[WordPress Security] PSA: Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2

From: Wordfence <list_at_wordfence.com>
Date: Wed, 6 Dec 2023 13:38:50 -0800

POP Chain requires a separate Object Injection Vulnerability to work but would allow site takeover

Wordfence-Logo.png (https://email.wordfence.com/e3t/Ctc/GC+113/cwG7R04/VVPtgZ2yp5NSW7Xz3vg17xwn6V9TLwZ56Lz0YN5QLhSR3prCCW6N1vHY6lZ3pCV_c3xy4-4bRYW3qfY7G3NS0jfVrtMtm6LY7m2W3x4vsj1gbMH8W9cncGd262vjPW50Y4Ln76Fn1DW4C3WFx1g9KWQW8g4K7Y6M78ncW8qVKpw6dWQNtN74Cc3LFYv22W57F4s88RRlN7W4SwY112_G2mHW567FZk1NhD5TW2qFL818qr9kXW8nFRxw8qFhNkW8L4Dd-7687JGW62N7Cx3TYjKCW4sdDG24LsVkcW5KF28T1P38b8N7nNTZNkKS33W996M2f7JkYldW7WLdsF3Ch2q5f38SrWd04 )

PSA Critical POP Chain Allowing Remote Code Execution Patched in WordPress 6.4.2 (https://email.wordfence.com/e3t/Ctc/GC+113/cwG7R04/VVPtgZ2yp5NSW7Xz3vg17xwn6V9TLwZ56Lz0YN5QLhSd5m_5PW5BWr2F6lZ3nwW45pcnW7JQdh9VQCFF04n0P0xVbnMjx25pxJ9W3yxx632q4TX_Vd6DNh2YqbZSN2JL0kppk0nlW8YrWLt75gqT_VYby-j3pPGPyW4rXJwG4_qK4PW36R_md6lY-c4W8fJpQQ8xrpY3W7TK_SQ4kQmn8W5vxDBP4ylXb-VPk2z22jxbZ5V_TXPZ277_K-W81cLhk4QgtynW4bjyCj6vFwZ8VTZ-Kt7FtKGcW2NPvhk8Tm18YW4pPtrK6srzqpW6NCbcP2pCqzhW4_Slj14zcMwQW6dGJF39j8vRMW5ypkhl6hMV1HW4N6cVy4SF123W73Tph97XZNvKW8fHpCR38VwkPV74XVl7BMmxQW51nltG2KzSGvVgHFSK1SrKxPN2z9Wm6fvDbxW75xP094_tqGmW8PmyXJ1TRMTlW4PpMNf77ry2Bf93Qp_604 )

WordPress 6.4.2 was released today, on December 6, 2023. It includes a patch for a POP chain introduced in version 6.4 that, combined with a separate Object Injection vulnerability, could result in a Critical-Severity vulnerability allowing attackers to execute arbitrary PHP code on the site.

We urge all WordPress users to update to 6.4.2 immediately, as this issue could allow full site takeover if another vulnerability is present.

CONTINUE READING ON THE BLOG
(https://email.wordfence.com/e3t/Ctc/GC+113/cwG7R04/VVPtgZ2yp5NSW7Xz3vg17xwn6V9TLwZ56Lz0YN5QLhSd5m_5PW5BWr2F6lZ3nwW45pcnW7JQdh9VQCFF04n0P0xVbnMjx25pxJ9W3yxx632q4TX_Vd6DNh2YqbZSN2JL0kppk0nlW8YrWLt75gqT_VYby-j3pPGPyW4rXJwG4_qK4PW36R_md6lY-c4W8fJpQQ8xrpY3W7TK_SQ4kQmn8W5vxDBP4ylXb-VPk2z22jxbZ5V_TXPZ277_K-W81cLhk4QgtynW4bjyCj6vFwZ8VTZ-Kt7FtKGcW2NPvhk8Tm18YW4pPtrK6srzqpW6NCbcP2pCqzhW4_Slj14zcMwQW6dGJF39j8vRMW5ypkhl6hMV1HW4N6cVy4SF123W73Tph97XZNvKW8fHpCR38VwkPV74XVl7BMmxQW51nltG2KzSGvVgHFSK1SrKxPN2z9Wm6fvDbxW75xP094_tqGmW8PmyXJ1TRMTlW4PpMNf77ry2Bf93Qp_604 )

