WineHQ
Wine Forums

Board index » WineHQ » Wine Help




 Page 1 of 2 [ 40 posts ] Go to page 1, 2  Next



 
Author Message
 Post Posted: Tue Oct 11, 2011 2:25 pm 
Offline
Wine Developer
Wine Developer
User avatar

Joined: Thu Feb 21, 2008 5:26 pm
Posts: 14
Location: Saint Paul, MN
Hi,

I am sad to say that there was a compromise of the WineHQ database system.

What we know at this point that someone was able to obtain unauthorized
access to the phpmyadmin utility. We do not exactly how they obtained
access; it was either by compromising an admins credentials, or by
exploiting an unpatched vulnerability in phpmyadmin.

We had reluctantly provided access to phpmyadmin to the appdb developers
(it is a very handy tool, and something they very much wanted). But it
is a prime target for hackers, and apparently our best efforts at
obscuring it and patching it were not sufficient.

So we have removed all access to phpmyadmin from the outside world.

We do not believe the attackers obtained any other form of access to the
system.

On the one hand, we saw no evidence of harm to any database. We saw no
evidence of any attempt to change the database (and candidly, using the
real appdb or bugzilla is the easy way to change the database).

Unfortunately, the attackers were able to download the full login
database for both the appdb and bugzilla. This means that they have all
of those emails, as well as the passwords. The passwords are stored
encrypted, but with enough effort and depending on the quality of the
password, they can be cracked.

This, I'm afraid, is a serious threat; it means that anyone who uses the
same email / password on other systems is now vulnerable to a malicious
attacker using that information to access their account.

We are going to be resetting every password and sending a private email
to every affected user.

This is again another reminder to never use a common username / password
pair. This web site provides further advice as well:
http://asiknews.wordpress.com/2011/03/0 ... web-sites/

I am very sad to have to report this. We have so many challenges in our
world today that this is a particularly painful form of salt for our wounds.

However, I think it is urgent for everyone to know what happened.

Cheers,

Jeremy


Top 
 Post Posted: Tue Oct 11, 2011 3:40 pm 
 
On Oct 11, 2011, at 12:13 PM, Jeremy White wrote:

Quote:
What we know at this point that someone was able to obtain unauthorized
access to the phpmyadmin utility. We do not exactly how they obtained
access; it was either by compromising an admins credentials, or by
exploiting an unpatched vulnerability in phpmyadmin.

Insecure HTTP access?

Quote:
Unfortunately, the attackers were able to download the full login
database for both the appdb and bugzilla. This means that they have all
of those emails, as well as the passwords. The passwords are stored
encrypted, but with enough effort and depending on the quality of the
password, they can be cracked.

This, I'm afraid, is a serious threat; it means that anyone who uses the
same email / password on other systems is now vulnerable to a malicious
attacker using that information to access their account.

Since bugzilla passwords were sent in cleartext anyway, I sincerely hope none of them were otherwise valuable. (Remember FireSheep?)

Quote:
We are going to be resetting every password and sending a private email
to every affected user.

You might also consider expiring old login cookies.

Quote:
This is again another reminder to never use a common username / password
pair. This web site provides further advice as well:
http://asiknews.wordpress.com/2011/03/0 ... web-sites/

Josh


Top 
 Post subject:
 Post Posted: Tue Oct 11, 2011 3:52 pm 
Offline
Newbie
Newbie

Joined: Tue Oct 11, 2011 2:52 pm
Posts: 1
OK, it's good that you inform us. However, I have a few passwords that I cycle and I don't remember which one I was using here. Is there any way of viewing the old password?


Top 
 Post subject:
 Post Posted: Tue Oct 11, 2011 3:53 pm 
Offline
Site Admin
Site Admin
User avatar

Joined: Thu Feb 21, 2008 3:23 pm
Posts: 72
Location: Minneapolis, MN
jgonera wrote:
OK, it's good that you inform us. However, I have a few passwords that I cycle and I don't remember which one I was using here. Is there any way of viewing the old password?


No, the passwords were encrypted. Best I could do would be to give you the hash of your old password.


Top 
 Post subject:
 Post Posted: Tue Oct 11, 2011 4:41 pm 
Offline
Newbie
Newbie

Joined: Tue Oct 11, 2011 4:39 pm
Posts: 3
I think a hashed password is better than nothing. Who can we contact to get that information?


