<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body>
<p>Hi John and Alan,</p>
<p><br>
</p>
<p>Yes, a JavaScript solution would definitely be a preference to
using LaTeX. <br>
</p>
<p><br>
</p>
<p>Alan: It would be useful to see your changes to latex2png. If a
Javascript solution is not forthcoming, I will see if this can be
used as an alternative for future versions of EPrints if it is no
longer vulnerable to being exploited. I removed this CGI script
rather than seeing whether paramaters could be sanitized, as I was
not aware of it being specifically used by any repositories and it
seemed unlikely to be in general use as latex and dvips binaries
would need to be additionally installed and further configuration
required to make use of this CGI script.</p>
<p><br>
</p>
<p>Regards</p>
<p><br>
</p>
<p>David Newman<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 24/02/2021 14:35, John Salter via
Eprints-tech wrote:<br>
</div>
<blockquote type="cite" cite="mid:EMEW3|5eec185edca14c6263946f14f899f16ax1NErc14eprints-tech-bounces|ecs.soton.ac.uk|DB6PR0301MB256552CAA538817B0FC75625C49F9@DB6PR0301MB2565.eurprd03.prod.outlook.com">
<style type="text/css" style="display:none;">P {margin-top:0;margin-bottom:0;}</style>
<div style="padding-bottom: 10px; padding-top: 5px;">
<div style="padding:12px; border:1px solid #8D3970;
background-color:#F7F9FA; color:#8D3970; font-size:14px;
line-height:22px; font-family: Calibri, Arial, Helvetica,
sans-serif;">
<strong>CAUTION:</strong> This e-mail originated outside the
University of Southampton.
</div>
</div>
<div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
I was wondering if anyone had integrated any javascript
libraries (e.g. <a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mathjax.org%2F&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Ca288c57ec40a4479a4f708d8d8d7cb9f%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637497768643213735%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=qWXu4p3D21N363aGGMSl9HPM%2B6zHkjQE6XDZxFNoJo4%3D&reserved=0" originalSrc="https://www.mathjax.org/" shash="fMnFrTeNWsTqjJWOll3TtL2DSKR997tbCI3X3WrNIjhT2h4s+xTeeHx9ZtSaObxvmRHEEI9EswpZRfaMTHd50+L+qAmH6R/3k02/DDo4sA4Ia/CBWS68EFOVfa9yIc8QSsxqCqWU9TRbQ5Bl2++897VyzguNaPc0J9t8yiZmWQU=" originalsrc="https://www.mathjax.org/" shash="Ouwo5jahZSvJqb7jOnLxAPcNYWw8Byj4RUyf9x8rlNyzC+2YlAr6410DZO4Jeu5c0HkzlY5lE1J6xg5XVhxDs8c3YlOOk44SFqYwZsBTlx5qRLW9ZU9v7qLSguwahT8IuJ8kJToCV1524mA4AGES/vVFOIHUr2hei5T6fxov4yc=" id="LPlnk" moz-do-not-send="true">https://www.mathjax.org/</a>) to
achieve something similar to this?<br>
<br>
Cheers,</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
John</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b>
<a class="moz-txt-link-abbreviated" href="mailto:eprints-tech-bounces@ecs.soton.ac.uk">eprints-tech-bounces@ecs.soton.ac.uk</a>
<a class="moz-txt-link-rfc2396E" href="mailto:eprints-tech-bounces@ecs.soton.ac.uk"><eprints-tech-bounces@ecs.soton.ac.uk></a> on behalf of
Alan.Stiles via Eprints-tech
<a class="moz-txt-link-rfc2396E" href="mailto:eprints-tech@ecs.soton.ac.uk"><eprints-tech@ecs.soton.ac.uk></a><br>
<b>Sent:</b> 24 February 2021 14:03<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:eprints-tech@ecs.soton.ac.uk">eprints-tech@ecs.soton.ac.uk</a>
<a class="moz-txt-link-rfc2396E" href="mailto:eprints-tech@ecs.soton.ac.uk"><eprints-tech@ecs.soton.ac.uk></a><br>
<b>Subject:</b> Re: [EP-tech] EPrints Security Announcement
- February 2020</font>
<div> </div>
</div>
<style>@font-face
{font-family:"Cambria Math"}@font-face
{font-family:Calibri}p.x_MsoNormal, li.x_MsoNormal, div.x_MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif}a:link, span.x_MsoHyperlink
{color:blue;
text-decoration:underline}span.x_EmailStyle20
{font-family:"Calibri",sans-serif;
color:windowtext}.x_MsoChpDefault
{font-size:10.0pt}div.x_WordSection1
{}</style>
<div link="blue" vlink="purple" style="word-wrap:break-word" lang="EN-GB">
<div style="padding-bottom:10px; padding-top:5px">
<div style="padding:12px; border:1px solid #8D3970;
background-color:#F7F9FA; color:#8D3970; font-size:14px;
line-height:22px;
font-family:Calibri,Arial,Helvetica,sans-serif">
<strong>CAUTION:</strong> This e-mail originated outside
the University of Southampton.