Technical Analysis

We’ve written about Object Injection vulnerabilities (https://email.wordfence.com/e3t/Ctc/GC+113/cwG7R04/VVPtgZ2yp5NSW7Xz3vg17xwn6V9TLwZ56Lz0YN5QLhRY5m_5PW50kH_H6lZ3nDW2qMQjF1mqv7ZW4BST9P7JBnHPW4bk8Dc7tQ2cqW3V_rgy3BQq9SW7lH-Vb8Wg-W5W54wWd46qYDYzW5Mbf957T5q7rW670Jmk2pD7n3N95dsRWhMMpVN3L12YB73dsqW1tc3_P7lsg5TW1TYwgS309sX4VKhtLP1yHkFHW3gJh8Q7J7-KyVkw1Jr7xYkYjW8GMn8K2jg3qxW1v3Y_c5SD_h4W2hvSYg1D77HBW8dhSdf423lMqW7826qk3sYZxMW1Npts07j9QNRW2XNf8646fGKsV3Cm_w21TjVbW4wmD9R3VG9S3W7gk7t181yGjhW4S85nm8gjrMhW4LVwqV3rJs1LW4yz9PZ7yNsZ6W8h9LMn1jhGtSW39W2_Q8rBmg2W1DMykM8m2S9MW14h-N_8SswxVf1ZzmF804 ) in the past, and the primary reason most Object Injection vulnerabilities are difficult to exploit is the lack of useful POP chains.

The problem here resides in the WP_HTML_Token class, which was introduced in WordPress 6.4 and is used to improve HTML parsing in the block editor. It includes a __destruct magic method that is automatically executed after PHP has processed the request. This __destruct method uses call_user_func to execute the function passed in through the on_destroy property, accepting the bookmark_name property as an argument:

destructor (https://email.wordfence.com/e3t/Ctc/GC+113/cwG7R04/VVPtgZ2yp5NSW7Xz3vg17xwn6V9TLwZ56Lz0YN5QLhSd5m_5PW5BWr2F6lZ3nwW45pcnW7JQdh9VQCFF04n0P0xVbnMjx25pxJ9W3yxx632q4TX_Vd6DNh2YqbZSN2JL0kppk0nlW8YrWLt75gqT_VYby-j3pPGPyW4rXJwG4_qK4PW36R_md6lY-c4W8fJpQQ8xrpY3W7TK_SQ4kQmn8W5vxDBP4ylXb-VPk2z22jxbZ5V_TXPZ277_K-W81cLhk4QgtynW4bjyCj6vFwZ8VTZ-Kt7FtKGcW2NPvhk8Tm18YW4pPtrK6srzqpW6NCbcP2pCqzhW4_Slj14zcMwQW6dGJF39j8vRMW5ypkhl6hMV1HW4N6cVy4SF123W73Tph97XZNvKW8fHpCR38VwkPV74XVl7BMmxQW51nltG2KzSGvVgHFSK1SrKxPN2z9Wm6fvDbxW75xP094_tqGmW8PmyXJ1TRMTlW4PpMNf77ry2Bf93Qp_604 )

Since an attacker able to exploit an Object Injection vulnerability would have full control over the on_destroy and bookmark_name properties, they can use this to execute arbitrary code on the site to easily gain full control.

While WordPress Core currently does not have any known object injection vulnerabilities, they are rampant in other plugins and themes. The presence of an easy-to-exploit POP chain in WordPress core substantially increases the danger level of any Object Injection vulnerability.

The patch is very simple:

wakeup (https://email.wordfence.com/e3t/Ctc/GC+113/cwG7R04/VVPtgZ2yp5NSW7Xz3vg17xwn6V9TLwZ56Lz0YN5QLhSd5m_5PW5BWr2F6lZ3nwW45pcnW7JQdh9VQCFF04n0P0xVbnMjx25pxJ9W3yxx632q4TX_Vd6DNh2YqbZSN2JL0kppk0nlW8YrWLt75gqT_VYby-j3pPGPyW4rXJwG4_qK4PW36R_md6lY-c4W8fJpQQ8xrpY3W7TK_SQ4kQmn8W5vxDBP4ylXb-VPk2z22jxbZ5V_TXPZ277_K-W81cLhk4QgtynW4bjyCj6vFwZ8VTZ-Kt7FtKGcW2NPvhk8Tm18YW4pPtrK6srzqpW6NCbcP2pCqzhW4_Slj14zcMwQW6dGJF39j8vRMW5ypkhl6hMV1HW4N6cVy4SF123W73Tph97XZNvKW8fHpCR38VwkPV74XVl7BMmxQW51nltG2KzSGvVgHFSK1SrKxPN2z9Wm6fvDbxW75xP094_tqGmW8PmyXJ1TRMTlW4PpMNf77ry2Bf93Qp_604 )