Top 
 Post subject:
 Post Posted: Tue Oct 11, 2011 5:05 pm 
Offline
Level 2
Level 2

Joined: Fri Oct 07, 2011 6:56 pm
Posts: 11
I changed my password by pressing Forgot Password, so long as you have access to your eMail you signed up with you can use that to reset the password without knowing your old one. I had quite a few sites I had to change my password for, hate it when hackers do this stuff, it really isn't very polite.


Top 
 Post subject:
 Post Posted: Tue Oct 11, 2011 5:07 pm 
Offline
Newbie
Newbie

Joined: Tue Oct 11, 2011 4:39 pm
Posts: 3
That's the problem. I don't know what my old password was, so I don't know what other sites, if any, I've used it for.


Top 
 Post subject:
 Post Posted: Tue Oct 11, 2011 5:12 pm 
Offline
Level 2
Level 2

Joined: Fri Oct 07, 2011 6:56 pm
Posts: 11
Yeah, well in that case you'll have to change passwords on all your important sites where you have power/admin/mod abilities or you may just find that one of them will be taken over and cause damage/data loss.

I've just gone and changed 8 sites, I hope I remember them all now, thank god for cookies and online sync.


Top 
 Post subject:
 Post Posted: Tue Oct 11, 2011 5:17 pm 
Offline
Newbie
Newbie

Joined: Tue Oct 11, 2011 4:39 pm
Posts: 3
jnewman: Can you please send me my old password hash via email? The account email is the same as this forum account.


Top 
 Post Posted: Tue Oct 11, 2011 5:47 pm 
 
On Oct 11, 2011, at 3:37 PM, Conan Kudo (ニール・ゴンパ) wrote:

Quote:
On Tue, Oct 11, 2011 at 3:39 PM, Josh Juran <josh@iswifter.net> wrote:

Quote:
Since bugzilla passwords were sent in cleartext anyway, I sincerely hope none of them were otherwise valuable. (Remember FireSheep?)

Wait, what? Bugzilla sends passwords in cleartext? That isn't very smart... Is there no way to replace this with some sort of client based hashing or something?

To clarify, your browser sends your password to bugzilla in cleartext, since HTTPS isn't an option.

Firesheep was a lesson that even once passwords are secure, session credentials are still vulnerable to sniffing. Some sites went to HTTPS-only sessions after that.

Josh


Top 
 Post Posted: Tue Oct 11, 2011 5:50 pm 
Offline
Wine Developer
Wine Developer

Joined: Fri Feb 22, 2008 8:19 pm
Posts: 2383
2011/10/11 Josh Juran <josh@iswifter.net>:
Quote:
On Oct 11, 2011, at 3:37 PM, Conan Kudo (ニール・ゴンパ) wrote:

Quote:
On Tue, Oct 11, 2011 at 3:39 PM, Josh Juran <josh@iswifter.net> wrote:

Quote:
Since bugzilla passwords were sent in cleartext anyway, I sincerely hope none of them were otherwise valuable.  (Remember FireSheep?)

Wait, what? Bugzilla sends passwords in cleartext? That isn't very smart... Is there no way to replace this with some sort of client based hashing or something?

To clarify, your browser sends your password to bugzilla in cleartext, since HTTPS isn't an option.

Firesheep was a lesson that even once passwords are secure, session credentials are still vulnerable to sniffing. Some sites went to HTTPS-only sessions after that.

http://bugs.winehq.org/show_bug.cgi?id=23791

--
-Austin


Top 
 Post Posted: Tue Oct 11, 2011 5:58 pm 
Offline
Level 2
Level 2

Joined: Fri Jul 04, 2008 9:32 pm
Posts: 10
Thank you so much for letting the users know so early on.

Bugzilla/forum passwords should probably be reset as well for appdb
users, there's no doubt most people share passwords with the appdb.

On Tue, Oct 11, 2011 at 8:13 PM, Jeremy White <jwhite@codeweavers.com> wrote:
Quote:
Hi,

I am sad to say that there was a compromise of the WineHQ database system.

What we know at this point that someone was able to obtain unauthorized
access to the phpmyadmin utility.  We do not exactly how they obtained
access; it was either by compromising an admins credentials, or by
exploiting an unpatched vulnerability in phpmyadmin.