</div>
</div>
<div>
<div class="x_WordSection1">
<p class="x_MsoNormal"><span style="">The patch does leave
latex2png empty.</span></p>
<p class="x_MsoNormal"><span style="">We still use this to
include e.g. mathematical symbology in item abstracts
so we have added some sanitisation to the input
parameter in that cgi script rather than removing the
function completely (3.3.15 or 16 here).</span></p>
<p class="x_MsoNormal"><span style=""> </span></p>
<p class="x_MsoNormal"><span style="">Alan</span></p>
<p class="x_MsoNormal"><span style=""> </span></p>
<div style="border:none; border-top:solid #B5C4DF 1.0pt;
padding:3.0pt 0cm 0cm 0cm">
<p class="x_MsoNormal"><b><span style="font-size:12.0pt;
color:black">From: </span>
</b><span style="font-size:12.0pt; color:black"><a class="moz-txt-link-rfc2396E" href="mailto:eprints-tech-bounces@ecs.soton.ac.uk"><eprints-tech-bounces@ecs.soton.ac.uk></a>
on behalf of <a class="moz-txt-link-rfc2396E" href="mailto:eprints-tech@ecs.soton.ac.uk">"eprints-tech@ecs.soton.ac.uk"</a>
<a class="moz-txt-link-rfc2396E" href="mailto:eprints-tech@ecs.soton.ac.uk"><eprints-tech@ecs.soton.ac.uk></a><br>
<b>Reply to: </b><a class="moz-txt-link-rfc2396E" href="mailto:eprints-tech@ecs.soton.ac.uk">"eprints-tech@ecs.soton.ac.uk"</a>
<a class="moz-txt-link-rfc2396E" href="mailto:eprints-tech@ecs.soton.ac.uk"><eprints-tech@ecs.soton.ac.uk></a>, James Kerwin
<a class="moz-txt-link-rfc2396E" href="mailto:jkerwin2101@gmail.com"><jkerwin2101@gmail.com></a><br>
<b>Date: </b>Wednesday, 24 February 2021 at 13:41<br>
<b>To: </b><a class="moz-txt-link-rfc2396E" href="mailto:eprints-tech@ecs.soton.ac.uk">"eprints-tech@ecs.soton.ac.uk"</a>
<a class="moz-txt-link-rfc2396E" href="mailto:eprints-tech@ecs.soton.ac.uk"><eprints-tech@ecs.soton.ac.uk></a>, David R Newman
<a class="moz-txt-link-rfc2396E" href="mailto:drn@ecs.soton.ac.uk"><drn@ecs.soton.ac.uk></a><br>
<b>Subject: </b>Re: [EP-tech] EPrints Security
Announcement - February 2020</span></p>
</div>
<div>
<p class="x_MsoNormal"> </p>
</div>
<div style="border:solid black 1.0pt; padding:1.0pt 4.0pt
1.0pt 4.0pt; background:#FFFFCC">
<p style="background:#FFFFCC; border:none; padding:0cm"><span style="font-family:"Arial",sans-serif;
color:black">CAUTION: This mail comes from outside
the University. Please consider this before opening
attachments, clicking links, or acting on the
content.