The newly added __wakeup method ensures that any serialized object with the WP_HTML_Token class throws an error as soon as it is unserialized, preventing the __destruct function from executing.

We have released a firewall rule to protect Wordfence Premium (https://email.wordfence.com/e3t/Ctc/GC+113/cwG7R04/VVPtgZ2yp5NSW7Xz3vg17xwn6V9TLwZ56Lz0YN5QLhTq3prCCW7Y8-PT6lZ3ngW3rXwHk1mKp8BW12VcYD2mFY15W1_DkrB1MGwcwN4Jq2jlbp4lxW8XxF-t1c8SFTW52sK-L4M6WfwW5swty797PbvsW50Z9M22y8TBqW4RmvG91mYNfzW5dR5zd18NHvNW4XyvTy5VrzyYVW0Xj83Kc8jfW6WCJsb3CYj-pW3rnDdZ54DYzvW64V-VL1KBV0bW6qBKCS3myRh_W38Q-cR2c6YFkW2clDdj2BqJwxW7NMLzW5KBkGLW7GHmW03fCCvkN4RNhBLWP1VwW65TXpB1h-J-HW4sC0Nf8GkFM5VcSvt-7j9nLKW82mkYq3ST9dBW3MLHy17wppmhf1JK-tP04 ) , Wordfence Care (https://email.wordfence.com/e3t/Ctc/GC+113/cwG7R04/VVPtgZ2yp5NSW7Xz3vg17xwn6V9TLwZ56Lz0YN5QLhTq3prCCW7Y8-PT6lZ3kCTvBVZ29_TJvW23rQc53Zwd3SW11lrZr6xP7WmW5Mk2Qx96gj3fW2CqZZf8bjjynW8_5yHh6RGrshW2HyfbT2qQlG5W7Vjjl_5sg1ySW8YM_tQ5NnGYBW6wxzqQ2zjDsNW7-CLvf1_lkGfVGf1TB88YlNcW8BzcjN1pydwYW3B1PX-29w-5vW8H27wF25jY2DW8JcQF04wR7kDN1yrDFk8TfXLW6kKfgj60TqZDW2hFpr74JDQsqW12RlYb5vYhc4SpFq3fZDCYW7WLjZZ5RwmT9N8rprmDHytbCW5KpMfL6cVVjCN7r4PJ353p0BW8hNqDJ2Q7_dSf12rnd004 ) , and Wordfence Response (https://email.wordfence.com/e3t/Ctc/GC+113/cwG7R04/VVPtgZ2yp5NSW7Xz3vg17xwn6V9TLwZ56Lz0YN5QLhTq3prCCW7Y8-PT6lZ3pdN1jWk03L2FcqW2Bb8yj7zBnZTW7TcF6d5hRc9HW4twTr48ps4gCTj3Vk1FBY-pVk_GWH4B-8p5W7rm2dM9kGbmpW8VNZPg3RQwmWW3b9C911GtX0dW3R5pNS7hww6FW3lpXZM5GR0bvVD-grP1N6X5sW6pqTYM3ZQ02JN2ZhW-_lLkVwW19JmKm51t_NvW665hr755Cf-qW3q-44L7dVXklW5-ThKt6hCgc5W8hxcjX2qMc8PN4HG0WC3HbQ-N2kk3RGQDW_HW2tV_W_7-SYVjW8n9zGt4MwF7SW35vz018Gh5kkW1Jyd557dGmKQW1r4qM91HNKW0f4PhQHn04 ) users. Wordfence free users will receive the same protection in 30 days, on January 5, 2024.

Conclusion

In today’s PSA, we analyzed a patch for a potentially critical issue in WordPress 6.4.2 that could allow attackers to take advantage of any Object Injection vulnerability present in any plugin to execute code. While most sites should automatically update to WordPress 6.4.2, we strongly recommend manually checking your site to ensure that it is updated.

