide
On-line Calculator v3

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

IBM API Connect Support Lifecycle Policy

Change History

April 4, 2019: Original bulletin published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXKrWhGaOgq3Tt24GAQiROxAAiGYC0C5WQ31E6px6nlH8NdnvohSHpalJ
NnKGUlWoW7oblFKBFtCqDpPJ2zawu4iG5DvzSTQCH0FFMIU8UQLLRCGMIF8T5sBD
7nx5yM3NzsqCA8P5YxYYpgEEN86KV0B71XQ5Nicl1JsV3yjXourNlOVh3lCRj/He
Ls0AecgFVGDRMpp1+4GkhiuRicFZlZ2vx0qkkHdIpn+ZpouUYqkJO3HG8+hCiW2W
aWoqBp7j9THRnp82PiItvx7eT/rO502AGX+hBeizm/VQcCRrMf8s3uPsSLgTHiAO
OohPJ954FY8tjk4onfM+FDDKScbCUdpT0jh2IoTVf2wbmZURxhjlS6BvsQCkcpiS
z4MlWuxqaZd+1KgUVl8ohIvExSpH+RQdB/ZTLN3TrpgVWoRDBvJ+I5RBkiwwyAPu
tTRkAg4fw8B+9ASQ+ISP9rjR2Hn3I8qXOZ0VXjTLQpbiy/A75qUIQFThmNnjgB27
x/UoZvkvz323U37guyIc7fYirltHBKXyTZcTU2yHW8pwrY1D+PYdy3nwTeC2SuQ0
RfDriw9Mpn90lxHtaG8bQUcn8s6mrTqp66Q7nLBmi4wPMtFR3Cu0rHGRda9Prc/u
LddPRYdoQyDCZEipqVxzrMHAqHrFuc+Y3SzKyYPAd/TuZgjCvfje7kwjOFt7VkgJ
AZVvnalAfpQ=
=XjNb
-----END PGP SIGNATURE-----