</span><span style="font-family:"Arial",sans-serif"></span></p>
</div>
<div>
<div>
<div style="border:solid #8D3970 1.0pt; padding:9.0pt
9.0pt 9.0pt 9.0pt">
<p class="x_MsoNormal" style="line-height:16.5pt;
background:#F7F9FA"><strong><span style="font-size:10.5pt;
font-family:"Calibri",sans-serif;
color:#8D3970">CAUTION:</span></strong><span style="font-size:10.5pt; color:#8D3970"> This
e-mail originated outside the University of
Southampton. </span></p>
</div>
</div>
<div>
<div>
<p class="x_MsoNormal">Hi David, </p>
<div>
<p class="x_MsoNormal"> </p>
</div>
<div>
<p class="x_MsoNormal">Thank you very much for
bringing this to our attention and providing the
solutions.</p>
</div>
<div>
<p class="x_MsoNormal"> </p>
</div>
<div>
<p class="x_MsoNormal">Shamefully, we are still on
3.3.14 (I promise we are upgrading this year).
The patch mentioned works on 3.3.16 and the page
says it might work on earlier versions (a brief
look through two of the files suggests they're
more or less the same as those for 3.3.16)</p>
</div>
<div>
<p class="x_MsoNormal"> </p>
</div>
<div>
<p class="x_MsoNormal">In my attempt to avoid any
problems that could result from "might" are
these the files that need altering if I were to
do it manually:</p>
</div>
<div>
<p class="x_MsoNormal"> </p>
</div>
<div>
<p class="x_MsoNormal"> /cgi/ajax/phrase :
CVE-2021-26703</p>
</div>
<div>
<p class="x_MsoNormal">/cgi/latex2png :
CVE-2021-3342</p>
</div>
<div>
<p class="x_MsoNormal">/cgi/toolbox/toolbox :
CVE-2021-26704</p>
</div>
<div>
<p class="x_MsoNormal"> </p>
</div>
<div>
<p class="x_MsoNormal">There also appears to be
some changes to be made to XML.pm</p>
</div>
<div>
<p class="x_MsoNormal"> </p>
</div>
<div>
<p class="x_MsoNormal">Am I interpreting it
correctly where it looks as though latex2png
will be left as an empty file (deleted) by the
end?</p>
</div>
<div>
<p class="x_MsoNormal"> </p>
</div>
<div>
<p class="x_MsoNormal">I think the page makes it
very clear that these are the files that are
affected, but I just want to check there aren't
any others that the patch addresses. I have
looked at the patch, but I try not to
underestimate my ability to totally
misunderstand the most obvious of things.</p>
</div>
<div>
<p class="x_MsoNormal"> </p>
</div>
<div>
<p class="x_MsoNormal">My plan is to try the
command first on a test EPrints server and if it
doesn't work, do it manually.<br>
<br>
Thanks,</p>
</div>
<div>
<p class="x_MsoNormal">James</p>
</div>
</div>
<p class="x_MsoNormal"> </p>
<div>
<div>
<p class="x_MsoNormal">On Wed, Feb 24, 2021 at
9:27 AM David R Newman via Eprints-tech <<a href="mailto:eprints-tech@ecs.soton.ac.uk" moz-do-not-send="true">eprints-tech@ecs.soton.ac.uk</a>>
wrote:</p>
</div>
<blockquote style="border:none; border-left:solid
#CCCCCC 1.0pt; padding:0cm 0cm 0cm 6.0pt;
margin-left:4.8pt; margin-right:0cm">
<div>
<p>Hi all, </p>
<div>
<div>
<p class="x_MsoNormal">EPrints Services was
recently made aware of a small number of