We recommend sharing this advisory with everyone you know who uses WordPress, as this is a potentially critical issue that could lead to complete site takeover.

Did you know that Wordfence has a Bug Bounty Program (https://email.wordfence.com/e3t/Ctc/GC+113/cwG7R04/VVPtgZ2yp5NSW7Xz3vg17xwn6V9TLwZ56Lz0YN5QLhTq3prCCW7Y8-PT6lZ3lcW1HQXc78BLYwVW4TdWBm1j6QB2W72mdLS6bPcdPW5G9Rhw4lbDMDT-F137QmzyLW9bXk307RL4P1W5yRkhg2WvpWsN2m7ks0Mlv3cW7W9f2S3cFKK-W2y1xFz24myrHW516gCt5krjDzW2dy-8Z79_2VwW4FR0JN44Fwr6W8c90ZF1RGB_KF5vfyq9G7YgW3Q456n1vwtt0W2TRpwc99DPGbW9jQQfK81t5MpN8bVQXNtBq_6W8yLnTC1b0_c9Vj7RxR5lc8PlW3qlZHK80VXNRVH7XtY5CM7MHW1X9MW43VRZcDW4YfJ6245TMRmW8DBMHv88fM72f3sk_xR04 ) ? We’ve recently increased our bounties by 6.25x until December 20th, 2023, with our bounties for the most critical vulnerabilities reaching $10,000 USD! If you’re an aspiring or current vulnerability researcher, click here to sign up. (https://email.wordfence.com/e3t/Ctc/GC+113/cwG7R04/VVPtgZ2yp5NSW7Xz3vg17xwn6V9TLwZ56Lz0YN5QLhTq3prCCW7Y8-PT6lZ3krW5GMXq12bzGqCW6PFPTR5DZ0jRW62H6JM7k4v0LN3KhXvQtwH0VW4PGLV98tT3YfN5ZRnb6B-_-JW764M_71k7DvKW1-cnMq7P5rz-W2Lsytt1mXBnJW967Q1J4q9Nl8W6nPFkl4Nt2drW8B2w3k6dKl2tW61r3zc4pjBQFW1L4Nw43KmTj8W2Gjzj71B8bwsW8CPhn-2L3VYrW1VZHJP5fF5fdW5qf06Y20rpTqN7qt08gXVp_jW6TZHGr4f5KbFW1R4kR65JJFxHW4TB4xL6t8sBgW4ckwnm2lNkQSW2WfmGr8dcm_6W25hrZf1BV7FQVgvQ438Qf9gjf8KlTlR04 )

The Full Product Lineup

wf-stacked-free-1 (https://email.wordfence.com/e3t/Ctc/GC+113/cwG7R04/VVPtgZ2yp5NSW7Xz3vg17xwn6V9TLwZ56Lz0YN5QLhTq3prCCW7Y8-PT6lZ3nFW4WLq4x25J1tTW8ZHRlT5_w86DW3Y6HGc6hKZjWVR2DXd3NzP2bW8fNh6j6yk7zYW79FljS6jHJ_HW4nXVqz7k6-2kW5WNzkW82CSy3W489mF81fR5gDVDRCMH58pMdCV1WfbS1tg4JtW84QF0t2NmzyVW92sLqm30RHf4W8WT3mS8DrkkDW5ZTtwb89WJL7N3VrF9CfhpQMW7MFrnL4738zSW4rCsHS5xpDw8W6P8KhH7jBzdDW3pgRVd1gRkx9W2VBCCf4T8TF_W420X0k7wfgZVW4gMxwR6dtmMbW29ZT4r1578VTW6KpzwY27pM0YVKzRC93TJ16Tf2GmZFW04 )

