Vulnerabilities > CVE-2019-18218 - Out-of-bounds Write vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1370.NASL description cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).(CVE-2019-18218) last seen 2020-06-01 modified 2020-06-02 plugin id 132258 published 2019-12-19 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132258 title Amazon Linux 2 : file (ALAS-2019-1370) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux 2 Security Advisory ALAS-2019-1370. # include("compat.inc"); if (description) { script_id(132258); script_version("1.2"); script_cvs_date("Date: 2019/12/23"); script_cve_id("CVE-2019-18218"); script_xref(name:"ALAS", value:"2019-1370"); script_name(english:"Amazon Linux 2 : file (ALAS-2019-1370)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux 2 host is missing a security update." ); script_set_attribute( attribute:"description", value: "cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).(CVE-2019-18218)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2019-1370.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update file' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:file-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:file-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:file-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:file-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-magic"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/21"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "2") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"AL2", reference:"file-5.11-35.amzn2.0.2")) flag++; if (rpm_check(release:"AL2", reference:"file-debuginfo-5.11-35.amzn2.0.2")) flag++; if (rpm_check(release:"AL2", reference:"file-devel-5.11-35.amzn2.0.2")) flag++; if (rpm_check(release:"AL2", reference:"file-libs-5.11-35.amzn2.0.2")) flag++; if (rpm_check(release:"AL2", reference:"file-static-5.11-35.amzn2.0.2")) flag++; if (rpm_check(release:"AL2", reference:"python-magic-5.11-35.amzn2.0.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file / file-debuginfo / file-devel / file-libs / file-static / etc"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2449.NASL description According to the versions of the file packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).(CVE-2019-18218) - The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.(CVE-2014-9620) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-04 plugin id 131603 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131603 title EulerOS 2.0 SP2 : file (EulerOS-SA-2019-2449) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(131603); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id( "CVE-2014-9620", "CVE-2019-18218" ); script_bugtraq_id( 71715 ); script_name(english:"EulerOS 2.0 SP2 : file (EulerOS-SA-2019-2449)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the file packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).(CVE-2019-18218) - The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.(CVE-2014-9620) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2449 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?03efe5c9"); script_set_attribute(attribute:"solution", value: "Update the affected file packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/04"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:file-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-magic"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["file-5.11-31.h2", "file-libs-5.11-31.h2", "python-magic-5.11-31.h2"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2019-554C3C691F.NASL description - fix heap-based buffer overflow in cdf_read_property_info() (CVE-2019-18218) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 130480 published 2019-11-04 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130480 title Fedora 31 : file (2019-554c3c691f) NASL family Fedora Local Security Checks NASL id FEDORA_2019-18036B898E.NASL description - fix heap-based buffer overflow in cdf_read_property_info() (CVE-2019-18218) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 130779 published 2019-11-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130779 title Fedora 29 : file (2019-18036b898e) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2278.NASL description According to the version of the file packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).(CVE-2019-18218) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2019-11-27 plugin id 131344 published 2019-11-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131344 title EulerOS 2.0 SP8 : file (EulerOS-SA-2019-2278) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1201.NASL description According to the version of the file packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).(CVE-2019-18218) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2020-03-13 plugin id 134490 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134490 title EulerOS Virtualization for ARM 64 3.0.2.0 : file (EulerOS-SA-2020-1201) NASL family Fedora Local Security Checks NASL id FEDORA_2019-97DCB2762A.NASL description - fix heap-based buffer overflow in cdf_read_property_info() (CVE-2019-18218) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 130484 published 2019-11-04 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130484 title Fedora 30 : file (2019-97dcb2762a) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4172-1.NASL description It was discovered that file incorrectly handled certain malformed files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 130428 published 2019-10-31 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130428 title Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : file vulnerability (USN-4172-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-1294-1.NASL description This update for file fixes the following issues : Security issues fixed : CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661). Non-security issue fixed : Fixed broken last seen 2020-05-31 modified 2020-05-22 plugin id 136788 published 2020-05-22 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136788 title SUSE SLED15 / SLES15 Security Update : file (SUSE-SU-2020:1294-1) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2019-1326.NASL description cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). (CVE-2019-18218) last seen 2020-06-01 modified 2020-06-02 plugin id 132321 published 2019-12-20 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132321 title Amazon Linux AMI : file (ALAS-2019-1326) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4550.NASL description A buffer overflow was found in file, a file type classification tool, which may result in denial of service or potentially the execution of arbitrary code if a malformed CDF (Composite Document File) file is processed. last seen 2020-06-01 modified 2020-06-02 plugin id 130289 published 2019-10-28 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130289 title Debian DSA-4550-1 : file - security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1381.NASL description According to the version of the file packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).(CVE-2019-18218) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2020-04-15 plugin id 135510 published 2020-04-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135510 title EulerOS 2.0 SP3 : file (EulerOS-SA-2020-1381) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1052.NASL description According to the version of the file packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).(CVE-2019-18218) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 132806 published 2020-01-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132806 title EulerOS Virtualization for ARM 64 3.0.5.0 : file (EulerOS-SA-2020-1052) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2525.NASL description According to the version of the file packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).(CVE-2019-18218) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-09 plugin id 131799 published 2019-12-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131799 title EulerOS 2.0 SP5 : file (EulerOS-SA-2019-2525) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0187_FILE.NASL description An update of the file package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 132541 published 2019-12-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132541 title Photon OS 2.0: File PHSA-2019-2.0-0187 NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-24.NASL description The remote host is affected by the vulnerability described in GLSA-202003-24 (file: Heap-based buffer overflow) It was discovered that file incorrectly handled certain malformed files. Impact : A remote attacker could entice a user to process a specially crafted file via libmagic or file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-03-19 modified 2020-03-16 plugin id 134601 published 2020-03-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134601 title GLSA-202003-24 : file: Heap-based buffer overflow NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-677.NASL description This update for file fixes the following issues : Security issues fixed : - CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661). Non-security issue fixed : - Fixed broken last seen 2020-05-31 modified 2020-05-26 plugin id 136875 published 2020-05-26 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136875 title openSUSE Security Update : file (openSUSE-2020-677) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1969.NASL description An issue has been found in file, a tool to determine file types by using magic numbers. The number of CDF_VECTOR elements had to be restricted in order to prevent a heap-based buffer overflow (4-byte out-of-bounds write). For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 130182 published 2019-10-24 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130182 title Debian DLA-1969-1 : file security update
References
- https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780
- https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html
- https://www.debian.org/security/2019/dsa-4550
- https://usn.ubuntu.com/4172-1/
- https://usn.ubuntu.com/4172-2/
- https://security.netapp.com/advisory/ntap-20200115-0001/
- https://security.gentoo.org/glsa/202003-24
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00044.html
- https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VBK6XOJR6OVWT2FUEBO7V7KCOSSLAP52/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV6PFCEYHYALMTT45QE2U5C5TEJZQPXJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6BJVGXSCC6NMIAWX36FPWHEIFON3OSE/