security vulnerabilities within the
EPrints codebase, affecting both EPrints
3.4 and EPrints 3.3.</p>
</div>
<div>
<p class="x_MsoNormal">I have created two
patch files to fix the vulnerabilities and
uploaded them to
<a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Ffiles.eprints.org%2F&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Ca288c57ec40a4479a4f708d8d8d7cb9f%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637497768643223690%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=dJzPWGwu2xXgYdF1ZNhNqLWS1jxTqc0DNpHnpGVNp0w%3D&reserved=0" originalSrc="http://files.eprints.org/" shash="Qs9uqa5+f1PR/5gtRC6DOynCYOd/viG4JmtNrbsD+iU0HFd+eur2TfHlx5wKWiy7eAL+D8tU62efSENDW/01jLx8M/ubWzl7X1uRrTw6enXgmsQlB1aPQf/mgyyxjhNEnuYUhpqbglt+mTiVtAu61wKBXyANx0Q48VlQ9T8WGB8=" originalsrc="http://files.eprints.org/" shash="W9ZeMtT2Kg+am2n/IXf6D/Qhheqps/MR8UZoTnllxlgougdhCFz42jDDFa8Rcx7gb/MljubokDwJz9TMrvyHMnFX8gcvxpt6n9YjVG/WEwcA9nisZj3hJIQOt63OPPLIvxhY0HEG30hOHSwg0hZlf2kdCA/lpq7pIByOd6w6+hs=" target="_blank" moz-do-not-send="true">
files.eprints.org</a>.</p>
</div>
</div>
<div>
<p class="x_MsoNormal"> </p>
</div>
<p class="x_MsoNormal">- EPrints 3.4.2 : <a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffiles.eprints.org%2F2548%2F&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Ca288c57ec40a4479a4f708d8d8d7cb9f%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637497768643223690%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=SrYNwfrESHcPNaXqhbjT1eHVZ6cPLNlDpBlmCuZxvs8%3D&reserved=0" originalSrc="https://files.eprints.org/2548/" shash="dfkLLj+VwZKsVDsFaOQmKTZB3qcX1gVgv4IHlinoc7D4bs6dWPoHi+bRG821HMDggPdMcsjTEVVjEwYTQQGCyQe+w+Q35kMnM3BT4MN1u11HChxX02u5z+ZRMZxh9OnEac+10FPhWQGGtzs4nF6dZJSoFCHqEVqUOHRQkiANQeM=" originalsrc="https://files.eprints.org/2548/" shash="CKTZTFJed8L4Kx/n4Lpe49d6PZHfMhfQE099NdGFiLAD46qpWJkKJOKj7HQzgE76ZsGq+pFv4h8ozgu/5/vlBA/lAdD3KEHXuf50yLiZRmOEookIIyc6JpKvJo5h849BFbEBr8MJlOnME5AmsRlmgPH+ikHI5OnqGKmzGAlokDs=" target="_blank" moz-do-not-send="true">
https://files.eprints.org/2548/</a> <br>
- EPrints 3.3.x : <a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffiles.eprints.org%2F2549%2F&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Ca288c57ec40a4479a4f708d8d8d7cb9f%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637497768643233645%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Tn7AyGDCeotgarTxnRlswUTLeW%2FtDaRF9fHV1yunlcQ%3D&reserved=0" originalSrc="https://files.eprints.org/2549/" shash="jFTCGBHt4unhEcVYsQxz/AfZX1nC5p4z//jWHxX7kSrAuD3reyE8UJu/0xjxAek/TAylZita7DSQp6ifk86NwU8lMIfZttm0kwNpYfigyyeS6ck17QgwWJU0Gc97RgczMZYXcGKpWehYZGmqNWpOBTU9AYfEFV7p+7tkLGQNLHA=" originalsrc="https://files.eprints.org/2549/" shash="rBve8qs4lwRsD4oJy8ezcwKwhJv/Ep5UYwbmXHszEBrG/M4Fnk6Sra2J3sLvA47FiioaTRSgq2OML8E48RN5IMqBXCmiQRFieqVSikG3d1lxwzF69DiL4iwhKJUat03e6KH8R1Llz/6eB6RmYcxwpn/7KtGTxnLxQ88gw2sPTWE=" target="_blank" moz-do-not-send="true">
https://files.eprints.org/2549/</a> <br>
<br>