wf-stacked-premium-1 (https://email.wordfence.com/e3t/Ctc/GC+113/cwG7R04/VVPtgZ2yp5NSW7Xz3vg17xwn6V9TLwZ56Lz0YN5QLhTq3prCCW7Y8-PT6lZ3lrW36n-Z92m9M54W4z32cy8d58-hW3zCMP25xCpMyW5sQZl08k_t9VW4-zWS52yxzDzW2LtPZY43mcG-W7Vr7Vs640vcnW3HLzGJ1wqgmpW1x-tXn56NP5mW4VlmZ06CkYTvW1fHrVz4qr_y2W7QpJjb25kkXxW7FRR5B5d37m_W1Xjr6T8NswxsW6WbX-J1g3LLDW11prtp3l9V_CW22H1jB8x1gKVW7l69vN4cd394W6LxLMb1gPswgVX38kg8VYvXyW3xVcl696wH91W2pqmhb88zlzTW18QQzV8DgS7fW8fbcdF4FM-80W65gBHp1SWq0GW4pgD5373KZh-f5Q79hv04 )

wf-stacked-care-3 (https://email.wordfence.com/e3t/Ctc/GC+113/cwG7R04/VVPtgZ2yp5NSW7Xz3vg17xwn6V9TLwZ56Lz0YN5QLhTq3prCCW7Y8-PT6lZ3lCW2GKlL245rjHHW5w67ZL5TC6_NN98dxMyTtr9qM_0qyZFm0k9W688KzF5xlJnRW6f_D1C23w7s_W8Z7Vnt5TQlkLW1dzkjD241FV4W1DFSN38B7QCJW8BY87v77SgJhW6gJyW26z9QXsVbNRSG5VPzwsW1-CTC54QzzMzW2MP8xc1q_1hJW8vg4zF7__FNWW5dGyGg8WQK4XW4pBDMl8-Ry1zW1yjRH88CLBT7W6vXjCg2-4DypW8vVl-459WXzzN2z1qTNqpHzWW6Mrk0j98lBPYW6Vmcvq18dD5YN3WW1slsws2KW7RXDTG5cy_3gN6Fs_pkg0HZ9f8BVVnn04 )

wf-stacked-response-2 (https://email.wordfence.com/e3t/Ctc/GC+113/cwG7R04/VVPtgZ2yp5NSW7Xz3vg17xwn6V9TLwZ56Lz0YN5QLhTq3prCCW7Y8-PT6lZ3pdN1jWk03L2FcqW2Bb8yj7zBnZTW7TcF6d5hRc9HW4twTr48ps4gCTj3Vk1FBY-pVk_GWH4B-8p5W7rm2dM9kGbmpW8VNZPg3RQwmWW3b9C911GtX0dW3R5pNS7hww6FW3lpXZM5GR0bvVD-grP1N6X5sW6pqTYM3ZQ02JN2ZhW-_lLkVwW19JmKm51t_NvW665hr755Cf-qW3q-44L7dVXklW5-ThKt6hCgc5W8hxcjX2qMc8PN4HG0WC3HbQ-N2kk3RGQDW_HW2tV_W_7-SYVjW8n9zGt4MwF7SW35vz018Gh5kkW1Jyd557dGmKQW1r4qM91HNKW0f4PhQHn04 )

wf-stacked-cli (https://email.wordfence.com/e3t/Ctc/GC+113/cwG7R04/VVPtgZ2yp5NSW7Xz3vg17xwn6V9TLwZ56Lz0YN5QLhTq3prCCW7Y8-PT6lZ3pNW6H2D9q8G2NnsW3rpLdn74LJ9vW5gJs7q10r9pSW4hpqM15pFK1yW38dgsy5qm2bbW2c9J6c6vHkP-W7gkzvf81Wp-kW7dRSqb3TvfTLW6XnVmY1YN-K1W2pMzrj8-CtgHW6tpHjv5bbzLBW4XbhLz6sh6wfW6FTTm44C4YBmW8zqj2s4tLXmHVCRf1v29G16PW5jv5BX6792MWW2WHgyS390hGwW16-vJH5fTwtQVV38RB9f-N5fW14f0-Q1hksywW8Wq2_42h1N86W2BH7KB8PVw55N8C1Xcjqk70YW87-8RV85tDK2W5VzG_K4GNnvRW4d1h4w8j4HBMf321x8804 )