We had reluctantly provided access to phpmyadmin to the appdb developers
(it is a very handy tool, and something they very much wanted).  But it
is a prime target for hackers, and apparently our best efforts at
obscuring it and patching it were not sufficient.

So we have removed all access to phpmyadmin from the outside world.

We do not believe the attackers obtained any other form of access to the
system.

On the one hand, we saw no evidence of harm to any database. We saw no
evidence of any attempt to change the database (and candidly, using the
real appdb or bugzilla is the easy way to change the database).

Unfortunately, the attackers were able to download the full login
database for both the appdb and bugzilla.  This means that they have all
of those emails, as well as the passwords.  The passwords are stored
encrypted, but with enough effort and depending on the quality of the
password, they can be cracked.

This, I'm afraid, is a serious threat; it means that anyone who uses the
same email / password on other systems is now vulnerable to a malicious
attacker using that information to access their account.

We are going to be resetting every password and sending a private email
to every affected user.

This is again another reminder to never use a common username / password
pair.  This web site provides further advice as well:
http://asiknews.wordpress.com/2011/03/0 ... web-sites/

I am very sad to have to report this.  We have so many challenges in our
world today that this is a particularly painful form of salt for our wounds.

However, I think it is urgent for everyone to know what happened.

Cheers,

Jeremy




Top 
 Post Posted: Tue Oct 11, 2011 5:58 pm 
 
Hey everyone,

On 10/11/2011 09:13 PM, Jeremy White wrote:
Quote:
Hi,

I am sad to say that there was a compromise of the WineHQ database system.

What we know at this point that someone was able to obtain unauthorized
access to the phpmyadmin utility. We do not exactly how they obtained
access; it was either by compromising an admins credentials, or by
exploiting an unpatched vulnerability in phpmyadmin.

We had reluctantly provided access to phpmyadmin to the appdb developers
(it is a very handy tool, and something they very much wanted). But it
is a prime target for hackers, and apparently our best efforts at
obscuring it and patching it were not sufficient.

So we have removed all access to phpmyadmin from the outside world.

We do not believe the attackers obtained any other form of access to the
system.

On the one hand, we saw no evidence of harm to any database. We saw no
evidence of any attempt to change the database (and candidly, using the
real appdb or bugzilla is the easy way to change the database).

Unfortunately, the attackers were able to download the full login
database for both the appdb and bugzilla. This means that they have all
of those emails, as well as the passwords. The passwords are stored
encrypted, but with enough effort and depending on the quality of the
password, they can be cracked.

This, I'm afraid, is a serious threat; it means that anyone who uses the
same email / password on other systems is now vulnerable to a malicious
attacker using that information to access their account.

You may also want to change your testbot password if you re-used your password..
https://testbot.winehq.org/ForgotPassword.pl

Cheers,
Maarten


Top 
 Post Posted: Tue Oct 11, 2011 5:59 pm 
 
2011/10/11 Jerome Leclanche <adys.wh@gmail.com>:
Quote:
Thank you so much for letting the users know so early on.

Bugzilla/forum passwords should probably be reset as well for appdb
users, there's no doubt most people share passwords with the appdb.

On Tue, Oct 11, 2011 at 8:13 PM, Jeremy White <jwhite@codeweavers.com> wrote:
Quote:
Hi,

I am sad to say that there was a compromise of the WineHQ database system.

What we know at this point that someone was able to obtain unauthorized
access to the phpmyadmin utility.  We do not exactly how they obtained
access; it was either by compromising an admins credentials, or by
exploiting an unpatched vulnerability in phpmyadmin.

We had reluctantly provided access to phpmyadmin to the appdb developers
(it is a very handy tool, and something they very much wanted).  But it
is a prime target for hackers, and apparently our best efforts at
obscuring it and patching it were not sufficient.

So we have removed all access to phpmyadmin from the outside world.

We do not believe the attackers obtained any other form of access to the
system.

On the one hand, we saw no evidence of harm to any database. We saw no
evidence of any attempt to change the database (and candidly, using the
real appdb or bugzilla is the easy way to change the database).

Unfortunately, the attackers were able to download the full login
database for both the appdb and bugzilla.  This means that they have all
of those emails, as well as the passwords.  The passwords are stored
encrypted, but with enough effort and depending on the quality of the
password, they can be cracked.