The former fixes the EPrints 3.4.2 release and
the latter fixes EPrints 3.3 (based on the
current HEAD of
<a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Ca288c57ec40a4479a4f708d8d8d7cb9f%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637497768643233645%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=m%2FDkl6Frjxu0PHEdU0m2zU74Ncu2%2BQZ1gdRWWhBLOIs%3D&reserved=0" originalSrc="https://github.com/eprints/eprints" shash="ZA3MalwAsNRflxozgUzQxo2PVC00hvwrrW9eZoO7kXz9TfP2ohI8OkV3C4szBMqFcWDBQ2+lDViYPg3RXMb/k8s3k+80Z29c7AZbFtZsKdn4/egxzGSsMPEsNTlMfvknsLjVxFHO/Ub8kqoNP3sDisEiJ9nVDeurLyNrlSzbo7k=" originalsrc="https://github.com/eprints/eprints" shash="cyNveRfMRDiId8Si4mwEf19RKZ5Vh0kQ+qPeIpWgRjVn/uWovF4rcw+yECFVYtZgG3ZRjBPbSs+0bXvPtmL8/d3hkv0QxbU5STuYRtckKl1yBI4Pd/5HLZAzLwKNnULDQWF1kZ/M2WKwRjRRcHXI1byJSTAkjfbfopszueMxiQc=" target="_blank" moz-do-not-send="true">
https://github.com/eprints/eprints</a>).
These links also provide instructions on how
to apply the patch file and some more details
on the affected files. There are references
to the Common Vulnerabilities and Exposure
(CVE) IDs but as of now these are yet to be
published. All the vulnerabilities identified
relate to either Cross-Site Scripting (XSS) or
Remote Code Execution (RCE) vulnerabilities.
All of these vulnerabilities would require
analysis of the codebase to determine an
exploit. It is very unlikely that generic
tools used to identify vulnerabilities would
discover these, as specific knowledge is
required.
<br>
<br>
I have also updated to patch these
vulnerabilities on both the eprints and
eprints3.4 GitHub repositories for the eprints
organisation (<a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Ca288c57ec40a4479a4f708d8d8d7cb9f%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637497768643243608%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=V9SbVhfdgrFmKoxnSjH66rviGF6JEAteLIlRvCKg79k%3D&reserved=0" originalSrc="https://github.com/eprints" shash="PPg0odWMC7rIbRXNZldngR1+uJBeLMXkP4A2tIW0je51cpaeNGrMyJhjUcMKf/eSntfRatEjtnCfTz5KbL08UckQ2zar/cSithTBUox97XoVRqVkOv+tOAibiq0lrGW/7pQALxczgDeBH1DuI0V0vM6Ir5F3FdHv6fY8iUWTBKw=" originalsrc="https://github.com/eprints" shash="K/KvvsEiFttbTmbKSPzsrlefwTE/3MazLte7S7wX/zIwyg1RjMphjBFWNsGLVgwu1ZuRxvW+EtY82ZJgmMKYT/j4+OgbzOxz2yOe4mCU1QZ/ta6p0HC0Bz/0E3aRoh9RgJUqCd9QHzmEnHvCEIMJ71y8EX6nz661sHQuo/LoOAM=" target="_blank" moz-do-not-send="true">https://github.com/eprints</a>).
The next release of EPrints 3.4 (3.4.3) will
have these security fixes in place.
<br>
<br>
EPrints Services customers both those who
EPrints Services host and those that self-host
have either been patched or where this has not
been possible, informed of the vulnerabilities
and how they can be fixed.<br>
<br>
If you have any follow-up questions please
feel free to ask. Hopefully, the CVEs will be
published shortly for those interested in more
detail. However, they were raised by a third
party, who I have only just given go-ahead to
make these public.
<br>
<br>
Regards <br>
<br>
David Newman </p>
<div id="x_gmail-m_135838354472599755DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2">
<p class="x_MsoNormal"> </p>
<table class="x_MsoNormalTable" style="border:none; border-top:solid #D3D4DE
1.0pt" cellpadding="0" border="1">
<tbody>
<tr>
<td style="width:41.25pt; border:none;
padding:9.75pt .75pt .75pt .75pt" width="55">
<p class="x_MsoNormal"><a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2Femail-signature%3Futm_medium%3Demail%26utm_source%3Dlink%26utm_campaign%3Dsig-email%26utm_content%3Demailclient&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Ca288c57ec40a4479a4f708d8d8d7cb9f%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637497768643243608%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=VQUJ7h%2FT223vzsolKtkOLk5wtCE%2FMXgnCmh0wtvDUt0%3D&reserved=0" originalSrc="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" shash="WM1iNv0Qz2AGAQVGHpndURlDWlFzpXxRFrd+LjGvdM/N/lUlTYDfXIzA18BEVR90mkCNn0OkvRmXCohHX3GyAC/ufnVHJnLzDbIvKBgi5jWFb5cqm7QM9Dof4Bh2R7/Pqkw5YPnuD/8O6/wYnpzlpm5KTcmmhRNzCZBpqtdCVG0=" originalsrc="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" shash="vI4ueNITED7yYPtx1kkhwkcKNQGk/VWmZPLqrtAeglg72DQ87WXfxk6y5IGBWray0wyn8pYtQFXBwTJL4f7UKnECPZ+0NPG/pJav7Pkk2/SixOI4DmrqQ9UNPKaYcGNYSF8NClJCQ9z6wYrjIoe4U2cLWCA+jrdKEr2VM69c27A=" target="_blank" moz-do-not-send="true"><span style="color:windowtext;
text-decoration:none"><span style="color:blue;
border:solid windowtext 1.0pt;
padding:0cm"><img id="x__x0000_i1025" alt="Image removed by
sender." style="width:.4791in;
height:.302in" data-outlook-trace="F:0|T:1" src="cid:~WRD0000.jpg" moz-do-not-send="true" width="46" height="29" border="0"></span></span></a></p>
</td>
<td style="width:352.5pt; border:none;
padding:9.0pt .75pt .75pt .75pt" width="470">
<p class="x_MsoNormal" style="line-height:13.5pt"><span style="font-size:10.0pt;
font-family:"Arial",sans-serif;
color:#41424E">Virus-free.
<a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.avg.com%2Femail-signature%3Futm_medium%3Demail%26utm_source%3Dlink%26utm_campaign%3Dsig-email%26utm_content%3Demailclient&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Ca288c57ec40a4479a4f708d8d8d7cb9f%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637497768643253555%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Fa%2FqWKplyBrG5iaxTdYO4dTLKiK5gJnD1qNNwIeFl20%3D&reserved=0" originalSrc="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" shash="mUXl+Z/TfYbTwsWvsj0udfav5aQcHZ9IeY3GCBf/SlUMo3yuuRS8MLopv60B5nylMxT9VHJTG65kXjsQwcchuPJwksVEASGvxrQV+ZqcBICDx3Lid4F8P9CIuEUgkOTDaJUJuu4UT3ftEAjfiCleHfuj8xvsIU8rHOKGF4T7dg4=" originalsrc="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient" shash="vI4ueNITED7yYPtx1kkhwkcKNQGk/VWmZPLqrtAeglg72DQ87WXfxk6y5IGBWray0wyn8pYtQFXBwTJL4f7UKnECPZ+0NPG/pJav7Pkk2/SixOI4DmrqQ9UNPKaYcGNYSF8NClJCQ9z6wYrjIoe4U2cLWCA+jrdKEr2VM69c27A=" target="_blank" moz-do-not-send="true">
<span style="color:#4453EA">www.avg.com</span></a>
</span></p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<p class="x_MsoNormal">*** Options: <a href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech" target="_blank" moz-do-not-send="true">