wf-stacked-intelligence (https://email.wordfence.com/e3t/Ctc/GC+113/cwG7R04/VVPtgZ2yp5NSW7Xz3vg17xwn6V9TLwZ56Lz0YN5QLhT63prCCW7lCdLW6lZ3n5W72tnqg13t4y9MQkqc1Xp5_fW6p439m3yCnyVW65SNbS7TdsdzVpNTKz7Pl3ZbW1Q2-5Z98c3-WW7jhBKB5sWSR-W7HWHGf9jJlxTW8Tn_pF5q_nR7W5CJdfy4tx1B3W8p0HVg92n7K0W5Sx3Mw53nqNFW3bqgW_1RWHRXW2fwzfb76dYWgW2kNHbd6cMcF7W7-SrpH2-7qPbW190dQ31qgY8GW58_NnZ2S1kjfW4_XMPl8c726DW3DWG652xlG5tW22pkmg8QL85SN6Qv-SyKkfgwW2KCqYw3YFq7qW5X3D1T5VVxqnf7KH2q-04 )

logo-defiant (https://email.wordfence.com/e3t/Ctc/GC+113/cwG7R04/VVPtgZ2yp5NSW7Xz3vg17xwn6V9TLwZ56Lz0YN5QLhSR3prCCW6N1vHY6lZ3nMW4RtpZf2Z0tt6V1vT0w2Qy_ZjW2R3xBX3BtBrbW7g-KCZ99Zm1tW6BnQ068hQ-wpW8py6tF4nWlwmW7tFS8c6RPClLW2wgW_-5w419jVk4lb913r-ztW4_bpWC6bClxfW3zKt-74r0X7kW4TQCbJ92q1V7W59P2XZ31vmgFW81MP0P4byfDDW3JtcgX1ZDpMDMn9S6-lDR0YW4SHYVd7whG2vW3ZSNHj5030m7W7-YbD38dKXQMW95S48j1vzrV4W6gQhmS4NPBscW26BhWB5x_4kNf4qQ2yY04 )

Defiant, Inc., 1700 Westlake Ave N STE 200

Seattle, WA 98109 United States

Unsubscribe (https://email.wordfence.com/hs/manage-preferences/unsubscribe-all?languagePreference=en&d=Vn8Pp4892TtnVsxx1M3JN_XyW41Rcn-4h29fmN6J4V3WmWcMtW8YBjYz77SDMpV25z6c7Zgrl0W8TBq885R_QmFN795wwZ1yf0NW31G9907643CzW73SC2n58-pY4n5x1Rmr1v3&v=3&_hsenc=p2ANqtz--IHTY14Qf9EbWdqrHN8lb-tetfj2atlt5sJynzLlx8dvo_Pii7shDopG2LSPn7rV63u_9x14gqwtrFqkl-f50qyhQL2Q&_hsmi=285515833 ) Manage Preferences (https://email.wordfence.com/hs/manage-preferences/unsubscribe?languagePreference=en&d=Vn8Pp4892TtnVsxx1M3JN_XyW41Rcn-4h29fmN6J4V3WmWcMtW8YBjYz77SDMpV25z6c7Zgrl0W8TBq885R_QmFN795wwZ1yf0NW31G9907643CzW73SC2n58-pY4n5x1Rmr1v3&v=3&_hsenc=p2ANqtz--IHTY14Qf9EbWdqrHN8lb-tetfj2atlt5sJynzLlx8dvo_Pii7shDopG2LSPn7rV63u_9x14gqwtrFqkl-f50qyhQL2Q&_hsmi=285515833 )

ISO_27001 (https://email.wordfence.com/e3t/Ctc/GC+113/cwG7R04/VVPtgZ2yp5NSW7Xz3vg17xwn6V9TLwZ56Lz0YN5QLhSR3prCCW6N1vHY6lZ3n3N2v8GLV8ZP9NW3M65Zx8jgx5_N2x5KGMyWRWGW7kynw48Dt8JZW4Rn6N567CzByVSvDY48_mR8SW86Jt_S2PbMJWW6W4sK43-sRFtV6YSR48Rx0n1W4dtznw1zFnxdW1qKq618jP_f3W3zl8hz7N80--W2KwQSV5W23ppN8-JhK3y5PL6W8WvS9M53nTXlN6-RtjdczMtgW1b8Qr177lGV8V8Y5RM3cz-SsW1zlm0f4-ZQcWW204FpT6fPhrpW4Wpqcg2nlmftW5ZMqBh90xTlSf6_nzJb04 )

You're receiving this email because you signed up to the Wordfence WordPress security mailing list.
Received on Wed Dec 06 2023 - 22:38:53 CET

This archive was generated by hypermail 2.3.0 : Wed Dec 06 2023 - 22:43:57 CET