This, I'm afraid, is a serious threat; it means that anyone who uses the
same email / password on other systems is now vulnerable to a malicious
attacker using that information to access their account.

We are going to be resetting every password and sending a private email
to every affected user.

This is again another reminder to never use a common username / password
pair.  This web site provides further advice as well:
http://asiknews.wordpress.com/2011/03/0 ... web-sites/

I am very sad to have to report this.  We have so many challenges in our
world today that this is a particularly painful form of salt for our wounds.

However, I think it is urgent for everyone to know what happened.

Cheers,

Jeremy






Thanks for the early notice !

Testbot passwords should also be reset as it seems it doesn't allow
password reset / change ATM. (At least I wasn't able to find that
possibility)

--
Nicolas Le Cam


Top 
 Post Posted: Tue Oct 11, 2011 5:59 pm 
Offline
Level 2
Level 2

Joined: Fri Jul 04, 2008 9:32 pm
Posts: 10
On Tue, Oct 11, 2011 at 8:46 PM, Jerome Leclanche <adys.wh@gmail.com> wrote:
Quote:
Thank you so much for letting the users know so early on.

Bugzilla/forum passwords should probably be reset as well for appdb
users, there's no doubt most people share passwords with the appdb.

On Tue, Oct 11, 2011 at 8:13 PM, Jeremy White <jwhite@codeweavers.com> wrote:
Quote:
Hi,

I am sad to say that there was a compromise of the WineHQ database system.

What we know at this point that someone was able to obtain unauthorized
access to the phpmyadmin utility.  We do not exactly how they obtained
access; it was either by compromising an admins credentials, or by
exploiting an unpatched vulnerability in phpmyadmin.

We had reluctantly provided access to phpmyadmin to the appdb developers
(it is a very handy tool, and something they very much wanted).  But it
is a prime target for hackers, and apparently our best efforts at
obscuring it and patching it were not sufficient.

So we have removed all access to phpmyadmin from the outside world.

We do not believe the attackers obtained any other form of access to the
system.

On the one hand, we saw no evidence of harm to any database. We saw no
evidence of any attempt to change the database (and candidly, using the
real appdb or bugzilla is the easy way to change the database).

Unfortunately, the attackers were able to download the full login
database for both the appdb and bugzilla.  This means that they have all
of those emails, as well as the passwords.  The passwords are stored
encrypted, but with enough effort and depending on the quality of the
password, they can be cracked.

This, I'm afraid, is a serious threat; it means that anyone who uses the
same email / password on other systems is now vulnerable to a malicious
attacker using that information to access their account.

We are going to be resetting every password and sending a private email
to every affected user.

This is again another reminder to never use a common username / password
pair.  This web site provides further advice as well:
http://asiknews.wordpress.com/2011/03/0 ... web-sites/

I am very sad to have to report this.  We have so many challenges in our
world today that this is a particularly painful form of salt for our wounds.

However, I think it is urgent for everyone to know what happened.

Cheers,

Jeremy





Nevermind... had not received the other emails yet.

Best of luck sorting it all out.


JL


Top 
 Post Posted: Tue Oct 11, 2011 5:59 pm 
Offline
Level 1
Level 1

Joined: Sun Jul 17, 2011 2:08 pm
Posts: 6
On Tue, Oct 11, 2011 at 9:13 PM, Jeremy White <jwhite@codeweavers.com>wrote:

Quote:
Hi,

I am sad to say that there was a compromise of the WineHQ database system.

<snip>

Hi,

one question. I'm not worried about my current account, but I had an old
email with an old password recorded in my keychain store. I tried that email
at appdb.winehq.org but it said "user does not exist". Can I assume it was
completely deleted?

Regards,
--
Per Johansson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winehq.org/pipermail/wine-users/attachments/20111011/2944ea43/attachment.html>


Top 
 Post Posted: Tue Oct 11, 2011 6:00 pm 
 
Hi Jeremy,

Could you please reveal details on how the passwords were "encrypted"?
Which hash function, were they salted, was the salt compromised.

This would help the users evaluate just how much is "enough effort"
to crack the passwords.

Thank you.