http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech</a><br>
*** Archive: <a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Ca288c57ec40a4479a4f708d8d8d7cb9f%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637497768643253555%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=LEZDQkZPIFDRhLyVJAMXW7f%2F6ji5h4ub6QVmn3olpsQ%3D&reserved=0" originalSrc="http://www.eprints.org/tech.php/" shash="GOtZ+DziITh/Pw8IwVO4/Bc8J6wcFUdDN5hq3fve98ZPQHU7LIc6+A0Gk8XUwsTaMEF/Na3/F+TzWUuKpKBlPwFtH1Q2Qsa6YetoMnEV+P7XeM5IJOHn1SjcnIyCRngVoRmP7rE3pVp0klNaah0Yxd0N35gEN6bbdqPi7dtC7iw=" originalsrc="http://www.eprints.org/tech.php/" shash="BvAEB2Ainkr8nRBAAEWqMr8UOSDCi+vrzFvF/NaCohisSpTeU0t462i9ROlR5GxquxHIQTHVJt1IjaTB1WCmop6AxKovyihv8xsO7jHMsIBWn96YpRP1TFuPMplf31sjzrSWywvejNf1wx2BtyHy5Go+K8YPzpdYA2rzUg0xeF0=" target="_blank" moz-do-not-send="true">
http://www.eprints.org/tech.php/</a><br>
*** EPrints community wiki: <a href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Ca288c57ec40a4479a4f708d8d8d7cb9f%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637497768643263523%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=W0qIZuggXn5QmcrV5qFFPyyJ9rRxBaAT9ZO0068U0qQ%3D&reserved=0" originalSrc="http://wiki.eprints.org/" shash="Mn/vW6IcVECdocIjK//60SuHzR1t7H3JB+Vt96+0YoRcU+Vq0/j/4Mu4C9iCBXxUG0vkNhNwknjEk8jVOszXHsfXegLspIjRECkgUS3nrJ0J88fQBQ8lUnmIUQHVZDpo9rECkSnngm66/7f9azDZZi3DVdy/8smY4KqQLmSQnKw=" originalsrc="http://wiki.eprints.org/" shash="yM0tvRejbKBWgvmE6ff6nOmtpylzigu8PusKBJPp9sKasgs12OR/2iXp2wJSJ/obDzux+gNfdGyTmpbNDTkg0JraMaAXw6zpt1xtrr6FNv/NfXpAYjSxC68RHZouxtSfa7FETCn0sQI4ApT6eeAp117B/KwCfOdYBertkUUtkyk=" target="_blank" moz-do-not-send="true">
http://wiki.eprints.org/</a></p>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">*** Options: <a class="moz-txt-link-freetext" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech">http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech</a>
*** Archive: <a class="moz-txt-link-freetext" href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Ca288c57ec40a4479a4f708d8d8d7cb9f%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637497768643263523%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=tabsZ%2F%2FITs997K1ztiz1HrfgMyXecuCwA%2B9TcdZ%2BduU%3D&reserved=0" originalSrc="http://www.eprints.org/tech.php/" shash="rhcFXZ34jlceHRRS8OTjDzfyaKr4dHMpKR2N0VTxrXqiOUUBzqfp4k9NN2AvPR6/6DTivDR8B5rIOmo7yILDN6sNKySLEpPEIVZkdtPFjshJnwXGPwyrqIJLCe8cdUJoVDiur2GHhPUD9NnkZOVbMkgFHeYBNgu/atT5RaGdSVE=">http://www.eprints.org/tech.php/</a>
*** EPrints community wiki: <a class="moz-txt-link-freetext" href="https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=04%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Ca288c57ec40a4479a4f708d8d8d7cb9f%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637497768643273472%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=WUv1Q2lk%2Fl5hCqJZb12PIqXTm7q6jsWF1zvLqChveck%3D&reserved=0" originalSrc="http://wiki.eprints.org/" shash="J+nyJ9JKpGRAHpYYSxxoT1cYuPZImqhfvM1tR8jM4fT+YxsSIMmM5ly99gXAXF40biv1TwbE+HQ8bl80UgeJPQ1Xc1x6wxAzkQmOo1SSsy9w18gatRKvnCEWyPNPt2GOOBf527UtRMehOQ/DTvcK4ZUjFhw/dW1WfPsgm+cddRc=">http://wiki.eprints.org/</a></pre>
</blockquote>
</body>
</html>