Vulnerabilities > CVE-2009-1284 - Buffer Errors vulnerability in Bibtex 0.99
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Exploit-Db
description | BibTeX - (.bib) File Handling Memory Corruption Vulnerability. CVE-2009-1284. Dos exploit for linux platform |
id | EDB-ID:10203 |
last seen | 2016-02-01 |
modified | 2009-11-13 |
published | 2009-11-13 |
reporter | Vincent Lafevre |
source | https://www.exploit-db.com/download/10203/ |
title | BibTeX - .bib File Handling Memory Corruption Vulnerability |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-094.NASL description Multiple vulnerabilities has been discovered and fixed in tetex : Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file (CVE-2009-1284). Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow (CVE-2009-3608). Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file (CVE-2010-0827). Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file (CVE-2010-0829). Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third-party information (CVE-2010-0739). Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739 (CVE-2010-1440). Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The corrected packages solves these problems. last seen 2020-06-01 modified 2020-06-02 plugin id 46330 published 2010-05-13 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46330 title Mandriva Linux Security Advisory : tetex (MDVSA-2010:094) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2010:094. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(46330); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:53"); script_cve_id( "CVE-2009-1284", "CVE-2009-3608", "CVE-2010-0739", "CVE-2010-0827", "CVE-2010-0829", "CVE-2010-1440" ); script_bugtraq_id( 34332, 36703, 39500, 39966, 39969 ); script_xref(name:"MDVSA", value:"2010:094"); script_name(english:"Mandriva Linux Security Advisory : tetex (MDVSA-2010:094)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities has been discovered and fixed in tetex : Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file (CVE-2009-1284). Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow (CVE-2009-3608). Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file (CVE-2010-0827). Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file (CVE-2010-0829). Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third-party information (CVE-2010-0739). Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739 (CVE-2010-1440). Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The corrected packages solves these problems." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:jadetex"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-afm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-context"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-dvilj"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-dvipdfm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-dvips"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-latex"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-mfwin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-texi2html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-usrlocal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-xdvi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xmltex"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0"); script_set_attribute(attribute:"patch_publication_date", value:"2010/05/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/05/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2008.0", reference:"jadetex-3.12-136.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"tetex-3.0-38.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"tetex-afm-3.0-38.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"tetex-context-3.0-38.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"tetex-devel-3.0-38.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"tetex-doc-3.0-38.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"tetex-dvilj-3.0-38.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"tetex-dvipdfm-3.0-38.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"tetex-dvips-3.0-38.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"tetex-latex-3.0-38.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"tetex-mfwin-3.0-38.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"tetex-texi2html-3.0-38.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"tetex-usrlocal-3.0-38.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"tetex-xdvi-3.0-38.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"xmltex-1.9-84.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"jadetex-3.12-145.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"tetex-3.0-47.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"tetex-afm-3.0-47.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"tetex-context-3.0-47.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"tetex-devel-3.0-47.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"tetex-doc-3.0-47.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"tetex-dvilj-3.0-47.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"tetex-dvipdfm-3.0-47.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"tetex-dvips-3.0-47.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"tetex-latex-3.0-47.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"tetex-mfwin-3.0-47.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"tetex-texi2html-3.0-47.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"tetex-usrlocal-3.0-47.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"tetex-xdvi-3.0-47.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"xmltex-1.9-93.1mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"jadetex-3.12-146.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"tetex-3.0-48.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"tetex-afm-3.0-48.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"tetex-context-3.0-48.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"tetex-devel-3.0-48.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"tetex-doc-3.0-48.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"tetex-dvilj-3.0-48.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"tetex-dvipdfm-3.0-48.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"tetex-dvips-3.0-48.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"tetex-latex-3.0-48.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"tetex-mfwin-3.0-48.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"tetex-texi2html-3.0-48.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"tetex-usrlocal-3.0-48.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"tetex-xdvi-3.0-48.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"xmltex-1.9-94.1mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"jadetex-3.12-147.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"tetex-3.0-49.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"tetex-afm-3.0-49.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"tetex-context-3.0-49.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"tetex-devel-3.0-49.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"tetex-doc-3.0-49.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"tetex-dvilj-3.0-49.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"tetex-dvipdfm-3.0-49.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"tetex-dvips-3.0-49.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"tetex-latex-3.0-49.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"tetex-mfwin-3.0-49.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"tetex-texi2html-3.0-49.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"tetex-usrlocal-3.0-49.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"tetex-xdvi-3.0-49.1mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"xmltex-1.9-95.1mdv2010.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2009-10730.NASL description - Fri Oct 23 2009 Jindrich Novy <jnovy at redhat.com> 2007-46 - add missing dependency on kpathsea - Thu Oct 15 2009 Jindrich Novy <jnovy at redhat.com> 2007-45 - make kpathsea not dependent on texlive - fix lacheck again (#451513) - fix dvips configuration (#467542) - update kpathsea description and summary (#519257) - use upstream patch to fix pool overflow CVE-2009-1284 (#492136) - don last seen 2020-06-01 modified 2020-06-02 plugin id 42786 published 2009-11-13 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42786 title Fedora 10 : texlive-2007-46.fc10 (2009-10730) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-937-1.NASL description It was discovered that TeX Live incorrectly handled certain long .bib bibliography files. If a user or automated system were tricked into processing a specially crafted bib file, an attacker could cause a denial of service via application crash. This issue only affected Ubuntu 8.04 LTS, 9.04 and 9.10. (CVE-2009-1284) Marc Schoenefeld, Karel Srot and Ludwig Nussel discovered that TeX Live incorrectly handled certain malformed dvi files. If a user or automated system were tricked into processing a specially crafted dvi file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0739, CVE-2010-1440) Dan Rosenberg discovered that TeX Live incorrectly handled certain malformed dvi files. If a user or automated system were tricked into processing a specially crafted dvi file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-0827). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 46254 published 2010-05-07 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46254 title Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : texlive-bin vulnerabilities (USN-937-1) NASL family Fedora Local Security Checks NASL id FEDORA_2009-10857.NASL description - Fri Oct 23 2009 Jindrich Novy <jnovy at redhat.com> 2007-46 - add missing dependency on kpathsea - Thu Oct 15 2009 Jindrich Novy <jnovy at redhat.com> 2007-45 - make kpathsea not dependent on texlive - fix lacheck again (#451513) - fix dvips configuration (#467542) - update kpathsea description and summary (#519257) - use upstream patch to fix pool overflow CVE-2009-1284 (#492136) - don last seen 2020-06-01 modified 2020-06-02 plugin id 42787 published 2009-11-13 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42787 title Fedora 11 : texlive-2007-46.fc11 (2009-10857) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201206-28.NASL description The remote host is affected by the vulnerability described in GLSA-201206-28 (TeX Live: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in texlive-core. Please review the CVE identifiers referenced below for details. Impact : These vulnerabilities might allow user-assisted remote attackers to execute arbitrary code via a specially crafted DVI file, or cause a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 59701 published 2012-06-26 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59701 title GLSA-201206-28 : TeX Live: Multiple vulnerabilities
Statements
contributor | Tomas Hoger |
lastmodified | 2009-08-31 |
organization | Red Hat |
statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-1284 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520920
- http://secunia.com/advisories/34445
- http://security.gentoo.org/glsa/glsa-201206-28.xml
- http://www.openwall.com/lists/oss-security/2009/04/01/8
- http://www.ubuntu.com/usn/USN-937-1
- https://bugzilla.redhat.com/show_bug.cgi?id=492136
- https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00505.html
- https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00507.html