--
Vasiliy Faronov


Top 
 Post Posted: Tue Oct 11, 2011 6:00 pm 
 
Quote:
Unfortunately, the attackers were able to download the full login
database for both the appdb and bugzilla. This means that they have
all of those emails, as well as the passwords. The passwords are
stored encrypted, but with enough effort and depending on the quality
of the password, they can be cracked.

Could you please explain in detail how these passwords were "encrypted"?
Were they hashed? Using which hash function? Did you use a SALT?

I have a simple password that I use for sites like these, which means
that the hackers now have access to other forums and bug trackers I am
registered in. It's not a problem for me.


Top 
 Post Posted: Tue Oct 11, 2011 6:00 pm 
Offline
Newbie
Newbie

Joined: Mon Aug 30, 2010 7:48 pm
Posts: 2
On Tue, Oct 11, 2011 at 9:13 PM, Jeremy White <jwhite@codeweavers.com> wrote:
Quote:
Hi,

I am sad to say that there was a compromise of the WineHQ database system.

What we know at this point that someone was able to obtain unauthorized
access to the phpmyadmin utility.  We do not exactly how they obtained
access; it was either by compromising an admins credentials, or by
exploiting an unpatched vulnerability in phpmyadmin.


Jeremy,

Almost 2 years ago I have sent you an email privately about a security
hole with the database. To be exactly, the date of the email is Wed,
Jul 29, 2009, 12:00 AM (GMT +02:00). I guess that's probably the same
trick the bad guys have used...

Kind regards,

Matijn Woudt


Top 
 Post Posted: Tue Oct 11, 2011 6:01 pm 
 
On Tue, Oct 11, 2011 at 3:39 PM, Josh Juran <josh@iswifter.net> wrote:

Quote:
On Oct 11, 2011, at 12:13 PM, Jeremy White wrote:

Quote:
Unfortunately, the attackers were able to download the full login
database for both the appdb and bugzilla. This means that they have all
of those emails, as well as the passwords. The passwords are stored
encrypted, but with enough effort and depending on the quality of the
password, they can be cracked.

This, I'm afraid, is a serious threat; it means that anyone who uses the
same email / password on other systems is now vulnerable to a malicious
attacker using that information to access their account.

Since bugzilla passwords were sent in cleartext anyway, I sincerely hope
none of them were otherwise valuable. (Remember FireSheep?)

Josh


Wait, what? Bugzilla sends passwords in cleartext? That isn't very smart...
Is there no way to replace this with some sort of client based hashing or
something?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winehq.org/pipermail/wine-users/attachments/20111011/a513680e/attachment.html>


Top 
 Post Posted: Tue Oct 11, 2011 6:01 pm 
 
2011/10/11 Josh Juran <josh@iswifter.net>

Quote:
On Oct 11, 2011, at 3:37 PM, Conan Kudo ($B%K!<%k!&%4%s%Q(B) wrote:

Quote:
On Tue, Oct 11, 2011 at 3:39 PM, Josh Juran <josh@iswifter.net> wrote:

Quote:
Since bugzilla passwords were sent in cleartext anyway, I sincerely hope
none of them were otherwise valuable. (Remember FireSheep?)
Quote:
Wait, what? Bugzilla sends passwords in cleartext? That isn't very
smart... Is there no way to replace this with some sort of client based
hashing or something?

To clarify, your browser sends your password to bugzilla in cleartext,
since HTTPS isn't an option.

Firesheep was a lesson that even once passwords are secure, session
credentials are still vulnerable to sniffing. Some sites went to HTTPS-only
sessions after that.

Josh



Shouldn't it be possible to modify the login environment so that a salted
hash of the password is produced before sending it to the server, to
strengthen the security a little bit?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winehq.org/pipermail/wine-users/attachments/20111011/65a1b084/attachment.html>


Top 
 Post Posted: Tue Oct 11, 2011 6:16 pm 
 
On Oct 11, 2011, at 3:54 PM, Conan Kudo ($B%K!<%k!&%4%s%Q(B) wrote:

Quote:
2011/10/11 Josh Juran <josh@iswifter.net>

Quote:
To clarify, your browser sends your password to bugzilla in cleartext, since HTTPS isn't an option.

Shouldn't it be possible to modify the login environment so that a salted hash of the password is produced before sending it to the server, to strengthen the security a little bit?

That protects the password itself, but not the privilege it guards.

It also essentially makes Javascript a requirement, which currently it isn't.

Josh


Top 
 Post Posted: Tue Oct 11, 2011 6:18 pm 
Offline
Level 2
Level 2

Joined: Fri Oct 07, 2011 6:56 pm
Posts: 11
tijnema wrote:
On Tue, Oct 11, 2011 at 9:13 PM, Jeremy White <jwhite@codeweavers.com> wrote:
Quote:
Hi,

I am sad to say that there was a compromise of the WineHQ database system.

What we know at this point that someone was able to obtain unauthorized
access to the phpmyadmin utility.  We do not exactly how they obtained
access; it was either by compromising an admins credentials, or by
exploiting an unpatched vulnerability in phpmyadmin.


Jeremy,

Almost 2 years ago I have sent you an email privately about a security
hole with the database. To be exactly, the date of the email is Wed,
Jul 29, 2009, 12:00 AM (GMT +02:00). I guess that's probably the same
trick the bad guys have used...

Kind regards,

Matijn Woudt


Hindsight, this would have been worth re-mentioning (at least once every few months), or IT WAS YOU :P, you knew a way to access the data and decided that if they weren't gonna patch the hole that you could grab the data and show them how wrong it was to ignore you :D (Joking... or am I).

Seriously, security is mostly a joke, if someone wants to get access they can/will, but that is not to say you make it easier for them by leaving holes in your security. I hope in the future reports are treated very serious. PHP is one of the most hackable web services, I am surprised WineHQ has been left alone this long, all my forums have been targeted at one stage of their life cycle. But I now know a way around the security issues (no I wont share or it'll be targeted too).


Top 
 Post Posted: Wed Oct 12, 2011 1:23 am 
Offline
Level 2
Level 2

Joined: Tue Aug 30, 2011 4:12 am
Posts: 14
Hello Jwhite,

Could you share the encryption procedure your system was using to store the hashes in the database? Was it using the secret word
which all so became a public domain? Was it a default Bugzilla authorization method? How much time it would require to brute force the passwords?

In the future try to avoid using "out of the box" encryption which allows passwords to be brute forced. If an attacker wouldn't know
the algorithm the hash was generated with it would be nearly impossible to brute force the hashes.

I recommend to move the authorization mechanics out of the host directories in a way which would prevent an attacker
who gained control over the virtual host files to read authorization algorithms.

How is it possible that you don't know how the passwords were stolen but you know that they were stolen? Aren't there HTTP secure log archive?
Check out host secure log. It's important to understand how the info leaked to close the leak. May be an attacker gained
access to another virtual host and through that access downloaded the database. In this case you may loose information again.

The key to the answer HOW is apache & mysql logs, scrutinize them and you'll understand what happened. If there is an unknown bug in mysqladmin you
will immediately catch it. At least you will know if an attacker got DB access through your host.


Many people around here might be interested if it's really worth changing passwords which are at least 6 letters in length.


You told us that phpmyadmin was obfuscated, it excludes a scanner getting access over the database.
Hacking WINE bugzilla is a foul job and only a teenager kid (or an man which is still young in his soul) would ever do that.
Kids are usually gaining access to the filesystem first. Check out if there is a change in templates... which leaked
the cookies or passwords in files which could be read.

The worst thing that could happen is that the passwords would be decrypted and added to the automatic scanners which probe
the online services but I doubt that kind of intelligence from a person hacking bugzillas.


Thanks for letting us know most of the services prefer to keep silence over these problems.

--
Best regards,
Igor mailto:sprog@online.ru
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winehq.org/pipermail/wine-users/attachments/20111012/1a7d8050/attachment.html>


Top 
 Post Posted: Wed Oct 12, 2011 1:23 am 
 
Could I get my old password hash as well? My Bugzilla account was registered with a different email address, send me a message to this one and I'll respond from the correct one. Seems to me that a savvy hacker might note a request in the open here as a good account to start attacking first.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winehq.org/pipermail/wine-users/attachments/20111011/72a8764d/attachment.html>


Top 
Display posts from previous:  Sort by  
 
 Page 1 of 2 [ 40 posts ] Go to page 1, 2  Next




Board index » WineHQ » Wine Help


Who is online

Users browsing this forum: Bing [Bot] and 25 guests

 
 

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to: